SSL - Using PGP or not

Currently I have a domain with https access and PGP running on the Server. I have seperate pages under the domain for several clients, with a form on each page forwarding CC details through PGP on the Server to clients' email address. Having originally generated a PGP key pair when the pages was set up for them, they are then able to decrypt using a copy of PGP on their PC.

This is proving cumbersome in that some clients lose their copy of PGP from their PC and/or wipe their private key etc.

The rest of the world seems to simply use a secure site to send email to an email address where it is opened up by the email client in plain text without the need for the likes of PGP (I will be corrected on this). Question: is this secure enough?

I would welcome some advice on whether simply setting several forwarding options on the domain would be sufficient.

Thanks

I'm not 100% sure what new method you're contemplating. It seems that you want to simply drop encryption for the e-mail and send the same e-mail, just in plaintext?

thanks for responding ....

Currently, the emails are encrypted via PGP installed on the Server using an individual client's Public key that's been hung on the Server, then decrypted via the private part of the key manually, when it reaches their PC.

It seemed to be the case to me, that most other systems where ppl are directed to a secure server to send CC details are only using the encryption (and here my knolwedge is limited) ... used via the process of sending an email via a web form on an https site. Most other setups I've come across seem to have plain text emails coming in to their Inbox. Not so??

Expecting "users" to use PGP or GPG is a bit much.

A simpler approach is to have a well setup HTTPS site, with a login to control access.

Send an email to users with a nonce in the query string.
Have a URL with the nonce point to your webserver using HTTPS:

User gets mail, follows link, uses SSL/TLS, logs in, and read message securely.

Note, this does not prevent the clueless user from doing a copy of the message on the SSL server, and pasting it to some file on their insecure PC.

Ah ...now I begin to follow. Thank you.

1. Can anyone direct me to some plain english guide to sending such a one off string from a web form?

2. Is one then accessing the email via webmail ..? or am I off the track here?

3. Since the current secure site domain has to be shared between clients, how would one make sure a login is only to the relevant email and accessing a whole inbox?

thanks ...

1) You need a server-side scripting language to generate a random string.
2) Yeah but no but yeah but no - you are using a https connection - should be secure. My ISP doesn't bother with https for webmail, just plain old http.
3) You'll need a database for that.

The suggestion from fishtoprecords is basically to create a website.

Again, many thanks.

I understand the outline of what is required, but little beyond that

If there's any body passing by that can refer me to any tutorials or similar, I'm happy(ish) with some learning! :-)

Alternatively, should I perhaps spend money transfering the domain to a company that offers an easy interface for the very thing I'm requiring? (I've seached but I can't find anything so far).

All you really need is a programmer to do a tiny bit of programming for you. DevShed has hundreds of them, and it would not be very expensive to setup.

You could learn, but it may take a long time. What you need is very basic LAMP stuff.

Your current hosting vendor should be able to set you up with proper certs and SSL for that part.