Hi,
Below is my understanding on PGP Web messenger and PDF messenger.
1. Web messenger is by default to be enabled in PGP UN for the Gateway email.
By default it is NOT enabled, you have to manually enable it
2. If the emails are to be secured through Gateway email, then web messenger/pdf messenger to be enabled.
No, not necessarily, using PDF and Web messenger are the KNF (Key not Found) options. They dictate what will happen to an email when the recipient does NOT have PGP or a key.
3. If web messenger is enabled, then the end/external user after receiving the secured email (there wont be any message content in the received email), he/she has to enroll the passphrase with PGP web messenger server (only one time enrollment for the single external email address) and after enrolling, the message can be read through web messenger web page.
This is correct, first email they receive they will get asked to create a passphrase, then all future email correspondance between that universal server and the recipient will be through web messenger
4. If the PDF messenger is enabled, then the external user receives the email (there wont be any message content in the received email) with PDF attached and he/she has to open the attached PDF to read the message content and the same passphrase which was used to enroll with web messenger to be used.
No, with PDF messenger the user will receieve an encrypted PDF attachment. The passphrase has to be transferred by other means (usually the telephone) PDF Messenger and Web Messenger are 2 different things, I do not believe they use the same passphrase. You would not want to have the same recipient using both features anyway, it should be one or the other.
5. If the PDF messenger with certificate deliver is used, then he/she receives the secured email along with PDF attached and even one more html page to get the one time password to read that PDF message alone. After clicking that link and up on copying that passphrase, he/she uses the same one to read the PDF message content.
No, because then anyone could intercept this unencrypted email, get the passphrase and be able to read all encrypted email between the universal server and that recipient. The passphrase has to be transferred on a method that is NOT email
6. So web messenger is definitely required for the external users (atleast once, theyhave to enroll their passphrase) even through we use the PDF messenger.
No, you can use PDF messenger and not use web messenger if you want.
7. Up on receiving the temporary passphrase for a single PDF message, he/she can store the passphrase somewhere in document and offline (without internet connectivity), they can open the PDF message with that passphrase.
Correct, they do not need an internet connection to read the PDF, as long as they know the passphrase.
8. Rest all scenarios, the receipient client should have the internet to read the secured email.
If they are using web messenger, yes.
9. Web messenger only used for the secure mail reply.
Correct
10. Web messenger will always be used for all the kind of secure email messaging.
For KNF options, yes.
11. PDF messaging will be used only in the scenarios like "any banking statements" or "any other attachment which needs to be secured over network" and "any financial info" etc.
It's usually so that the recipient can be 100% sure that the PDF has not been tampered with. It uses a file fingerprint so that even if 1 byte is different, the fingerprint will be completly different and wont match.
Pl add any other points, which explains the web messenger and pdf messenger functionalities and their usage in real world.
Thanks!
Web messenger is much more popular than PDF messenger. PDF messenger is really only used for sending secure PDF files that must not be altered, usually financial things.