For users that does not use PGP, what would be the other channel to securely send them a document?

You assume that the document has to be sent via email. It sounds like you are only protecting against interception while the email is being sent (smtp). If that is the case, you only need secure transport and not necessarily encryption handled by the end user.

Can't you have them download the document from a web server you control over SSL? You still have to give them the URL and password in some manner, but at least you can remove the document from the webserver. They are going to have a clear text version of the document anyway, so it doesn't matter if you keep it in the clear on your webserver, but behind a password. You can control access and pull it down after they get it.


With regards to MS Office security, do not use Office 2003. The key-length is limited to 40-bits which is still a bit of work but technically can be brute-forced.

I have looked at Office 2007 file encryption and it seems suitable. It is difficult to determine for sure because to my knowledge the spec is not publicly available (if anyone knows different, I would love to look at it) but there is some documentation.

The key-lengths and cipher choices are appropriate. 2007 Word files (.docx) are now XML-based. The file encryption leaves some header information available (the user will know it is a .docx file and the filename), as well as a fingerprint of the file (so that if the key is entered wrong, it has something to match it to), but the contents of the file itself is otherwise encrypted.

As mentioned, creating a SDA (Self-Decrypting Archive) with PGP seems to perfectly meet your criteria but I believe it is only available with PGP (the $$$ one) and not GPG (the free one). If you have actual PGP, I'd go that route. Otherwise, file-encryption with Word seems safe.


Ahh - such a long-standing and knotty problem :)

A lot depends on your "threat model" - who and what you're worried about and who trust. It sounds like you aren't looking for encryption after they get the document, just while it is in transit. As I noted in my comment above, I would think you'd care about the privacy of your messages as well as the privacy of the document name and the document itself while in transit.

One thing you can probably count on is reasonable support for TLS in your browsers. So if there is a secure web services provider which always uses https that you both trust, that would work. But you might not want to trust, e.g., a state-controlled ISP or mobile provider in an oppressive country. See the Blackberry fights with the United Arab Emirates, for example.

E.g. if you both have gmail, and always access it with https, that may work. Google docs also can be accessed with https. Of course you may not trust Google, but there are many others out there (e.g. fastmail.fm) that you might trust.

If you both use some secure peer-to-peer protocol or instant messaging scheme, or mobile phone platform, that may well be more secure than email.