Good point, yes I agree. If anyone has experience or even ideas about using Open Source software (like GPG) to send encrypted info from a server via email (or otherwise, but in my case to one recipient, not arbitrary recipients), please reply to this thread. I am not looking for a security howto, just some more specific experience or advice on these toolchains.
thank you, Ben On 11/29/06, Michael Miller <[EMAIL PROTECTED]> wrote:
Ben, There are a number of ways to get this done. It's a question of what you are tyring to protect and for how long. The other component of this is how to pass a message on a public network with out everyone reading it. As for HIPAA, no I would not give advise on a mailing list. HIPAA is a big ugly monster that requires lots of checking and rechecking to make sure your not doing something wrong. I hate auditors. Mike Miller On 11/29/06, Ben Barrett <[EMAIL PROTECTED]> wrote: > Yes, the data comes from an SSL session, and no data is in the URL. > I'm not sure, I think a simple text field. > Thank you for helping me assess the "big picture", I am just looking for a > small answer in this case. > I know about files and databases, for instance, and chose to ask about > encrypted emails. > I don't expect anyone to give hipaa advice on the mailing list! IANAL, > neither are you? > > OT: I heard on the radio, that Vermont is the last state where you can take > the bar & then practice law without going to law school, > the last place where they let you self-study, so to speak.... interesting. > > > Ben > > > On 11/29/06, Michael Miller < [EMAIL PROTECTED]> wrote: > > Ben, > > > > Are you then SSL encrypting the users session while the type in the > > secrets? What type of text box or form is the user presented with? > > You can take the data spit it into a text file that is then encrypted > > with PGP/GPG or with SSL. I would go with SSL because public private > > key cypher works when you have two party's. You could also redirect > > the user too a secure site via SSL and then stick the data into a > > database table. I'm guessing this is going to be a user who is on the > > Internet and connects too your server via a public network? Or is the > > user on a LAN? You said HIPAA, is this environment held by the HIPAA > > standards? This does make a difference because of how HIPAA is > > written. > > > > Mike Miller > > > > On 11/29/06, Ben Barrett < [EMAIL PROTECTED]> wrote: > > > Secrets are to be moved from the webserver to one specified inbox, > securely. > > > Small secrets, similar in length to a phone number. It could be hipaa > > > delivery > > > of client info or a financial transaction, for instance. > > > > > > Ben > > > > > > > > > > > > On 11/29/06, Michael Miller <[EMAIL PROTECTED] > wrote: > > > > > > > > What are you trying to do? I think you might get an answer if you > > > > explain what your tyring to do or list of requirements. > > > > > > > > Mike Miller > > > > > > > > On 11/28/06, larry price <[EMAIL PROTECTED] > wrote: > > > > > Does it absolutely have to be GPG or would any block cipher encoding > > > work? > > > > > > > > > > I've used openssl for encrypting database backup files and the same > > > > > technique could be applied here. > > > > > > > > > > for example: > > > > > > > > > > script_with_secret_output.sh | openssl aes-256-ecb -e -a -salt > -pass > > > > > env:SALEPASS |mail -s`date +%Y%m%d; echo accountsummary` > > > > > [EMAIL PROTECTED] > > > > > > > > > > and then once it's at it's destination and you've stripped it out of > > > > > the mail body into a file with the subject as it's name: > > > > > > > > > > openssl aes-256-ecb -d -a -salt -pass pass:f00bar < > > > 20061128accountsummary |less > > > > > > > > > > to read it. > > > > > > > > > > That's a quick and dirty hack, if you were setting up something more > > > > > robust you would probably use your favorite scripting languages' > > > > > openssl binding to do pretty much the same thing and package it up > > > > > with a proper mime/type and make sure that the passphrase couldn't > be > > > > > read anywhere but at the keyboard. > > > > > > > > > > (OR just scp whatever to it's destination) > > > > > On 11/28/06, Ben Barrett < [EMAIL PROTECTED]> wrote: > > > > > > Has anyone used > > > http://www.awtrey.com/software/gpgsend.php > > > > > > or found better or similar solutions? Rot-13 need not apply :) > > > > > > > > > > > > thanks, > > > > > > > > > > > > Ben > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > EUGLUG mailing list > > > > > > [email protected] > > > > > > http://www.euglug.org/mailman/listinfo/euglug > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > EUGLUG mailing list > > > > > [email protected] > > > > > http://www.euglug.org/mailman/listinfo/euglug > > > > > > > > > _______________________________________________ > > > > EUGLUG mailing list > > > > [email protected] > > > > http://www.euglug.org/mailman/listinfo/euglug > > > > > > > > > > > > > _______________________________________________ > > > EUGLUG mailing list > > > [email protected] > > > http://www.euglug.org/mailman/listinfo/euglug > > > > > > > > > > > _______________________________________________ > > EUGLUG mailing list > > [email protected] > > http://www.euglug.org/mailman/listinfo/euglug > > > > > _______________________________________________ > EUGLUG mailing list > [email protected] > http://www.euglug.org/mailman/listinfo/euglug > > > _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
_______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
