|
ASP Send Secure E-mail
All DotNetted hosting accounts include
the use of the AspEncrypt component which
can be used for just about any encryption
task including encrypting data before insertion
into a database or even encryption of a
whole file.
However, it's main use by our customers
is encrypting e-mail using SSL certificates
so that sensitive data, such as customers
credit card details, can be safely sent
from your web site to your local PC for
processing. Combined with the shared SSL
option this gives you the ability to securely
accept and forward your web site visitors
card details.
The following tutorial shows how you can
use the installed AspEncrypt and AspEmail
ASP components to send encrypted e-mails
from your web site - the encryption used
is the same as that used by https web pages
and is considered unbreakable, only recipients
of the mail with your certificate installed
will be able to read the e-mails.
The first thing you need to do is obtain
your own free personal e-mail certificate,
these can be obtained from Thawte :
http://www.thawte.com
To complete the application form you will
need the following information :
1) Type required is X.509 Format
2) When choosing CSP keep default (Microsoft
Enhanced Cryptographic Provider 1.0)
Once you have completed the application
and certificate has been issued you will
be sent an e-mail by Thawte with a link
to install the certificate - follow the
link and the cert will be installed to your
local PC, Internet Explorer and Outlook
/ Outlook Express.
Once the certificate is installed on your
PC you need to export the certificates public
key to a file within your hosting account
so that it can be used by your scripts to
encrypt your e-mail messages :
To do this go to Internet Explorer and
select Tools -> Internet Options ->
Content
Choose certificates and you'll be shown
the certificates installed on your PC -
select the one you just installed, then
select export.
An export wizard will start - select NOT
to export the private key, format should
be the default DER encoded binary X.509
(.cer) and select where the certificate
should be saved on your local machine.
You now need to upload .cer file to the
/private/ folder in your hosting account
so that it is available to your scripts.
A basic script is shown below showing the
methods used to call encryption, please
see our other tutorials for more information
on basic e-mail
methods and how to e-mail
the results from a form on your website
:
<%
' Create e-mail
Set Mail = Server.CreateObject("Persits.MailSender")
Mail.Host = "smtp.dotnetted.co.uk"
Mail.From = "me@mysite.co.uk"
Mail.Subject = "Encrypted E-mail"
Mail.AddAddress "you@yoursite.co.uk"
Mail.Username = "me@mysite.co.uk"
Mail.Password = "password"
Mail.Body = "Encrypted message Body
goes here !"
' Encrypt and send
e-mail using stored cert
Set CM = Server.CreateObject("Persits.CryptoManager")
Set Cert = CM.ImportCertFromFile("D:\path-to-your-cert-here\certname.cer")
Set Context = CM.OpenContext("mycontainer",
True)
Set Msg = Context.CreateMessage
Msg.AddRecipientCert Cert
Mail.SendEncrypted Msg
' Message is sent
- tidy up objects
Set Mail = Nothing
Set CM = Nothing
Set Context = Nothing
Set Cert = Nothing
Set Msg = Nothing
%>
For more information on the components
themselves, including the full object references
and additional sample scripts please see
the authors sites :
www.aspemail.com
www.aspencrypt.com
|
