Desktop Email Encryption

I am currently on site with a customer and have run into something odd. One of their partners has a so-called "domain key" - a key to which email to anyone within the organization can be encrypted and the appropriate user within the organization can read it. It's always been my understanding as per http://www.symantec.com/docs/TECH149885 that the UN server can send/encrypt to domain keys but not the other way around. The partner is refusing the keys.<domain> method of distributing individual keys and is unwilling to manually import and manage the individual users. Is this possible, if so, how? I've never seen it before and none of the "tricks" I can think of can do it. I guess maybe they might use an archive rule, maybe? But they don't seem to think that's how they did it and I am still not certain doing so would work, anyway... Any ideas are appreciated (especially if they're demonstrative of it being a flawed idea), thanks in advance, Stuart

HI Stuart,

It is possible set up a company wide central PGP key for email encryption / decryption.

Sometimes it's desirable to have a single PGP key that can be shared with an external party to secure email for the whole organization or company.

1. Under Consumers/Groups click the desired group, click "View" at "Keys"

2. Click "Add Group Keys"

3. Generate or import the desired Group Key here. Important note: "The Group key must not have email-addresses!!!"

4. Under Consumers/Groups click the desired group, click "View" at "Permissions"

5. The 2 at least required permissions are: "Can encrypt with managed key Company.key" and "Can decrypt with managed key Company.key"

6. Share the company key with the external sender. The external sender is required to configure a mail rule that either matches the email addresses of members of the Consumer Group or the recipient email domain and to encrypt with the company key for them.

http://www.symantec.com/docs/HOWTO77258

Thanks

Arif