On Sun, May 05, 2002 at 04:18:37PM -0500, Bob Tanner wrote: > Quoting Robert P. Goldman (goldman at htc.honeywell.com): > > Thanks to Joel and Steve for suggesting this, but my problem is that > > these folks already are happily using whatever MS-thingie is in > > Outlook, and are not excited to try to figure out PGP/GPG and give up > > their existing practice just for my benefit. So I'm hoping there's > > some linux-y solution to encrypting and decrypting messages that will > > be readable (writeable) by Outlook w/o any plugins. > > If outlook is really using DES, do the users have to enter a pass-phrase to > decrypt the mail? Nope! You do have to enter a pass-phrase to create the certificate in the first place - I haven't seen any indication of having to re-enter the passphrase anywhere. I'll bet I have to if/when I renew the certificate. > DES is symmetric keys right? That would mean the private key is > somewhere on the Windows box so they can decrypt the mail. Steal the > private key and you don't have a secure connection. Actually, the private key is stored on the Exchange server - at least in the environment for the people I'm setting up. It's stored in your Contacts - which will either be in a PST on a local drive, or on the Exchange server. If it's on the server, it's as secure as your Windows login. > Given Windows security, key theft would not be all that hard. _I_ know that. However, it's better than nothing. We're currently undergoing a ... security initiative at work. It's being PHB time. > I know this doesn't answer your question, but this is why people use GPG. {grin} -- Scott Raun sraun at fireopal.org