Encrypted file as attachment

I have a situation where my new gig HR gal wants encrypted file information from me.

My own search for roundcube or some type of browser based encryption or encryption that will work with Outlook comes up short.

Apparently, roundcube has had issues with implementing file encryption on roundcube.

Right now the only options are: asymmetric encryption with Public/Private key or symmetric using a PW.

In either case I run the risk of confusing the HR gal with either a request for her Public key or requesting she call me for the PW in the case of symmetric encryption.

Any suggestions on how to get this done with less pain?

Maybe the best thing is to ask her how she handles secured content in general.

If she says

Here’s my public key for GPG/PGP stuff.

… then you’re good. I expect any symmetric GPG encryption is out of the question, unless she explicitly says she can do that and you should read her the password over the phone. I think symmetric GPG encryption is viable, but it will still require someone to have installed GPG utilities on her machine in order to decrypt — in which case, why isn’t she using a public key?

If she says

Here’s a secured webserver our company uses for incoming files to be uploaded.

… then maybe that’s OK too, without need for any encryption on your side at all (assuming you trust them enough to let only intended recipients read the uploaded contents, which I guess you should, since the end game is to divulge your secured contents to them anyways, either through her as your contact person or through whatever other means).

One thing I’ve been playing around with is miniLock – a Google Chrome app that is about as simple as it gets for public key encryption, but even that still requires she have Google Chrome installed, and the app installed, and has figured out the UI. It was dead simple for me, but even trying it out with my wife (a non-techie) before trying to get my parents to adopt it, it wasn’t obvious that upon decrypting a file you still have to “download” it from the miniLock app to the local computer to see the decrypted contents, and that those decrypted contents are saved to the folder where Google Chrome saves downloads for that user.

Using miniLock will still require her to generate a miniLock ID in advance and communicate that to you so that you can encrypt it for her (and you) as a recipient. The miniLock ID is the public key in this scheme.

Here’s mine, if you want to try it out:


1 Like