Desktop Email Encryption

 View Only

  • 1.  Question on security of connection to email server

    Posted Feb 04, 2012 04:06 PM

    I work with a small business that has email hosting with network solutions. They don't offer an SSL connection to their server on the service we have. In reading the PGP email manual, it indicates that " . . . an SSL-protected connection not only protects any non-PGP encrypted messages on their way to the mail server or coming from it, but it also protects your mail server authentication passphrase when it is sent to the mail server." Does this mean that in the absence of an SSL connection that the passphrase is not secure when using PGP to encrypt email messages?

    Sorry for a simple question - but I am learning about email security. 



  • 2.  RE: Question on security of connection to email server

    Posted Feb 04, 2012 04:20 PM

    That is not what it means.  Any Internet email user must transmit their user account password to download email from their server.  If that server does not allow encryption of the sent account password (which SSL will do if the server allows), the user account password will be transmitted in the clear.  The PGP email proxy will automatically attempt to make an SSL connection with your server, but can't if the server doesn't allow for it. Using PGP does not make your email user password any more or any less secure.  This process has nothing to do with your PGP passphrase if that is your concern.



  • 3.  RE: Question on security of connection to email server

    Posted Feb 06, 2012 12:53 PM

    thanks. Really appreciate your help.

    Just so I'm clear - if i use PGP encryption on hosted email via a 3rd party (Network solutions, for example) - the content of emails will be secure and the absence of an SSL connection to Net Sol will in no way compromise the security of emails encrypted with PGP. Is that correct?



  • 4.  RE: Question on security of connection to email server
    Best Answer

    Posted Feb 06, 2012 01:10 PM

    When you are using the PGP Desktop email proxy for encryption, when you hit the Send button in your email client, the email is sent to PGP Desktop for encryption, and then after being safely encrypted, it is sent to your email server for delivery.  Incoming encrypted email is sent from your server still safely encrypted to PGP Desktop, is then decrypted, and then sent to your email client.  The presence or absence of SSL encryption has no effect on the secure PGP encryption.



  • 5.  RE: Question on security of connection to email server

    Posted Feb 06, 2012 01:43 PM

    thanks much!



  • 6.  RE: Question on security of connection to email server

    Posted Feb 06, 2012 01:46 PM

    Glad to be of help.