On 08/31/2015 02:13 PM, Ted Andrews wrote: > > > Thanks for the quick response, Martijn. I'm still unclear. > > The docs state that if PGP is checked, "outgoing email is encrypted". > Does that mean that if a message is received encrypted with a PGP > key, the message is not automatically decrypted?
If an email comes in, it's decided whether the email is for an internal recipient or an external recipient. Email for internal recipients is handled by the internal pipeline and decrypted if encrypted and if a private key for decryption is available. Email for external recipients is handled by the external pipeline and is encrypted if some sort of rule says that the email must be encrypted and if encryption is possible. Whether or not a recipient is internal or external is defined by the "Locality" property (by default, a recipient is considered external). Typically you would add a domain object for every domain you receive email for and set the Locality of the domain to "Internal". To come back to your question, email encrypted with PGP for internal recipients is decrypted. Email for external recipients is encrypted (either with S/MIME, PGP, PDF etc.). > Also, where are the PGP keys maintained? On the individual > recipient's machine or on the server running CipherMail? If the > later, how are keys managed? Does each user need to add their key and > the associates keys manually? Because it's a gateway product, all keys are maintained on the gateway. With a gateway solution the administrator maintains the keys and sets the policies. For example, a policy can be defined to always encrypt email sent to a particular domain. Hardcore PGP users might consider storing keys on a gateway a no-go. Whether or not this is acceptable depends on your requirements. The best way to look at it is to consider the keys to be corporate keys (more or less similar to DKIM). For additional security, you might consider storing and generating the keys inside an HSM which is a hardware device that securely stores keys. Kind regards, Martijn Brinkers -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
