Can someone asnwer a question. If im using PGP gateway to encrypt outgoing emails etc, doesnt that mean that the reciever needs a PGP product to decrypt? How does the solution work?
Thanks In Advance
SEPM Knowledgebase Documents
Thanks but i dont plan on using PGP desktop, only the PGP gateway to encryp as it leaves. Are you saying that to use PGP gateway I must have PGP desktop installed on the workstation?
There are also policy settings that allow you to specify that if the recipient doesn't have a PGP Key, the message should be delivered through Web Messenger (a secure web-based email system hosted on the gateway server) or PDF Messenger (in which case the message is converted into an encrypted PDF). With these delivery options, the recipient doesn't need any PGP software.
I assume then the recipient would need to be in possesion of the password to decrypt the PDF?
If you use the Web messenger how do they know there is a message waiting for them?
Im guessing it sends them an email in the clear informing them there is a message waiting? Whats to stop that from being intercepted?
How does the Web Messenger process verfiy the identity of the person retrieving the message? The message could have been intercepted.
If you use webmessenger, the recipient will get an email saying "email@example.com has sent you a secure mail using PGP and you're password can be configured here"
If you use PDF messenger, you need to know the password (via a phone call or whatever)
There is no way to stop the email being intercepted. The inital email is not secure, and if you're very cautious i would contact the end user to verify they received the "welcome" email
Please mark posts as solutions if they solve your problem!
So webmessenger basically holds the email on a web service and it has to be opened via this web site? If I wanted a complete end to end solution using email gateway then I would need the recipient to be using a solution that is either PGP email gateway or capable of decrypting an email from a PGP email gateway and of course hold the necessary keys etc.
The recipient can be using a stand alone installation of PGP Desktop.
If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.
Search the Knowledge Base
ok so essentially your saying they must be using some form of PGP product within their environment to make the recieving and decryption of emails automated. If they dont then they must fall back to the webmessenger or PDF messenger option.
Yes, however, there are also third party (Open PGP compliant) software that may also meet your intent.
I thought that may be the case. In my situation I have ot assume that the reciever is a random user and very likely to have no encryption software installed. This raises another question. I bleive that the PGP gateway will encrypt the message if it knows the recipient's has PGP potential. How does the PGP gateway know this? I know it keeps a collection of keys but what im trying to understand is how it would "learn" this key in the first place. Is there a public key server that your public keys are automatially uploaded too? Something else?
By default, PGP will search the Global Directory if it does not find the key in your local keyring. The search is by the email address of the recepient. In the stand alone PGP Desktop installation, other public key servers can also be added for the key search. In a PGP Universal managed setting, this is quite configurable, typically searching the local keyring, then the locally maintained keyserver, then checking for a keyserver for the domain the email is addressed to, and possibly then other public keyservers such as the Global Directory. Of course, if the email recipient does not use PGP, he/she will not have generated a key to be found at any of these locations.
Please let us know if you have further questions on this. If you consider your concern sufficiently addressed, please use the Mark As Solution on the post most helpful in addressing your concern.