There is no easy way to send encrypted e-mail from ASP.NET, you would have
to write that functionality yourself or buy something that does that for
you. I assume you want to accomplish two things by encrypting the e-mail:
protect the data in transit and prove that the e-mail is authentic and
unmodified. Encrypting an e-mail means that only the recipient can view the
plaintext message. To do this, the recipient must provide you with his or
her public key, if they have one. Signing an e-mail means that the recipeint
can prove that the message came from you and has not been modified since you
signed it. Signing requires that you make your public key available to the
recipient.
Obviosuly, implementing encryption and signing means you need to modify your
application to handle and store user private keys. Another problem is that
to sign outgoing e-mails you need to keep your private key on the web server
and the web application needs to be able to read it. This could be a risk if
someone ever compromised your web server. If that happened, the intruder
could send fake e-mails and sign them with your signature.
You can sign and encrypt e-mails this with PGP and S/MIME. Using S/MIME
requires functions from CryptoAPI that the .NET framework doesn't expose. It
is a fairly complex process if you are not familiar with encryption and
public key concepts. As for PGP, I have seen people integrate that into
their application by shelling out to the gpg or pgp command line. Here are
some links for that:
http://www.15seconds.com/issue/011002.htm http://www.codeproject.com/csharp/gnupgdotnet.asp
One problem with PGP is that the recipient needs to have it installed on
their end to view the plaintext message.
Although I would love to see every web site use encrypted e-mail, it just
isn't practical or pervasive enough to implement yet. Furthermore,
encrypting an e-mail doesn't guarantee the safety of the data once it is
sitting in the user's inbox. The best solution is to simply not send
sensitive information in an e-mail. One alternative is to send the use a
temporary link to a web page that displays the information to the user over
an SSL connection.
Mark Burnett
Hacking the Code: ASP.NET Web Application Security
http://www.hackingthecode.com
"Michael" <go****@kuli24.de> wrote in message
news:26**************************@posting.google.c om...
Hi folks,
i have to build a web-application for the internet where the user
gets a form where he can fill in his name, adress and so on.
He also can provide a credit number.
The data will be sent over SSL pgp
On the server i want to put all the stuff into a mail and send it
to the company. This should also be encrypted somehow.
I read some articles about asp.net encrypted mail, but didnt really find a
asp.net fitting answer.
Does the .NET Framework provide any classes for that?
Has anyone done anything like that? csharp
Any other ideas how i could resolve that problem?
session cookie token asp.net web application security
thx in advance vb.bet
Michael
