>if anyone is familiar with a program to do what I want it to do.
GPG will do it and is free.
>I have a friend of mine that does taxes and wants to send tax drafts out to
>his clients, but wants them to be secure. I am familiar with digital signed
>messages, but he would be required to keep a copy of all the digital
>signatures, not to mention asking his folks to go get the signatures in the
>first place.
A digital signature will only let the person authenticate that the file is from your friend and has not been tampered with; it will not prevent anyone from reading the file.
Encryption will prevent people from reading the file; it does not ensure that the file has not been changed.
What your friends needs to do is to encrypt and sign the files. That way only the recipient (who has the decryption key) can read them, and the recipient can guarantee that it has not been altered in transit.
>Ideally I'm trying to figure out a way that he can send them an encrypted
>message, they could get it and he could be reasonably certain only they
>could open it. The public / private key idea is a good one, but again it
>would require him having all their public keys. The idea is to find something
>as simple as possible for him to send and the recipient to receive & read.
Yes, public key encryption will let him do this. It requires a basic understanding what to do though.
>One service I came across, called Protectoria, looked promising.
Disclaimer: I only spent 5 minutes on Protectoria's site. I'm not a professional cryptographer but I have read a few books on it and have implemented AES, RSA and SHA-1, including RSA key generation.
1) Your friend has to trust Protectoria. They have all the unencrypted emails. What happens if they go bankrupt and one of your friend's client's enemies buys their assets?
2) I'm concerned about the PIN code. To have the PIN match the randomness of a 128-bit AES key, the PIN code would have to be 39 digits long (0-9). I can't see anyone transcribing that from a SMS message on their phone to type it in to a web page.
3) Unlike GPG which requires you to type in a passphrase, which you can memorize, I get the understanding that anyone who has access to the recipient's email and cell phone can read a Protectoria message.
>Any recommendations?
Fax or U.S. Postal Service. The U.S. government considers it good enough to use to send some classified data. Trying to get your friend's clients to install GPG and understand basic cryptography may be difficult.
Assuming that he can teach them, GPG does manage the keys, and has GUI interfaces to make it easier to use. He and all his clients would generate GPG public & private key pairs, and then securely exchange the public keys. That would be done in a face-to-face meeting, or phone, or another method as long as both parties are really, really, really sure that the other person is who they say they are.
When your friend has a file to send to a client, he would use GPG to encrypt the file using the client's public key*, and sign it with his private key. He would enter his passphrase to do this. When the client receives the file, the client would use GPG to decrypt the file and verify the signature. The client would enter her passphrase to do this.
I say "passphrase" because a password is too short to be secure. Ten random words from the diceware word list gives you over 2^128 possibilities. For example,
gpo get allah append track depth he'd maid ri yeats
is a 10-word passphrase generated from the diceware word list.
It's difficult but not impossible to remember something with that much randomness. You should write down your passphrases, but protect them like you would a stack of hundred-dollar bills or a signed, blank check. Lock the paper in a safe.
Good encryption products do not have back doors. If anyone forgets their passphrase, then they cannot access their keys. They can not decrypt or sign files. They will have to generate a new key pair.
Your friend must keep the unencrypted files because he cannot decrypt a file sent to one of his clients.
BTW, the passphrase vs. password argument applies to encrypted ZIP files. There are programs that will try dictionary attacks on encrypted ZIP files; they probably also try simple letter substitutions (digit 1 for letter l, digit 0 for letter o, etc.) and variant capitalization.
* This isn't exactly correct. Actually it most likely generates a random key for a symmetric cipher, encrypts the file with that, and finally encrypts the key with the client's public key. It has the same effect but it is much faster.
