On 08/31/2015 03:14 PM, Ted Andrews wrote: > > > Are keys associated with domains or individuals? In other words, if I > want to send an encrypted message to [email protected] and to [email protected], > do I have to import 2 keys or 1? If I need separate keys and require > that all messages going to abc.com must be encrypted, what happens if > I only have 1 key?
That depends on how you set it up. If a PGP key is trusted, it's associated with the email addresses embedded in the PGP key (to be precise in the UID). You can however associate a domain with a PGP key. Once a domain is associated with a key, all email sent to that domain will be encrypted with that key. This way you can setup domain to domain encryption with PGP keys. Now suppose you did not setup domain to domain encryption and you send a message to [email protected] and to [email protected] and you only have a valid key for [email protected], then an encrypted email will be sent to [email protected]. What happens with the email to [email protected] depends on the settings. If email encryption is mandatory or there is some trigger that triggered encryption (for example a subject rule or DLP rule), then the email will not be PGP encrypted and other encryption forms are tried (for example PDF encryption or webmail). If all other forms of encryption are not available (or not enabled), then the sender will receive a bounce message that the message to [email protected] cannot be sent. > It looks like HSM support is only available for the Enterprise > version -- is that correct? Yes that is correct. An HSM is a specialized (and expensive) device which requires additional configuration and libraries. Kind regard, Martijn Brinkers -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
