Video Screencast Help

"Learn" incomming S/MIME certs?

Created: 04 Mar 2011 • Updated: 04 Mar 2011 | 1 comment
Battou's picture

Hi everyone,

but someone can help me with this.

We've got a PGP US 2.10 (might as well upgrade to 3.x if needed) in gateway placement using mainly PGP key material. But in the future we will have to use S/MIME signing/encrypting with one of our partners to exchange e-mails.

Now it would be nice if we could automate the learing of the involved S/MIME certs, so that we would not have to continually exchange certs.

We will probably have to start with exchanging our root certs (in my case the org cert public key I guess?) and somehow tell our PGP US to "learn" the other sides S/MIME certs from S/MIME signed emails.

Then we would need a rule which SIGNS e-mails to the partners domain with the senders cert, so that the other side can learn and then another rule which would search the subject for like "[PGP]" or sensitivity "confidential" and if no key found -> bounce.

I've read there was some sort of key/cert cash, but I'm not sure...

Any ideas?



Comments 1 CommentJump to latest comment

Demostenes's picture

Have you checked this? it migh help:

How to work with trusted keys and Certificates on PGP Universal Server

"See, the problem with speculation is you make a speck out of you and some guy named lation"