tags:

views:

50

answers:

3
+1  Q: 

email encryption for medical lab company

we need to encrypt the emails that contain PDFs that are coming from our laboratory management system to our clients. we do not have access to our clients machines. we dont want to issue everyone passwords because 1. they might forget it, 2. we dont want them to have to enter the password every time they view the PDF. is there a free or NOT free way to encyrpt these emails so that the client does not have to do anything to be able to open them?

is there a pdf tool that will allow for the receiving party to just enter the password ONCE and not have to do it at all after that>?

+3  A: 

This might be a better question for Server Fault or Super User, but PGP is still an pretty easy way to encrypt emails.

Nick Berardi  2010-08-19 16:04:32
+3  A: 

Using password-based PDF encryption is probably not secure, as the passwords would have to be very complex to avoid brute-forcing.

Instead, issue each user an SSL certificate and use S/MIME to encrypt each email. The certificate can be installed into Thunderbird or the Windows store on the client machine. If it's stored w/o a password, decrypting the email will be automatic. Certificates can also be revoked this way.

Borealid  2010-08-19 16:07:23
we do not have access to cliebnts machines
I__  2010-08-19 16:08:30
You don't strictly need to access their machines. You just need to send someone to their offices with a briefcase handcuffed to her wrist containing the certificates.
ladenedge  2010-08-19 16:27:42
You're going to need to put *something* on the client machine. In order to do symmetric encryption you need a shared secret. Operative term "shared". Meaning both of you have it. In order to do asymmetric encryption, you still need a key on both ends.
Borealid  2010-08-19 16:52:02
+1  A: 

A roundabout route would be to create a web app that hosted the PDFs, and email them the link to the PDF. Then you can do what you want with the security on the site, depending on how secure you need it to be.

It could range from as simple as something known only to them (lab ID number followed by user ID number), all the way through to something more complex (and secure) such as a password force-changed on a regular basis.

Plus, that brings the exercise firmly back into the realm of stackoverflow :)

Geoff  2010-08-19 17:43:33

related questions

Zend_Pdf_Page::drawContentStream() Example?
Convert a .doc or .pdf to an image and display a thumbnail in Ruby?
Placing a PDF inside another PDF document with Zend_PDF
Open source PDF library for C/C++ application?
Opening a PDF in WPF Application
How to best merge information, at a server, into a "form", a PDF being generated as the final output
How does one decrypt a PDF with an owner password, but no user password?
How does google make make those awesome PDF reports in Analytics and when you print a Google Doc etc?
What's a good method for extracting text from a PDF using C# or classic ASP (VBScript)?
File format for generating dynamic reports in applications
Automated PDF Creation from URL
How do I display a PDF in Adobe Flex?
Latex=>PDF Rights management
Why is my PDF footer text invisible?
Python module for converting PDF to text
What's the best way to import/read data from pdf files?
Are e-book readers good enough for tech books?
PDF generation from XHTML in a LAMP environment
Create PDFs from multipage forms in WebObjects
Printing a PDF in .NET
PDF Creation Tutorials?
PDF Editing in PHP?
Organizing Documents
Get a preview jpeg of a pdf on windows?
How do I programmatically create a PDF in my .NET application?