Can you point me in the right direction? I am trying to learn how S MIME works for e-mail encryption and signing. I have not delved into this stuff, yet, so I just need an overview. Ultimately, I’d like to be able to use it to send "forgot password" e-mail securely to end users. Also, it would be very cool to be able to send e-mails that have encrypted username/passwords in a link, of course encrypting the e-mail so it is more secure than old school.
Do you know of any sites or documents that will give me good info on this?
Thanks a ton. I’m at a new venture now, and buying your components has brought back a ton of functionality for me. I don’t know how people make apps quickly without using tools like yours!
The first site I thought of is Wikipedia, and sure enough there’s a decent overview of S/MIME.
Unfortunately, I don’t think S/MIME is feasible for sending forgotten-password emails. The big problem is that each recipient must have his/her own digital certificate. You send S/MIME encrypted email using the recipient’s public key, and the recipient decrypts with his/her corresponding private key.
Encrypting the username/password on a link wouldn’t improve matters either, because an unintended recipient could still click on the link and proceed just like the intended recipient. The only thought that comes to mind is what you see everywhere: send a link in the email to a web page where the user must answer a security question prior to resetting the password. The link might still encrypt the username just to make it impossible for a snooper to see the login name.