From: tedd [] 
> At 9:49 AM -0400 4/21/09, Bob McConnell wrote:
> >From: tedd
> >>  At 8:39 AM -0400 4/21/09, Bob McConnell wrote:
> >>>I have been asked by a product manager what our options are for
> >>>encrypting email messages with sensitive information. We are
> >>>using PHPMailer to send email. What can be done to encrypt those
> >>>messages? Can it be done without OOP?
> >>
> >>   From within a php script, it's not a problem to encrypt a text
> >
> >>  and send it as email. The sending of the email and the encrypting
> >>  contents are two different issues. You may want to look at it that
> >>  way.
> >
> >But can it be done so the recipient's email client will automatically
> >open and decrypt the message? How do you make it as seamless as
> >for them, preferably so they don't even realize the message was
> >encrypted?
> At some point both parties (sender/receiver) must know (agree) what 
> the encrypting mechanism is.
> If I was writing a script to do this for a client, I must have 
> control over both the send and receive scripts and then I could 
> deliver the email to the client seamlessly. They would never know 
> what happened in the background.
> However, if your client wants to send stuff to anyone and have it 
> encrypted without knowing who the receiver is going to be, then there 
> is no way to do this. Both the sender and receiver must agree on the 
> encrypting mechanism either by providing passwords OR by you having 
> access to both the sending and receiving scripts. As I see it, there 
> is no other way.

These will be targeted emails for selected recipients, primarily in the
Security and Public Safety offices. But they will be sent via public
mail servers, so the content must be protected.

Knowing the first site where this would go for field trials, I suspect
most recipients are using some version of Microsoft Outlook. But other
sites down the road are likely to have different clients. That end is
completely outside of my control or influence. All I can do is recommend
packages for them to download and install. I already know I need to get
a public key from each recipient before I can encrypt their messages,
but that's as far as I have gotten. I did glance at the GPG site
earlier, and it appears they only support the version of Outlook in
Office 2003.

I have a feeling this is going to get messy, at least on the deployment

Thanks for the pointers,

Bob McConnell

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to