I have setup Digital Signing. I would like to setup encryption as well, but I don’t know if it is necessary at this time. In summary, I want the ability to do the following two actions, that seem to be related:
ONE: I would like to send “Confidential / Password Protected” emails - Does the encrypt “lock icon” on an email result in “Confidential / Password Protected” emails being sent? Or does it just encrypt the email until it reaches the recipient’s server? I am trying to achieve the same Password Protected functionality as Gmail’s “Confidential” mode or Hotmail’s “Secure” sending.
The thing that confuses me most when I read the forum is that people keep mentioning that they have their “recipient’s key”. Why would I need a key from the people I am sending an email to send encrypted messages with EMClient, when Gmail and Hotmail can send Password Protected messages to any recipient without one?
TWO: I would like to encrypt the email until it reaches the recipient’s server - Is this already being done by default? If not, then which one does it: Digital Signing or Encryption?
Well, if you use your key to encrypt the message, how will the recipient open it? It is like password protecting a file, but not giving the person the password. And it is pointless to password protect something, and send the password along with the message! Anybody will be able to open that. But if the recipient has already given you a password, and you use that to protect the file, then they will be able to open it.
It is a little more complicated than that because you use the recipient’s public key. That key does not actually contain a password, so neither you nor anyone else will not know what their password is, but it encrypts the message in a way that only the recipient can open it. They will need to enter their password for the private key in order to view the message.
So to send someone an encrypted message, you first need their public key. They can either send it to you, or you can find it on a public key server. Encrypted messages are encrypted between your application and the recipient’s application. If it is intercepted, say by a server admin snooping around, or by someone having access to your account using a web interface, it will not be able to be opened.
Digitally signing a message is a little different. It does not encrypt the message so neither the recipient nor anybody else needs a key or a password to view the message. Signing a message does two things; it can verify the sender, and it will let you know if the message content has been tampered with while in transit.
Hope that makes sense. If you have any questions, please ask.
That makes sense. So, unless I want the recipient to open the email with a “password” digital signing should be enough to ensure that email is sent securely?
It depends on what you consider secure. Digital signing does not encrypt the message so anyone can intercept and read it. All it does is validate that the message is coming from you, and will inform the recipient if anyone has altered it while it was getting to them.