Password on a file

[Dana]

How can I make a file password protected I am sending
sensitive information through e-mail and I want the
receiving party to open the file with a password. I am
running Windows 98

[Kerry Liles]

You can use WINZIP to put the file in a password protected zip file.
Obviously you would have to send the password to that person using some
secure means and the receiver would also have to have winzip or some other
file "zip" program.

Or you could search the internet (see www.google.com ) for encryption
packages to encrypt the file and then send that. The problem with most of
the encryption schemes is that the receiver has to have the same software to
decrypt the file. Communicating the passwords or the keys can then be a
hassle.

"Dana" <dana...@hotmail.com> wrote in message
news:ab9201c20e28$afcfff40$a4e62ecf@tkmsftngxa06...

[John Selph]

If you are really concerned about secure file transmission look at
www.pgp.com, it's the standard for encrypted email. WinZip would be the
easier way, just be aware that there are available programs for breaking
winzip passwords which is a fairly trivial process.

"Kerry Liles" <kerry...@softwareNOSPAMspectrum.com> wrote in message
news:u$sV#oiDCHA.2004@tkmsftngp02...

[Justin]

John, how does this compare to using a digital signature and encryption,
through OE's features?

Tks
Justin

"John Selph" <sel...@hotmail.com> wrote in message
news:edsjA6jDCHA.1764@tkmsftngp02...

[S. Pidgorny [MVP]]

Built-in PKI support for X.509 certificates and piblic key encryption is
technically very similar to PGP (same algorithms etc.) but different concept
of trust: with X.509 PKI, you usually trust to a certification authority
whereas in PGP you build your trust yourself (NAI's attempt to
directory-enable PGP has basically failed).

With PGP/GPG, you can use just password-protected encryption (similar to
WinZip, but presumably "stronger"): with built-in facilities, you can't.

--
Svyatoslav Pidgorny, MS MVP, MCSE
-= F1 is the key =-

"Justin" <re...@toGroup.com.au> wrote in message
news:eahRwi1DCHA.2040@tkmsftngp04...

[Justin]

How do we implement PGP, and what of the public/private keys?

Tks
Justin

"S. Pidgorny [MVP]" <slav...@yahoo.com> wrote in message
news:#RrcJ81DCHA.1700@tkmsftngp04...

[Justin]

After a first look at the PGP site, can PGP be used to email someone outside
your organisation (eg family)?

Justin

"Justin" <re...@toGroup.com.au> wrote in message

news:#5zVzm2DCHA.1576@tkmsftngp04...

[x y]

Yes, but they need to have PGP and either PGP will need to find and download
your public key, or they will have to import it themselves. I believe you
can email them your public key and they can often just double-click on it to
import it. PGP does take a little learning, and it is not always as easy as
when you just clicked send to send an unencrypted email. In other words,
any encryption software is probably enough to confuse a PC user that is not
very computer-savvy.

You would probably not want to encrypt and sign every single email you send
out, as you have to enter your password when decrypting an incoming email
and when signing an outgoing email, and you need to back up your keys to a
safe place, as if your hard drive crashes, you may lose the ability to read
your email.

It is true that PGP is maybe not the best way to authenticate that the email
is really from you [as there is no person authenticating new certificates,
so anyone could theoretically set up a PGP certificate from, say,
your...@hotmail.com], but the encryption is sound, and it's free, unlike
other PKI setups which may require a yearly fee to a commercial certificate
authority.

"Justin" <re...@toGroup.com.au> wrote in message

news:Om1$g82DCHA.2712@tkmsftngp05...

[x y]

Depends on the file type. If this is a MS Office 97 or newer file, Office
documents with complex [non-dictionary word] passwords 8 characters or
longer are difficult to impossible to crack. Watch out though, because if
it's two years later and you've forgotten the password you used back then,
the file is lost.

"Dana" <dana...@hotmail.com> wrote in message
news:ab9201c20e28$afcfff40$a4e62ecf@tkmsftngxa06...

[Justin]

Thanks, but my first question on how to implement it- eg Do you still use
Outlook Express, and how do you choose to Encrypt, and how to decrypt. Also
I couldn't find a download for personal email on the PGP site, it seemed to
be all business server products ...

Cheers
Justin

"x y" <jamescag...@yahoo.com> wrote in message
news:#kf#FbAECHA.2232@tkmsftngp04...

[Justin]

One more bit to add- it looks like you have to get the McAfee Server
product- does your ISP get that?

J

"Justin" <re...@toGroup.com.au> wrote in message

news:#9Ts4uCECHA.2712@tkmsftngp04...

[S. Pidgorny [MVP]]

You can't count on your ISP suporting PGP: You need to install and configure
PGP on every computer, instruct users how to use it and build webs of trust.
According to the information that I have from other guys in my organisation,
NAI/McAfee discontinued commercial PGP and the key server product, so you
have to use GNU Privacy Guard (http://www.gnupg.org). Products supporting
GPG are coming from the members of OpenPGP consortium
(http://www.openpgp.org).

--
Svyatoslav Pidgorny, MS MVP, MCSE
-= F1 is the key =-

"Justin" <re...@toGroup.com.au> wrote in message
news:#yXfFuFECHA.824@tkmsftngp05...

[Justin]

Thanks for all that.

Justin

"S. Pidgorny [MVP]" <slav...@yahoo.com> wrote in message

news:uuzteZHECHA.2296@tkmsftngp05...

[x y]

I would first recommend searching google for pgp freeware [free for
non-commercial use] and installing it. That will tell you most of what you
need to know. PGP is not transparent, but it's not hard either, especially
for semi-technical people. It's a pretty solid piece of software, but every
piece of software you install is one more thing that can break.

To use PGP on a small scale, both the sender and recipient need to have it
installed, and both need to have walked through the wizard that starts the
first time PGP is run to generate a public and private key pair and to post
the public key to the PGP server. The first time you email someone a PGP
email, PGP may try to automatically find that person's public key on the
server, and if that fails, then you have to do a manual search, but it's not
that hard. If you prefer, you can email your public key to the person as a
text file and they can double-click on it to import it.

You can set up PGP to automatically encrypt and/or sign all outgoing emails,
but that requires entering a password every time you send or receive an
email, possibly twice. PGP adds a dropdown menu to Outlook that lets you
encrypt and/or sign a particular email before you send it.

Encrypting an email makes it unreadable except to the person you sent it to.
Signing an email is somewhat more easily forged but attempts to notify you
if the email is not from the person it claims to be or if the email has been
modified in transit, by adding a block of what looks like garbage code to
the bottom of the email. However, you have to look carefully at the line at
the top of the email or else you may neglect to notice that PGP is telling
you there is a problem with the email. CEOs and other people that are picky
about the look of their email may object to the garbage code at the bottom
of their signed email.

"Justin" <re...@toGroup.com.au> wrote in message

news:#yXfFuFECHA.824@tkmsftngp05...

[S. Pidgorny [MVP]]

Agree, and here's the locations:

PGP freeware: http://www.pgpi.org/products/pgp/versions/freeware/
GNU Privacy Guard: http://www.gnupg.org

GPG is active development: try that first.

--
Svyatoslav Pidgorny, MS MVP, MCSE
-= F1 is the key =-

"x y" <jamescag...@yahoo.com> wrote in message
news:etmyRmuECHA.2596@tkmsftngp05...