Video Screencast Help
Search Video Help Close Back
to help

PGP Gateway

Created: 10 Jan 2013 | 12 comments
gunnahafta's picture
gunnahafta
0 0 Votes
Login to vote

Can someone asnwer a question.  If im using PGP gateway to encrypt outgoing emails etc, doesnt that mean that the reciever needs a PGP product to decrypt?  How does the solution work?

Discussion Filed Under:
,

Comments 12 CommentsJump to latest comment

Ashish-Sharma's picture
Ashish-Sharma
PGP Gateway - Comment:10 Jan 2013 : Link

Check this 

 

Sending Encrypted Email
After installation, PGP Desktop Email Email inserts itself between your email client and your mail server and watches your email traffic.
When incoming messages arrive, PGP Desktop Email Email intercepts them before they get to your inbox and automatically attempts to decrypt and verify them; it uses your private keys to decrypt and the public keys of others to verify. When it is done with your messages, PGP Desktop Email Email delivers them to your inbox.
In most cases, you do not have to do anything special; decrypted incoming messages will appear in your inbox just like any other incoming messages.
When you send outgoing messages, PGP Desktop Email Email intercepts them on the way to your mail server and automatically attempts to encrypt and sign them, based on configured policies.
Again, you do not have to do anything special; just create your messages using your email client and send them—PGP Desktop Email Email handles everything else.
Details of how PGP Desktop Email Email transparently handles your incoming and outgoing messaging is found in the following sections
AttachmentSize
pgpDesktopEmailWin_1020_quickstart_en.pdf 447.28 KB

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents  

 

0
Login to vote
gunnahafta's picture
gunnahafta
PGP Gateway - Comment:14 Jan 2013 : Link

Thanks but i dont plan on using PGP desktop, only the PGP gateway to encryp as it leaves.  Are you saying that to use PGP gateway I must have PGP desktop installed on the workstation?

0
Login to vote
dfinkelstein's picture
dfinkelstein Symantec Employee
PGP Gateway - Comment:10 Jan 2013 : Link

There are also policy settings that allow you to specify that if the recipient doesn't have a PGP Key, the message should be delivered through Web Messenger (a secure web-based email system hosted on the gateway server) or PDF Messenger (in which case the message is converted into an encrypted PDF).  With these delivery options, the recipient doesn't need any PGP software.

 

--------

David Finkelstein

Symantec R&D

0
Login to vote
gunnahafta's picture
gunnahafta
PGP Gateway - Comment:10 Jan 2013 : Link

Thanks David,

 

I assume then the recipient would need to be in possesion of the password to decrypt the PDF?

 

If you use the Web messenger how do they know there is a message waiting for them? 

 

Im guessing it sends them an email in the clear informing them there is a message waiting?  Whats to stop that from being intercepted?

How does the Web Messenger process verfiy the identity of the person retrieving the message? The message could have been intercepted.

 

Thanks.

0
Login to vote
Alex_CST's picture
Alex_CST Partner Accredited
PGP Gateway - Comment:11 Jan 2013 : Link

If you use webmessenger, the recipient will get an email saying "blah@blah.com has sent you a secure mail using PGP and you're password can be configured here"

If you use PDF messenger, you need to know the password (via a phone call or whatever)

There is no way to stop the email being intercepted.  The inital email is not secure, and if you're very cautious i would contact the end user to verify they received the "welcome" email 

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

0
Login to vote
gunnahafta's picture
gunnahafta
PGP Gateway - Comment:14 Jan 2013 : Link

So webmessenger basically holds the email on a web service and it has to be opened via this web site?  If I wanted a complete end to end solution using email gateway then I would need  the recipient to be using a solution that is either PGP email gateway or capable of decrypting an email from a PGP email gateway and of course hold the necessary keys etc.

0
Login to vote
Tom Mc's picture
Tom Mc Symantec Employee Technical Support
PGP Gateway - Comment:14 Jan 2013 : Link

The recipient can be using a stand alone installation of PGP Desktop.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base

0
Login to vote
gunnahafta's picture
gunnahafta
PGP Gateway - Comment:15 Jan 2013 : Link

ok so essentially your saying they must be using some form of PGP product within their environment to make the recieving and decryption of emails automated.  If they dont then they must fall back to the webmessenger or PDF messenger option.

0
Login to vote
Tom Mc's picture
Tom Mc Symantec Employee Technical Support
PGP Gateway - Comment:15 Jan 2013 : Link

Yes, however, there are also third party (Open PGP compliant) software that may also meet your intent.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base

0
Login to vote
gunnahafta's picture
gunnahafta
PGP Gateway - Comment:16 Jan 2013 : Link

I thought that may be the case.  In my situation I have ot assume that the reciever is a random user and very likely to have no encryption software installed.  This raises another question.  I bleive that the PGP gateway will encrypt the message if it knows the recipient's has PGP potential.  How does the PGP gateway know this?  I know it keeps a collection of keys but what im trying to understand is how it would "learn" this key in the first place.  Is there a public key server that your public keys are automatially uploaded too?  Something else?

0
Login to vote
Tom Mc's picture
Tom Mc Symantec Employee Technical Support
PGP Gateway - Comment:16 Jan 2013 : Link

By default, PGP will search the Global Directory if it does not find the key  in your local keyring.  The search is by the email address of the recepient.  In the stand alone PGP Desktop installation, other public key servers can also be added for the key search.  In a PGP Universal managed setting, this is quite configurable, typically searching the local keyring, then the locally maintained keyserver, then checking for a keyserver for the domain the email is addressed to, and possibly then other public keyservers such as the Global Directory.  Of course, if the email recipient does not use PGP, he/she will not have generated a key to be found at any of these locations.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base

0
Login to vote
Tom Mc's picture
Tom Mc Symantec Employee Technical Support
PGP Gateway - Comment:18 Jan 2013 : Link

Please let us know if you have further questions on this.  If you consider your concern sufficiently addressed, please use the Mark As Solution on the post most helpful in addressing your concern.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base

0
Login to vote