PGPmail works with all E-mail packages, and it offers toolbar-functional plug-ins for both Eudora and Netscape. (It's usually a cut-and-paste operation.) To use the program, you create keys for encrypting and decrypting messages. One key is your public key, which you give to people who want to send you secure messages. (Both parties must have PGP.) The second key, your private one, you keep and use to decode those messages. The keys are nothing more than mathematical formulas and look like a block of random text. Here's a segment of someone's public key:
mQCOAzJQhPMAAAEEAL3Lw2JMH
XHey6VBCsjIQq-Di6n5MiZ32p
If you want to send an encrypted message to someone using PGPmail, that person must first E-mail you his or her public key, which is stored on a PGP program. Whenever you send an encrypted message, the recipient uses his or her public key to decode your message.
In addition, the recipient must enter a pass phrase to decrypt the message. The pass phrase protects your private key.
If you E-mail sensitive documents to your customers and suppliers over the Internet, a program like PGP can ensure that the content of those documents remains confidential. Another option that PGP gives you is a "digital signature." The signature (a mathematical formula that works the same way your keys work) can be used when encrypting your entire message isn't necessary. For example, you want to send an announcement to all your customers that you've increased your prices. The actual message may not be a secret, but establishing that the message is indeed from you and not from a malicious competitor is important. In some states, like Florida, Georgia, and Utah, a digital signature is as legally binding as a written one.
If you're looking for something even easier to use than PGPmail, and something to encrypt more than just E-mail, you might want to try PCCrypto ($49; McAfee; 408-988-3832; www.mcafee.com). PCCrypto has a point-and-click setup and lets you choose between three encryption algorithms: 160-bit, 56-bit, or 40-bit. PCCrypto can encrypt E-mail messages and computer files, such as Word documents and spreadsheets. One of its biggest selling points is that, unlike PGP, someone receiving an encrypted message doesn't need to have PCCrypto to read it; the recipient needs only a password.
Of course, for that reason the program is not nearly as secure as PGP, because intruders can often guess passwords. Passwords tend to be mnemonic devices, for one thing, and there are also programs that guess at passwords, trying millions of letter combinations to find a match. Another disadvantage of PCCrypto is its choice of algorithms. Its 160-bit algorithms are foolproof, but with the federal law that prohibits sending those encrypted files overseas, the only alternatives are the 40-bit and 56-bit algorithms, which are weaker and not entirely secure. (McAfee, however, is in the process of getting government approval to export at 160-bit algorithms.)
For companies that don't want to spend a lot on security or don't keep sensitive information on machines that are accessible to the outside world, PCCrypto is a solid choice. For a highly secure option you might consider waiting until the end of June for the new release of SecurPC ($129; Security Dynamics; 617-687-7000; www.securid.com), which uses a 128-bit algorithm that has been licensed for export.
Like PCCrypto, SecurPC encrypts everything except executable files (files that run programs). It has an emergency-access option. If someone suddenly leaves your company, the administrator, CEO, or other appointed person has a special master key that allows access to the departed employee's encrypted files, important if, say, that person kept customer information on a hard drive rather than in a shared database.
The computer network that's absolutely impenetrable probably hasn't been invented yet. Still, a secured system will probably keep your confidential company records a whole lot safer than if you leave them afloat on an unprotected server. Or, for that matter, locked in the trunk of your car.
RESOURCES
There are hundreds of firewall and encryption programs currently on the market. The following manufacturers, in addition to the ones mentioned above, are among those that offer some of the best:
Firewalls:
Encryption:
Sarah Schafer (sarah.schafer@inc.com) is a staff writer at Inc. Technology.
