My dilemma,

I need to send, deemed confidential, information via e-mail (SMTP). This information is sitting as a file on AIX. Typically I can send this data as a e-mail attachment via what we term a "mail filter" using telnet. I now would like to somehow encrypt the data and send it to a e-mail address external to the company via the internet to a recipient that is probably using Microsoft Outlook. Obviously I what him to somehow decrypt it to be able to use/view the attachment. I have looked at PKI, but the concept is not totally clear to me, as where is the public and private keys held, what key is exchanged and when, how is this done in the context of sending e-mail using SMTP via telnet (is the key an attachment) how does the recipient know this is a key encrypted file and what key to use, how does this relate to the key in his possession, does he need extra software (example). I was looking at tar, compress, gzip, pax and other standard UNIX commands to achieve a password protected file, but have had no luck thus far. Please can you shed some light on at leased some of my question.

Regards

Hmmm..too bad no expert in encryption packages responded to this. I'm not sure what pki is. But this stuff generally flows like this. I would generate a pair of keys. One is my private key. I must keep that secret. The other key is my public key. I can give that out to everyone. It does not matter who knows it. So, for example, I might just publish it...on this website somehow.

Next, let's say you decide to send me a Private Message. Maybe you will just send it in plaintext. Or maybe you will use my public key to encrypt it. How does the recipient(me in this case) know? Well, let's look at two copies of a message, one encrypted and the other in plaintext... Now in my case I can combine my knowledge of computer science, mathematics, linguistics, and sematics to determine which is the encrypted message. But usually an encryption package will add a header and footer line around the encrypted message. (This includes uuencode, which is what I used to encrypt the above message. I removed the header and the footer.) The only encyption program I can think of that doesn't do this is the original crypt program in unix. And then typically I would feed the encrypted message, including that header and footer into the decryption program. To decrypt the message, I need my private key.

I have not used crypto packages very much. I see some folks putting the public key on their web sites, in signatures, etc. Publicizing your public key is similiar to the problem of publicizing your email address.

With email, by using the mime extentions, you can associate a content type with the email body or with email attachments. So you can send plain text, html, rich text, sometimes even Microsoft Word documents through email. Some encryption packages interact with email the same way. I hope this gets you started. If anyone out there who actually uses this stuff has anything to add, please jump in.