Endpoint Encryption

 View Only

  • 1.  PGP Desktop and DLP scanning

    Posted Feb 10, 2013 09:11 PM

    Could someone help explain something for me.  We plan to implemnt PGP desktop, PGP universal server and maybe PGp gateway. 

     

    If I only implement PGP desktop and send am email to someone, they would need to have a PGP desktop already (or something compatalbe) wouldnt they becuase I would need their oublic key to encrypt in the first place which by default means they installed PGP Desktop, created a key pair and then registered with the PGP global directory.  is that a fair summary?

     

    If they do not have PGP desktop but I need to encrypt a message then this is where the PGP gateway comes in by uasing the Web Messenger feature, or by encrypting the attachments.  Is that a fair summary?

     

    Now what happens if I have PGP Desktop,send to another user with PGP Desktop out on the internet but I want my SMTP gateway to do DLP scanning.  Is this where you integrate the gateway with the Universal server?  If I sent an email from my PGP desktop wouldnt it be encrypted with the recievers public key and therefor I cannot decrypt it?  How does this work?

     

    Thanks.



  • 2.  RE: PGP Desktop and DLP scanning

    Posted Feb 10, 2013 11:26 PM

    If I only implement PGP desktop and send am email to someone, they would need to have a PGP desktop already (or something compatalbe) wouldnt they becuase I would need their oublic key to encrypt in the first place which by default means they installed PGP Desktop, created a key pair and then registered with the PGP global directory.  is that a fair summary?

    Yes, for PGP public key  encryption, the recipient must have some PGP compatible software that will allow generation of a PGP key, and which can use the private key component to decrypt email encrypted to their public key.  The PGP Global Directory is one way to distribute the public key so that other's can encrypt to it.  However, the public key can also be emailed to others for use, placed on the web for others to download, be placed on their own keyserver, etc.

    If they do not have PGP desktop but I need to encrypt a message then this is where the PGP gateway comes in by uasing the Web Messenger feature, or by encrypting the attachments.  Is that a fair summary?

    The Web Messenger feature can be used for this.  If you send encrypted email attachments, the recipient will need some way to decrypt them, and for Windows users, this can be by encrypting files as Self Decrypting Archives.

    Now what happens if I have PGP Desktop,send to another user with PGP Desktop out on the internet but I want my SMTP gateway to do DLP scanning.  Is this where you integrate the gateway with the Universal server?  If I sent an email from my PGP desktop wouldnt it be encrypted with the recievers public key and therefor I cannot decrypt it?  How does this work?

    This Knowledge Base Article may help with the DLP question.  If you send an email encrypted to the recipient's public key, you may keep an non-encrypted copy of it.  However, if you want to be able to decrypt the sent encrypted email, you can also encrypt it to your public key, and will therefore be able to decrypt it.  An easy way to do this is by going to the Master Keys tab of PGP Options, and setting your public key as a Master Key.  Any encryption you do will also be encrypted to any key you set here as a Master Key.

     

     

     



  • 3.  RE: PGP Desktop and DLP scanning

    Posted Feb 11, 2013 07:26 PM

    When you say to use "Self Decrypting Archives" are you specifically tlaking about a function in PGP desktop to create these or just in general e.g. using Winzip to create a self decrypting archive.

     

    Regarding the DLP quesiton, if i understnad you correctly, I encrypt the message on my PGP desktop with MY public key, the DLP gateway recieves it, scans it, and the reencrypts it and sends to the recipiet.  I assume that when it reencrypts it that it encrpyts with the recipient public key.  It cant re encrypt with my public key since the recipient doenst have my corresponding private key.  If I set my master key as my public key no one will be able to decrpyt it since they dont have my private key.  Am i right or off the mark?

    Is there any email gateways for DLP purposes that support this other than the symantec solution?



  • 4.  RE: PGP Desktop and DLP scanning

    Posted Feb 11, 2013 08:15 PM

    My reference is to PGP Desktop's Self Decrypting Archive (SDA) option.

    The following quote from the the KBA I referred you to explains the DLP function.  It indicates that the DLP function related encryption occurs at the server level.  It does not require encryption at the PGP Desktop level. The encryption is to the public key of the recipient.  Since this encryption is at the server level, setting a Master Key for the PGP Desktop encryption does not apply.

    "With this integration, Symantec Messaging Gateway powered by Brightmail (SMG) sends outbound email to Symantec Data Loss Prevention. Symantec Data Loss Prevention scans the email, flags it for security violations or sensitivity, and then sends it back to Symantec Messaging Gateway. Symantec Messaging Gateway sends flagged email on to Symantec Gateway Email Encryption, either automatically or after administrator review. Symantec Gateway Email Encryption processes the email through mail policy. Symantec Gateway Email Encryption then sends status confirmation back to Symantec Data Loss Prevention that the message was encrypted and sent out in compliance with security requirements."

     

     

     



  • 5.  RE: PGP Desktop and DLP scanning

    Posted Feb 22, 2013 08:26 AM

    Do you have further questions on this?