1 |
On Thursday, 23 May 2019 16:40:23 BST Dale wrote: |
2 |
> Howdy, |
3 |
> |
4 |
> I'm trying to get some legal work done. I'm trying to do this over |
5 |
> email with a lawyer. For obvious reasons, I want to do this encrypted |
6 |
> but suspect they are not set up for this. |
7 |
|
8 |
Have you asked them? If they have some setup they use to ensure client |
9 |
confidentiality and data privacy, you'd be much better off to jump onto their |
10 |
system, rather than trying to negotiate the configuration of PGP and S/MIME |
11 |
with legal staff who may have zero technical capability and poor/uncooperative |
12 |
IT support. |
13 |
|
14 |
|
15 |
> They have two email accounts |
16 |
> that I know of. Is it possible to have one set of keys and one password |
17 |
> to work on two different email accounts with two different addresses? |
18 |
> Example, one account is greg@××××××.com and his paralegal helper is |
19 |
> ann@××××××.com. They are both on the same server and it is a private |
20 |
> server, not yahoo, gmail or something. |
21 |
> |
22 |
> I tried to google this but didn't see anything that answers this, which |
23 |
> makes me think this can't be done or isn't a good thing to do. |
24 |
> |
25 |
> Thanks much. |
26 |
> |
27 |
> Dale |
28 |
> |
29 |
> :-) :-) |
30 |
|
31 |
|
32 |
GnuPG can be configured with various subkeys. So, one gpg master key can have |
33 |
multiple subkeys, each with different email addresses and different or the |
34 |
same passwords. However, why would you need the same key for two different |
35 |
email recipients? |
36 |
|
37 |
You may want to clarify what it is you intend to encrypt? Email content? |
38 |
Documents? Both? |
39 |
|
40 |
You could encrypt email messages with gpg or S/MIME which uses TLS |
41 |
certificates - neither are easy unless the recipients are technically clued |
42 |
up. |
43 |
|
44 |
You could encrypt word documents with TLS certificates - MSWord and |
45 |
LibreOffice can work with those, but the certificate will need to be imported |
46 |
and accepted as 'trusted' in the OS certificate manager, unless it has been |
47 |
issued by one of the expensive CAs which are included in the MSWindows OS (I |
48 |
am assuming they are using MSWindows). Adobe reader is more difficult with |
49 |
TLS certificates. From what I recall it wants one of its own associated (and |
50 |
expensive) CAs to be used, or it will refuse to work. There are other PDF |
51 |
readers, but I don't know how receptive they are to free or self-signed TLS |
52 |
certificates. |
53 |
|
54 |
You could also use a zip application with a pre-shared password - 7zip is |
55 |
free, easy to use and will work with strong encryption, assuming the lawyers |
56 |
can install it on their systems. |
57 |
|
58 |
Rather than trying to navigate the complexity of setting up gpg or S/MIME |
59 |
certificates, configuring email clients, individual OS' certificate managers, |
60 |
training lawyers to use them and hoping they will not at some point click the |
61 |
send button while forgetting to encrypt the message, it may be much simpler to |
62 |
use 7zip for documents sent in unencrypted email. |
63 |
|
64 |
Alternatively, if you/they have access to a file server you could set up a |
65 |
secure area for uploading/downloading documents to/from, rather than pinging |
66 |
messages over various email servers. A server at your home address would be |
67 |
best, as you could lock it down to only accept connections from specific IP |
68 |
addresses and user accounts, which you will set up and control yourself. |
69 |
|
70 |
-- |
71 |
Regards, |
72 |
Mick |