Focus: Encryption with iQ.Suite Crypt
1. Which encryption techniques are available to encrypt e-mails?
2. Which methods can be used to encrypt e-mails?
3. PGP or S/MIME?
4. How does server-to-server encryption work?
5. How do I encrypt all e-mails to a specific domain?
6. How does server-to-client encryption work?
7. How do I make encrypted files readable for me?
8. What happens if a communication partner`s public key is missing?
2. Which methods can be used to encrypt e-mails?
3. PGP or S/MIME?
4. How does server-to-server encryption work?
5. How do I encrypt all e-mails to a specific domain?
6. How does server-to-client encryption work?
7. How do I make encrypted files readable for me?
8. What happens if a communication partner`s public key is missing?
Which encryption techniques are available to encrypt e-mails?
The three most common e-mail encryption techniques are:
- Symmetrical encryption: This technique uses a single key that is used by the sender (to encrypt) and the recipient (to decrypt). The main advantage of symmetrical encryption is its speed. Its main disadvantage is that the key has to be communicated to the recipient by some secure method. Common symmetrical techniques are DES, Triple DES, RC4, IDEA and AES.
- Asymmetrical encryption: This technique uses pairs of keys that complement each other. The communication partner's public key is used to encrypt a message, the own private key to open. i.e. to decrypt the message. This is also referred to as "public-key technique", as it is sufficient to keep only one the keys secret (the private key for decrypting), while the other can be published (the public key for encrypting). As the transmission of keys is easy, this technique is more convenient than symmetrical encryption, but it is also significantly slower. A common asymmetrical technique is RSA.
- Hybrid technique: The optimal solution usually implies a combination of symmetrical and asymmetrical techniques, also called "hybrid technique". The message is encrypted using a symmetrical technique, while the corresponding symmetrical public key - newly created on a random basis - is encrypted with the recipient`s public key using an asymmetrical technique. Both are then sent to the recipient. The recipient uses his private key to decrypt the message key and the latter to decrypt the message itself. This technique has one big advantage: The entire message can be encrypted using faster techniques, with the slower technique only used to encrypt the relatively short string of digits of the public key. The asymmetrical technique is thus used to solve the problem of secure transmission of the key, while the actual encryption of the message follows the principle of symmetrical encryption.
 |
 |
|
|
Which methods can be used to encrypt e-mails?
There are different encryption methods that can be used to encrypt e-mails. The two most widely used are "Pretty Good Privacy" (PGP) und S/MIME, both of which are based on hybrid techniques.
|
|
|
|
PGP or S/MIME?
Which one of these encryption methods you should use, is a matter of personal preferences. Regarding the basic functionality and the level of security provided, both methods are equally good. One of the advantages of S/MIME is that it does not require any special software, as it is already integrated in most current web clients and e-mail clients.
On the other hand, PGP requires installing the PGP software, which is however available free of charge (GnuPG). It creates its key itself; an external certification is possible, but not absolutely required.
Regardless of the method used, it is essential that your communication partner uses the same one. Encrypting with PGP and decrypting with S/MIME, for instance, is not possible. But with iQ.Suite Crypt, both methods can be used in parallel, i.e. one for certain e-mail addressees/senders and the other one for others.
In both case, the private key must be kept secret at all times and must be not transmitted to anyone.
On the other hand, PGP requires installing the PGP software, which is however available free of charge (GnuPG). It creates its key itself; an external certification is possible, but not absolutely required.
Regardless of the method used, it is essential that your communication partner uses the same one. Encrypting with PGP and decrypting with S/MIME, for instance, is not possible. But with iQ.Suite Crypt, both methods can be used in parallel, i.e. one for certain e-mail addressees/senders and the other one for others.
In both case, the private key must be kept secret at all times and must be not transmitted to anyone.
|
|
|
|
How does server-to-server encryption work?
Based on the corresponding company keys, server-to-server encryption with iQ.Suite Crypt establishes a secure channel between two servers connected within a network or via Internet. Thus, all users from one server can securely communicate with the users from the other server without user interaction.
|
|
|
|
How do I encrypt all e-mails to a specific domain?
First, the recipient`s public key must be available on the sender`s server. To ensure the encryption will work for all addresses in the recipient`s company, map the e-mail addresses to the corresponding key: *@domain.de mapped to PublicKey_of_company_info@domain.de.
|
|
|
|
How does server-to-client encryption work?
Server-client encryption works in the same way as server-to-server encryption , except that, on the recipient side, the e-mail is decrypted by a client rather than a server. Mapping is not required unless server-to-server encryption has been agreed with the receiving company.
Then, outgoing e-mails are automatically encrypted with the public key of the (external) recipient.
Then, outgoing e-mails are automatically encrypted with the public key of the (external) recipient.
|
|
|
|
How do I make encrypted files readable for me?
To make outgoing e-mails "readable" again after they have been encrypted, encrypt these mails not only with the recipient`s public key but simultaneously with your own private key, which you can then use to decrypt the mails again. To do so, additionally enter the name of your own key in the "Recipient Parameter".
|
|
|
|
What happens if a communication partner`s public key is missing?
When the public key for an outgoing e-mail is not available or corrupted, the mail can simply not be encrypted. In the iQ.Suite configuration settings, you have the possibility to set whether such mails are to be sent unencrypted or quarantined as configured.
When the public key for incoming mails is missing or corrupted, it will be impossible to verify a sender`s signature, as this requires the sender`s public key. In this case, an appropriate information can be sent to the sender or the e-mail can be quarantined as configured.
When the public key for incoming mails is missing or corrupted, it will be impossible to verify a sender`s signature, as this requires the sender`s public key. In this case, an appropriate information can be sent to the sender or the e-mail can be quarantined as configured.
|
|
|
|
