|
010 | Benötigt der Empfänger auch CompanyCrypt, damit ich ihm verschlüsselte eMails schicken kann?
No. (But of course we do recommend this)
The external partner can use standard email-client extensions or plug-ins (PGP-Corporation, GnuPG, ...), as well as server based systems (Lotus Notes, PGP Universal, ...). Compliance with the applicable RFCs is the dominant factor.
|
|
020 | Kann ich dann meinen ganzen eMail-Verkehr verschlüsseln?
Theoretically yes, realistically rather not. Every external partner would have to have the technical ability to de- and encrypt all messages. That is unlikely for the foreseeable future. On top of that there would be an enormous key management. The actual need however is defined by amount of messages that require protection and that is typically around 1% of the whole message stream.
|
|
030 | Kann ich als Anwender die Verschlüsselung steuern?
This feature has been implemented in two ways in version 1.2.1. Both are activated by the administrator.By placing a keyword in the subject line the signing and/or encryption can be suppressed. This is useful, if a general signing for all outgoing eMails is activated, but the external recipients is unable to receive the message, because of the signature.Signing and/or encryption is triggered by a keyword in the subject line. Please note that this feature should be used with care and a realistic view for its abilities, since encryption can only take place, if the recipients key is available and declared trustworthy
|
|
040 | Kann ich auch verschlüsselte Nachrichten an mehrere Empfänger schicken?
Yes. For every recipient for which a valid key is available, the message will be encrypted. All others will receive a plaintext message. Background: The MIMEsweeper automatically generates copies of email, whenever different policies (encrypt/plain) applies.
|
|
050 | Müssen meine externen Partner nun jede E-Mail verschlüsseln?
No. The external partner handle this question to his own responsibility. Encrypt messages will be decrypted. Plaintext messages will de delivered unchanged.
|
|
060 | Muss der Anwender beim Versand angeben mit welcher Methode (PGP/SMIME) verschlüsselt werden soll?
No. That is selected automatically depending on the recipient. The external partner has pointed out the preferred method in the beginning, which is then put down in the policies by the administrator.
|
|
070 | Muss der interne Anwender etwas beachten?
No. He or she uses email like before. Depending on the configuration/policy set up by the administrator, new notifications or information about the de- and encryption may appear.
|
|
080 | Muss ich an meinem MIMEsweeper etwas ändern?
Technically no. Configuration yes. The functionality is being supplied by the CompanyCRYPT, GnuPG and OpenSSL executables. They reside along the MIMEsweeper system files. The activation itself is done by and within the policies (Address lists, scenarios, classifications). This of course has to be adopted to the need of the company regulations.
|
|
090 | Was muss ich haben um die Lösung einsetzten zu können?
First of all, the messages transmitted via the internet have to have a need for protection. Stating that the following is required:A MIMEsweeper version 4.x or 5.xExternal partner, with whom you want to (or have to) communicate securelyAn administrator, who is able to services this system extension. (Alternatively an external IT service provider).
|
|
100 | Was muss ich mir unter CompanyCRYPT vorstellen?
It is a system that extends the functionality of the eMail-content-scan-system MIMEsweeper by de- and encryption and still keeping the high level content inspection, even on the encrypted messages. The main data processing (on binary level) is performed by the OpenSource Software GnuPG (www.gnupg.org) and OpenSSL (www.openssl.org). CompanyCRYPT puts their performance into usage by two groups of functions:Interface between MIMEsweeper and GnuPG/OpenSSL binariesUnified key management for PGP and S/MIME without any further knowledge about GnuPG/OpenSSL required.
|
|
110 | Werden alle verschlüsselten E-Mails für mich entschlüsselt?
Almost all. Those messages, that have been encrypted with your public key (distributed by CompanyCRYPT key distribution or manually by administrator) will be decrypted for you. On all other encrypted messages the content-scan can not be performed and the responsible administrator will probably not let you have them.
|
|
120 | Wie stark ist die Verschlüsselung?
PGP and S/MIME are worldwide accredited methods to protect electronic data. The biggest threat to both methods is commonly the behaviour of the end user. This threat has been reliably defused by the central approach of CompanyCRYPT.
|
|
130 | Werden auch Dateianhänge verschlüsselt bzw. entschlüsselt?
YES. Regardless of their type or amount, incoming or outgoing.
|
|
140 | Werden E-Mails auch innerhalb des Unternehmens verschlüsselt?
