|
UPDATE: I can sign with my key. However, I just can't encrypt the message. WHY?
Anyway, when I try to encrypt the message that is when it says the key isn't there. |
|
|
|
|
|
I am using TB's Internal (RFC-1991).
|
|
|
|
|
|
I think I get it now. In order for me to encrypt an email Ritlabs would have to have my key as well. Right?
|
|
|
|
|
|
> It will let me sign the email it just won't let me
> encrypt, unless I send myself an email, only > then can I encrypt. > I only have one account at this time. Let me get this straight. You're sending an email to ritlabs and you have their public key in your keyring. But the key manager won't let you encrypt the email until you change the TO: field to your own email address? If this is correct, then what is propably happening is that the key manager is looking at the email address in the TO: field in order to decide which public key to use. But there is some problem identifying or using the ritlabs key, so you get an error. When you change the TO: field to your own address, the key manager selects your own public key and allows you to encrypt. The cause may be a corrupt or expired ritlab public key, or that the ritlabs address you're trying to use does not match the one which was used to create the key pair. Or it may be that it is the same bug I encountered with the key manager; that it only uses the default key, and you cannot change manually between keys. > OK. In the long run this sounds like the better > idea. However, where is a good place to get a free > certificate? Keep in mind I live in the USA. It doesn't matter where you live. I got mine from Comodo: Remember, the free one is for signing only; not encryption. For encryption you have to pay 7.20$ per year. Really an s/mime certificate is no different from a pgp key. The only difference is that a trusted 3rd party has created it and lent their name to it (the distributor's name appears when you view a signed-email's certificate). With pgp, anyone can create their own keys, so it is easier to spoof a signed email (pgp have a 'peer' system to validate keys that is really dumb; it involves going out to actually meet other users and showing them your passport/ID). BUT! The main problem with encryption remains, even with s/mime certificates: Everyone I know could encrypt to me if they wanted to, because I include my key at the bottom of my emails. Nobody does though, because they're ignorant or it's too much hassle. And even though I'm eager that everyone SHOULD use encryption/signing (spam and worms would disappear overnight), I can't even encrypt any of my emails to my recipients because THEY don't have keys to give me! So I can't even practice what I preach! The lazy are preventing the proactive! The system has to change so that I can encrypt emails with my own key and the recipient can decypt it somehow (that's the hard part) without having to do anything themselves. Once they start recieving encrypted messages from people, they'd get into it themselves and the practice would spread. At the moment, if I need to protect a document to someone who doesn't use keys, I just zip it, password the zip file and give them the password over the phone. It's the best you can do in that cirumstance. Maybe larger business use encryption more often? For personal-email, encryption is just not used at all. In fact there are quite a few people at my work place who don't even have email addresses. One or two don't even own a computer!  |
|
|
|
|
Yes and no. When I try to send it to Ritlabs it says they key doesn't exist. Which it does. I sent myself one to see if the problem was The Bat!'s encryption feature, or if it was just a Key Manager problem. When I sent myself one I could encrypt. So, it must be a Key Manager issue. As far as being an expired key it doesn't say that, it shows it as a key that doesn't expire. I understand what you mean about not being able to encrypt. Everybody in my social circle won't do it. The subject is over their head. So, they don't want to be bothered, and some of them don't use email clients that support such a feature. SO I had the means to do this but not the cooperation I needed to pull it off. So, what was the point in having such a feature if I can't use it? However, I found a solution you might be able to work with. It allows you to encrypt your email, and all your recipient has to know how to do is cut and paste. The only problem is the decrypting is done in their web browser, but it is easier to learn how to do that, than having to get a certificate, import it into their email client, and work out the kinks that go with learning such things. The website to that solution is here: Anyway, it may not be the idea solution, but so far it has been the only one I can use to send encrypted email to the people in my contact list. I found other solutions, but it involved them having to have that software to decrypt the email, and having to know far too many complicated things to even bother with the idea. |
|||
|
|
|
|
> Yes and no. When I try to send it to Ritlabs it says
> the key doesn't exist. Which it does. That is a similar behaviour to the problem I experienced I think. The key manager is supposed to match the TO: email address with addresses in your keyring. But the only one it can 'see' is the one you've marked as 'default'. You're also supposed to be able to select it manually too, but for some reason, my key manager did not let me select other keys at all. > that solution is here: Interesting idea to use your browser md5 capability to decrypt instead of dedicated software or plugins; this way you *know* the recipient has the necessary software to decrypt! Very nice! You still have to get a password to them somehow though, yes? The webpage asks for a 'key' to decypt? This is the technique that I use, although I can't vouch for this particular software (having said that, the encryption looks stronger on this program than the one I've used for years, so I might give it a go). The zip method has the advantage that you can encrypt any kind of document or files, whereas shyfile only works with text I think. The disadvantage is that you have to send an executable to your recipient, and that's always bad practice because it might make them nonchalent about double clicking attachments. However, the flaw with both these methods is the exchange and storage of the passwords which decrypt the files. I guess we keep searching! |
|
|
|
|
Yes, a key is necessary. However, Shyfile generates a key for you, assuming you want to use that as your key. With Shyfile you can even use a file as a key as well. However, if you want to generate the key and use it long term (i.e. somebody you would encrypt email to regularly), I would suggest generating the key and saving it to a flash card or a USB (preferably one that encrypts files) flash drive and sending it to the recipient by mail or in person. If you send it by mail send it registered mail, and have somebody sign for it. This way if it has been lost or stolen they can trace the culprit, and you would know immediately to discard the key at that point.
Yes and no. Some files can be decrypted with Shyfile in this same manner, and some can not, and the ones that can not, the person would have to have Shyfile installed to decrypt. I don't remember which ones can and which ones can't. However, for attachments I don't use Shyfile I use Cryptainer PE. With that program all they need is a password to decrypt the file. Their website is here: I do want to warn you that if you get Shyfile you will have to have Microsoft .NET Framework installed to use Shyfile. There are two different Shyfile downloads. One that includes MS .NET Framwork and one that doesn't. If you don't have MS .NET Framework installed on your computer and all you have is dial-up access, then you will want to pass on the Shyfile experience. I have it now because we got DSL Internet. |
|||||
|
|
|
||||