On Tue, 21 Apr 2009 08:39:25 -0400, Bob McConnell wrote: >I have been asked by a product manager what our options are for >encrypting email messages with sensitive information. We are currently >using PHPMailer to send email. What can be done to encrypt those >messages? Can it be done without OOP? > >Server configuration: > RHEL 5 > Apache 2.0 > PHP 5.2.3 > PHPMailer 1.73
Use S/MIME, and nearly all of your clients will be able to decrypt your emails. There are a few exceptions: Forté Agent still doesn't handle S/MIME, and Eudora needs a plug-in to handle it. However, all mainstream email programs support it directly, without need to install new software. You need to generate (or purchase - I prefer generate for free in OpenSSL) email certificates for encrypting emails, then distribute the certificates to allow people to decrypt them. Once they have the key, the emails generally just automatically decrypt when you view them (depending on the email program). NB: give your clients individual certificates, and keep the public keys to encrypt the emails to them. PHP has support for this, and it's easy to use: http://au2.php.net/manual/en/function.openssl-pkcs7-encrypt.php Apparently, PHPMailer supports it too so check that out. -- Ross McKay, Toronto, NSW Australia "Let the laddie play wi the knife - he'll learn" - The Wee Book of Calvin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
