[Eug-lug] sending encrypted emails from a webserver

Ben Barrett stircrazyben at gmail.com
Wed Nov 29 10:20:06 PST 2006 

Yes, the data comes from an SSL session, and no data is in the URL.
I'm not sure, I think a simple text field.
Thank you for helping me assess the "big picture", I am just looking for a
small answer in this case.
I know about files and databases, for instance, and chose to ask about
encrypted emails.
I don't expect anyone to give hipaa advice on the mailing list!  IANAL,
neither are you?

OT:  I heard on the radio, that Vermont is the last state where you can take
the bar & then practice law without going to law school,
the last place where they let you self-study, so to speak.... interesting.

    Ben


On 11/29/06, Michael Miller <mike.mikemiller at gmail.com> wrote:
>
> Ben,
>
> Are you then SSL encrypting the users session while the type in the
> secrets?  What type of text box or form is the user presented with?
> You can take the data spit it into a text file that is then encrypted
> with PGP/GPG or with SSL.  I would go with SSL because public private
> key cypher works when you have two party's.  You could also redirect
> the user too a secure site via SSL and then stick the data into a
> database table.  I'm guessing this is going to be a user who is on the
> Internet and connects too your server via a public network?  Or is the
> user on a LAN?  You said HIPAA, is this environment held by the HIPAA
> standards?  This does make a difference because of how HIPAA is
> written.
>
> Mike Miller
>
> On 11/29/06, Ben Barrett <stircrazyben at gmail.com> wrote:
> > Secrets are to be moved from the webserver to one specified inbox,
> securely.
> > Small secrets, similar in length to a phone number.  It could be hipaa
> > delivery
> > of client info or a financial transaction, for instance.
> >
> >     Ben
> >
> >
> >
> > On 11/29/06, Michael Miller <mike.mikemiller at gmail.com> wrote:
> > >
> > > What are you trying to do?  I think you might get an answer if you
> > > explain what your tyring to do or list of requirements.
> > >
> > > Mike Miller
> > >
> > > On 11/28/06, larry price <laprice at gmail.com > wrote:
> > > > Does it absolutely have to be GPG or would any block cipher encoding
> > work?
> > > >
> > > > I've used openssl for encrypting database backup files and the same
> > > > technique could be applied here.
> > > >
> > > > for example:
> > > >
> > > > script_with_secret_output.sh |  openssl aes-256-ecb -e -a -salt
> -pass
> > > > env:SALEPASS |mail -s`date +%Y%m%d; echo accountsummary`
> > > > offshore_email at example.com
> > > >
> > > > and then once it's at it's destination and you've stripped it out of
> > > > the mail body into a file with the subject as it's name:
> > > >
> > > > openssl aes-256-ecb -d -a -salt -pass pass:f00bar <
> > 20061128accountsummary |less
> > > >
> > > > to read it.
> > > >
> > > > That's a quick and dirty hack, if you were setting up something more
> > > > robust you would probably use your favorite scripting languages'
> > > > openssl binding to do pretty much the same thing and package it up
> > > > with a proper mime/type and make sure that the passphrase couldn't
> be
> > > > read anywhere but at the keyboard.
> > > >
> > > > (OR just scp whatever to it's destination)
> > > > On 11/28/06, Ben Barrett < stircrazyben at gmail.com> wrote:
> > > > > Has anyone used
> > http://www.awtrey.com/software/gpgsend.php
> > > > > or found better or similar solutions?  Rot-13 need not apply :)
> > > > >
> > > > > thanks,
> > > > >
> > > > >    Ben
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > EUGLUG mailing list
> > > > > euglug at euglug.org
> > > > > http://www.euglug.org/mailman/listinfo/euglug
> > > > >
> > > > >
> > > > >
> > > > _______________________________________________
> > > > EUGLUG mailing list
> > > > euglug at euglug.org
> > > > http://www.euglug.org/mailman/listinfo/euglug
> > > >
> > > _______________________________________________
> > > EUGLUG mailing list
> > > euglug at euglug.org
> > > http://www.euglug.org/mailman/listinfo/euglug
> > >
> >
> >
> > _______________________________________________
> > EUGLUG mailing list
> > euglug at euglug.org
> > http://www.euglug.org/mailman/listinfo/euglug
> >
> >
> >
> _______________________________________________
> EUGLUG mailing list
> euglug at euglug.org
> http://www.euglug.org/mailman/listinfo/euglug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://euglug.org/pipermail/euglug/attachments/20061129/74c6207b/attac=
hment.htm

More information about the EUGLUG mailing list