Endpoint Encryption

 View Only

  • 1.  PGP Desktop 10.1.1 - Multiple E-mail Accounts / Services

    Posted Sep 07, 2012 11:44 AM

    Greetings,

     

    Wondering if the following is possible:

     

    PGP Desktop 10.1.1, using MS Exchange for backend email. We wish for a user to login to their personal exchange email account, say John Smith. This is working well, and John Smith's keys are used to encrypt/sign emails. The PGP Messaging service is well created and works well also.

     

    Next, we wish John Smith to login to exchange as himself, but then send email as another user. Exchange allows this, where the "Send As" permission is given to users, and they can then modify the "From" field in an outgoing email. In this case the From is a group account, let us say HappyGroup.

     

    HappyGroup is a distribution list in MS Exchange, meaning that any external emails sent to HappyGroup@acme.com will arrive in John Smith's email box as well as the other members of HappyGroup. HappyGroup has a PGP key pair.

     

    We would like to have John Smith login as himself, but when sending email have the ability to select (or have PGP recognize automatically) which keypair is being used to sign the email. (ie. When John decides to "Send as" HappyGroup, then HappyGroup's PGP key should be used to sign the message, not John Smith's).  Creating two services under PGP Messaging does not appear to work for this scenario, even though one can select the Default Key in a dropdown box. 

     

    The question is -- Can this be done?  How?


    Thanks in advance for any insight.

     

     



  • 2.  RE: PGP Desktop 10.1.1 - Multiple E-mail Accounts / Services

    Posted Sep 07, 2012 12:26 PM

    You can do that automatically in policy.

     

    Create another policy in your policy chain, Condition = Senders Address, ACtions = Encrypt to: Other Keys/Certificates, change to Key ID, and put in your created key ID for that Distribution Group.

     

     



  • 3.  RE: PGP Desktop 10.1.1 - Multiple E-mail Accounts / Services

    Posted Sep 07, 2012 02:15 PM

    Thanks Weevil. Looking at those options, I 'm not sure it will achieve what we are looking to do. In the policy, it is possible to select the Sender as a criteria, which is good. What we need to do is then SIGN with a specified key (the key belonging to the group). It does not appear to support that. If one selects SIGN, it will use the key assocaiated with the Exchange login account (ie. John Smith). The ENCRYPT TO allows a key to encrypt with in terms of the recipient, but that is a requirement for encryption rather than signing.

    Any other thoughts?  Thanks for the initial  quick reply -- much appreciated.

     



  • 4.  RE: PGP Desktop 10.1.1 - Multiple E-mail Accounts / Services

    Posted Sep 10, 2012 10:59 AM

    So you wish the Sign the email from this other key (the distribution group key)?  I dont think that is possible to be honest, that would open the door to some security loop holes.