ertificates. SecurPC, YEO, and Entrust/Solo do secure e-mail only as attached encrypted files, while Netscape's Communicator Suite and Microsoft's Internet Explorer (IE) 4.0/Outlook combination can exchange encrypted
or signed e-mail -- but it can't encrypt files.
Entrust/Solo
A spin-off of Nortel, Entrust has a Canadian location that permits it to export cryptography with minimal limits. Entrust sells enterprise security tools for building certification authorities (CAs) and clients for using the certificates.
Solo
encrypts or decrypts and signs or verifies signed files using Entrust-format public keys and file formats only. You can compress encrypted files and drag directory hierarchies into encrypted archive files, do a secure delete, or administer your own or others' Entrust-formatted keys. Solo uses the RSA public-key-encryption algorithm, although other (higher-priced) Entrust clients can add Directory Server Agent (DSA) support. Support for stream ciphers, used to encrypt the actual files, includes DES, Triple-DES, and three strengths (64-, 80-, and 128-bit keys) of CAST, a patented encryption algorithm that's owned by Entrust (but with a free version ava
ilable for both commercial and noncommercial use).
Solo offers an easy entry point for secure communications with Entrust organizations.
Solo
runs on Windows 95 only; other Entrust clients work on the Mac, Unix, and Windows 3.x.
Microsoft Outlook/IE 4.0
Microsoft's IE 4.0 (see "Microsoft's Free-Lunch Browser,"June BYTE),
Outlook
, and Outlook Express are all more-than-adequate clients for most uses. To catch up with Netscape's S/MIME-based secure e-mail function, Microsoft added S/MIME support for digital signatures and public-key encryption of e-mail sent and received among Outlook clients.
Unlike stand-alone solutions, the Microsoft and Netscape products both need a CA, such as Verisign or Thawte, to issue you an X.509 certificate that lives in the client software. Once you get the certificate, you must load it into your Outlook e-mail account properties before you can do any cryptography. Microsoft's S/MIME implementation may not win pri
zes or solve all security needs, but it makes the IE 4.0/Outlook combination
competitive
with Netscape's Communicator.
Netscape Communicator
Netscape created Internet client cryptography, building Secure Sockets Layer (SSL) into Navigator 1.0. This year, S/MIME e-mail made its way into Navigator and Messenger in the Communicator suite.
Communicator
makes it look easy: You just click on the Security menu-bar option for easy access to all security (including S/MIME) functions. You manage certificates and toggle the defaults for encryption and digital signatures on your e-mail and news postings, although you can modify the default for some messages by clicking on the Message Sending Options in Communicator's Composition application. Netscape did a
better job
of implementing S/MIME than Microsoft did, while supporting the same features. As tested, neither solves all your crypto needs, but both can do what they claim: S/MIME e-m
ail encryption and digital signatures.
Norton Your Eyes Only
Symantec's
Norton YEO
for Windows 95 encrypts data so transparently that at first I thought it wasn't working. When you log on to YEO, you get access to all files encrypted in place, as well as to any files stored in auto-encrypt directories, but access is seamless throughout. I had to copy an encrypted file to disk and open it on another PC to be sure it was encrypted.
If you don't log onto YEO on boot-up, you can access unencrypted data on the system, but you must reboot to get to encrypted data. YEO does clever things with its desktop integration, including figuring out which file a shortcut icon points to and encrypting it instead of the shortcut.
Like Entrust/Solo, YEO can encrypt and digitally sign e-mail -- but only as a file attachment. YEO will not interoperate with any other encryption program and can't import standard certificates or keys (although a companion product, Norton Your Eyes Only
Administrator, offers central key distribution and master access to YEO-protected desktops or data).
YEO uses
the RSA public-key algorithm and offers a choice of data-encryption algorithms, including RC4, RC5, and DES. YEO can protect your desktop data, but lack of interoperability keeps it out of the running as an all-around crypto tool.
PGP for Personal Privacy 5.0
I enjoyed using
PGP
with the same sense of unease with which I enjoy sushi: There's always a nagging sense that it's bad for me in the long run. With plug-ins for Qualcomm's Eudora and Microsoft's Outlook e-mail clients (and Netscape Messenger and Lotus cc:Mail plug-ins are coming soon), PGP is a click away at all times. With a key-management tool, you can go look for someone's PGP key or just grab it out of e-mail with the plug-in. PGP's desktop integration enables you to encrypt and/or sign any file or decrypt and/or verify any PGP-encrypted file; the clipboard integration does t
he same for cut chunks of files.
So what makes me uneasy? It's the standards. Even though
PGP
has millions of users, because S/MIME is bundled increasingly visibly in Microsoft Internet clients and in Netscape's WebPass ID (rolled out with CA Verisign), PGP's installed base looks mighty small. However, with standards decisions still up in the air, PGP's comprehensive and easy-to-use implementation puts it head and shoulders over the other products, and its availability outside the U.S. makes it an ideal choice for those who prefer stronger international protection but don't feel comfortable going for one of Entrust's heavier clients.
RSA SecurPC 2.0
The oddest thing about
SecurPC
, from RSA, is its relative lack of public-key cryptography. Other than public-key encryption of user keys, SecurPC does nothing but symmetric encryption: no signing of files, and no encrypting a file with someone else's public key.
SecurPC
recently
won approval for export of its full-strength encryption, making it attractive for international use. Otherwise, it functions like YEO, with encrypt files and directories, boot protection, screen lockout, and secure deletes.
SecurPC is activated only when you right-click on a file. One big feature is a self-extracting encrypted file, which can be decrypted by anyone with the secret key you select, making it possible to at least e-mail encrypted attachments to recipients who don't have SecurPC. Like YEO, SecurPC should suffice for simple desktop protection, but its lack of support for digital signatures and interoperability limits its usefulness as a stand-alone solution.
Cryptography Gets Personal