Not normally. Basically messages into the internet will be encrypted and messages from the internet decrypted. This excludes the message exchange within the groupware. On the other hand CompanyCRYPT offers the ability to establish so called site-to-site encryption links. This is useful when your company includes branches at different location which are connected by internet mail. Those links can be protected by using a single key on every message that goes to a certain domain and are typically set up fully transparent for the end user (no notifications) almost like a email VPN tunnel.
|
|
150 | Wie funktioniert das im MIMEsweeper?
The basic decryption process word very much like cleaning a email from a virus, which is one of the core functionalities of the MIMEsweeper. This is the principal process: Pattern detection = virus scan (binary or decrypt attempt) and if applicable decryption = cleaning. Outgoing messages are encrypted or signed by the policies regardless of their content.
|
|
160 | Woher beziehe ich das Schlüsselmaterial?
All keys (PGP and S/MIME, user and company) can be generated with CompanyCRYPT functions (onboard CA included). Alternatively existing keys can be used as long as they are available as a file along with their pass phrase.
|
|
170 | Woran merke ich, dass die Nachricht an meinem externen Partner verschlüsselt geschickt wurde?
Typically the administrator will configure an automatic encryption confirmation (email notice).
|
|
180 | Woran merke ich, dass ich eine verschlüsselte Nachricht erhalten habe?
As a standard function if a message was decrypted, a decrypt summary will be added to the beginning of the body text. If needed this function can be suppressed by the administrator in the configuration.
|
|
190 | CompanyCRYPT unterstützt PGP und S/MIME. Ich will aber nur eine Methode einsetzen. Geht das?
Such an enable/disable function is technically integrated. CompanyCRYPT will ignore the de-selected method on incoming traffic. The used method for the outgoing traffic is controlled by the administrator.
But please be reminded, that eMail is used communicate with many people in a easy fashion. PGP and S/MIME help to do this in a confidential and secure manner. Since both sides have to do something to use this (key generation, exchange, software), it would make things even more complicated, if only one method were allowed. If you choose to do so, you are either in the more powerful position or you are willingly accepting more complicated ways with your external partners.
|
|
200 | Ich habe ein verteiltes System (ein PCS mit mehreren PS). Ist das ein Problem? Wo liegen denn dann die Schlüssel?
No problem. CompanyCRYPT is installed on every PS. After that you select one system as the "Master". This is also the only one to manage afterwards. All other installations are set to "Slave" mode and you tell them where their "master" is. Then a fully automatic synchronisation including the key material and the configuration will take over.
|
|
210 | PGP oder S/MIME? Fall 1: Ich möchte in Zukunft eine gesicherte Verbindung zu meinem externen Partner haben.
First ask the external partner, if he or she has already decided upon the method, or prepared anything on their side:They have already decided. OK, take their key and set up the connection. Basically with CompanyCRYPT you don't care.They haven't decided yet. Then let them take the following aspects into account:Official (Trustcenter certified) S/MIME keys do cost money and are typically only valid for one year.If they don't have an encryption gateway, only with PGP will it be able to set up a site-to-site connection. That means all messages to them and their employees, as well as the other way round to you and your employees, will be protected by a pair of single keys. That reduces the key management (for the future) to the bare minimum.
|
|
220 | PGP oder S/MIME? Fall 2: Was ist den besser?
This question you will have to answer for yourself, based on the sum of aspects you will find applicable. Yet, the following facts may help you to find a decision:That is common for PGP and S/MIME:PGP and S/MIME are equally safe and suitable to protect emails. They are using almost an identical set of algorithms with the same key lengths.Both technologies are accredited worldwide.
That is typical for PGP:PGP clients are more flexible in regard to encryption. They will let you encrypt for a company key on which the address will not be the same as the recipients address. That reduces the key management).PGP requires extra software at the external partner (but it's available free of charge)PGP keys can have multiple signatures (certifications) and are also free of charge.PGP key server will not tell you, if a key really belongs to a person (no Trustcenter functionality)That is typical for S/MIME:S/MIME is more suitable for signatures, if legally binding "qualified signatures" are important.S/MIME available on virtually any eMail client. The external partner does not have to install anything.S/MIME clients do not support company keys and will quickly lead to an excessive key management. Background: If the external partner wants to encrypt a message for you using your company key, he will find that no available S/MIME client supports that. Instead the client will need a separate key for each target address. (And it will be your task to supply them, depending on the amount of user in your company).(Trustcenter certified) S/MIME key material does cost money. Then again the keys are trustworthy to a certain extend, because the trustcenter has checked upon the identity of the key owner (depending in the certification class).
|