Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

email encryption for shared mailbox

711 views
Skip to first unread message

PeteJ

unread,
May 8, 2008, 6:19:59 AM5/8/08
to
Hi,

Does anyone know a waiting of implementing email encryption for
messages sent to shared 'group' mailboxes. (e.g. 2 windows users Bill
& Ben both have access to read messages in a single shared mailbox
FlowerPotMen). My understanding is that Weed can send an encrypted
email (S/MIME) to FlowerPotMen using a public cert for FlowerPotMen -
this seems standard Outlook behaviour. But how do both Bill and Ben
read the message?. My understanding is that the email is encrypted
using a symmetric key that is itself encrypted using the recipients
public keys (i.e. FlowPotMen). However neither Bill or Ben have access
to private key of FlowerPotMen's email encryption key/pair? - I'm
guessing therefore that Outlook will barf?

Any ideas?

Leon Mayne

unread,
May 8, 2008, 8:46:05 AM5/8/08
to
"PeteJ" <peter...@eds.com> wrote in message
news:333b5a83-8b2f-4c64...@26g2000hsk.googlegroups.com...

You just wanted an excuse to use the Bill and Ben example didn't you?

In the scenario above couldn't the email be encrypted using Bill and Ben's
certs and dropped into the FlowerPotMen mailbox for them to pick up? I
suspect this wouldn't work out of the box but you might be able to write a
bespoke app for encrypting to particular recipients but sending to another
address (try the Chilkat assemblies).

PeteJ

unread,
May 9, 2008, 5:27:13 AM5/9/08
to
On May 8, 1:46 pm, "Leon Mayne" <l...@rmvme.mvps.org> wrote:
> "PeteJ" <peter.je...@eds.com> wrote in message

Yep - this would be the same as just sending to them individually.
But....

1) The sending system wouldnt know the group membership - also it may
be external organisations over which I have no control, hence a
standard email client is assumed for sending purposes.
2) The group membership is envisaged to be dynamic - such that if Bill
was removed from FlowerPotMen then he should not be able to read
emails previously sent to this group.

Is it somehow possible to deploy copies of FlowerPotMen key/pairs to
each group member - in a practical way such that they can be managed?

Thanks

Leon Mayne

unread,
May 13, 2008, 4:46:35 AM5/13/08
to
This all sounds quite specific, I'm not sure you can emulate this kind of
scenario easily using PKI & Exchange. Have you considered a bespoke
messaging application?

PeteJ

unread,
May 14, 2008, 11:39:51 AM5/14/08
to

Fraid a bespoke email client is a no go. Need to use MS Outlook 2007.
Was wondering if something like a custom CSP could be used to somehow
get at the group mailbox private key via some kind of secure service.

Leon Mayne

unread,
May 15, 2008, 5:12:15 AM5/15/08
to
"PeteJ" <peter...@eds.com> wrote in message
news:e1135136-b589-43c1...@b64g2000hsa.googlegroups.com...

> Fraid a bespoke email client is a no go. Need to use MS Outlook 2007.
> Was wondering if something like a custom CSP could be used to somehow
> get at the group mailbox private key via some kind of secure service.

Not sure. You could make an add-in for Outlook using .NET that encrypts to
the required certificates before sending the email?

0 new messages