Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

PGP Gateway

Created: 10 Jan 2013 | 12 comments

Can someone asnwer a question.  If im using PGP gateway to encrypt outgoing emails etc, doesnt that mean that the reciever needs a PGP product to decrypt?  How does the solution work?

Comments 12 CommentsJump to latest comment

Ashish-Sharma's picture

Check this 

Sending Encrypted Email
After installation, PGP Desktop Email Email inserts itself between your email client and your mail server and watches your email traffic.
When incoming messages arrive, PGP Desktop Email Email intercepts them before they get to your inbox and automatically attempts to decrypt and verify them; it uses your private keys to decrypt and the public keys of others to verify. When it is done with your messages, PGP Desktop Email Email delivers them to your inbox.
In most cases, you do not have to do anything special; decrypted incoming messages will appear in your inbox just like any other incoming messages.
When you send outgoing messages, PGP Desktop Email Email intercepts them on the way to your mail server and automatically attempts to encrypt and sign them, based on configured policies.
Again, you do not have to do anything special; just create your messages using your email client and send them—PGP Desktop Email Email handles everything else.
Details of how PGP Desktop Email Email transparently handles your incoming and outgoing messaging is found in the following sections
AttachmentSize
pgpDesktopEmailWin_1020_quickstart_en.pdf 447.28 KB

Thanks In Advance

Ashish Sharma

gunnahafta's picture

Thanks but i dont plan on using PGP desktop, only the PGP gateway to encryp as it leaves.  Are you saying that to use PGP gateway I must have PGP desktop installed on the workstation?

dfinkelstein's picture

There are also policy settings that allow you to specify that if the recipient doesn't have a PGP Key, the message should be delivered through Web Messenger (a secure web-based email system hosted on the gateway server) or PDF Messenger (in which case the message is converted into an encrypted PDF).  With these delivery options, the recipient doesn't need any PGP software.

--------

David Finkelstein

Symantec R&D

gunnahafta's picture

Thanks David,

I assume then the recipient would need to be in possesion of the password to decrypt the PDF?

If you use the Web messenger how do they know there is a message waiting for them? 

Im guessing it sends them an email in the clear informing them there is a message waiting?  Whats to stop that from being intercepted?

How does the Web Messenger process verfiy the identity of the person retrieving the message? The message could have been intercepted.

Thanks.

Alex_CST's picture

If you use webmessenger, the recipient will get an email saying "blah@blah.com has sent you a secure mail using PGP and you're password can be configured here"

If you use PDF messenger, you need to know the password (via a phone call or whatever)

There is no way to stop the email being intercepted.  The inital email is not secure, and if you're very cautious i would contact the end user to verify they received the "welcome" email 

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

gunnahafta's picture

So webmessenger basically holds the email on a web service and it has to be opened via this web site?  If I wanted a complete end to end solution using email gateway then I would need  the recipient to be using a solution that is either PGP email gateway or capable of decrypting an email from a PGP email gateway and of course hold the necessary keys etc.

Tom Mc's picture

The recipient can be using a stand alone installation of PGP Desktop.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

gunnahafta's picture

ok so essentially your saying they must be using some form of PGP product within their environment to make the recieving and decryption of emails automated.  If they dont then they must fall back to the webmessenger or PDF messenger option.

Tom Mc's picture

Yes, however, there are also third party (Open PGP compliant) software that may also meet your intent.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

gunnahafta's picture

I thought that may be the case.  In my situation I have ot assume that the reciever is a random user and very likely to have no encryption software installed.  This raises another question.  I bleive that the PGP gateway will encrypt the message if it knows the recipient's has PGP potential.  How does the PGP gateway know this?  I know it keeps a collection of keys but what im trying to understand is how it would "learn" this key in the first place.  Is there a public key server that your public keys are automatially uploaded too?  Something else?

Tom Mc's picture

By default, PGP will search the Global Directory if it does not find the key  in your local keyring.  The search is by the email address of the recepient.  In the stand alone PGP Desktop installation, other public key servers can also be added for the key search.  In a PGP Universal managed setting, this is quite configurable, typically searching the local keyring, then the locally maintained keyserver, then checking for a keyserver for the domain the email is addressed to, and possibly then other public keyservers such as the Global Directory.  Of course, if the email recipient does not use PGP, he/she will not have generated a key to be found at any of these locations.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

Tom Mc's picture

Please let us know if you have further questions on this.  If you consider your concern sufficiently addressed, please use the Mark As Solution on the post most helpful in addressing your concern.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &