On Thursday, 23 May 2019 16:40:23 BST Dale wrote: > Howdy, > > I'm trying to get some legal work done. I'm trying to do this over > email with a lawyer. For obvious reasons, I want to do this encrypted > but suspect they are not set up for this.
Have you asked them? If they have some setup they use to ensure client confidentiality and data privacy, you'd be much better off to jump onto their system, rather than trying to negotiate the configuration of PGP and S/MIME with legal staff who may have zero technical capability and poor/uncooperative IT support. > They have two email accounts > that I know of. Is it possible to have one set of keys and one password > to work on two different email accounts with two different addresses? > Example, one account is g...@hisisp.com and his paralegal helper is > a...@hisisp.com. They are both on the same server and it is a private > server, not yahoo, gmail or something. > > I tried to google this but didn't see anything that answers this, which > makes me think this can't be done or isn't a good thing to do. > > Thanks much. > > Dale > > :-) :-) GnuPG can be configured with various subkeys. So, one gpg master key can have multiple subkeys, each with different email addresses and different or the same passwords. However, why would you need the same key for two different email recipients? You may want to clarify what it is you intend to encrypt? Email content? Documents? Both? You could encrypt email messages with gpg or S/MIME which uses TLS certificates - neither are easy unless the recipients are technically clued up. You could encrypt word documents with TLS certificates - MSWord and LibreOffice can work with those, but the certificate will need to be imported and accepted as 'trusted' in the OS certificate manager, unless it has been issued by one of the expensive CAs which are included in the MSWindows OS (I am assuming they are using MSWindows). Adobe reader is more difficult with TLS certificates. From what I recall it wants one of its own associated (and expensive) CAs to be used, or it will refuse to work. There are other PDF readers, but I don't know how receptive they are to free or self-signed TLS certificates. You could also use a zip application with a pre-shared password - 7zip is free, easy to use and will work with strong encryption, assuming the lawyers can install it on their systems. Rather than trying to navigate the complexity of setting up gpg or S/MIME certificates, configuring email clients, individual OS' certificate managers, training lawyers to use them and hoping they will not at some point click the send button while forgetting to encrypt the message, it may be much simpler to use 7zip for documents sent in unencrypted email. Alternatively, if you/they have access to a file server you could set up a secure area for uploading/downloading documents to/from, rather than pinging messages over various email servers. A server at your home address would be best, as you could lock it down to only accept connections from specific IP addresses and user accounts, which you will set up and control yourself. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
