FacebookFind us on Facebook

Content Security     Encryption     Academy     Support

Home  >  Encryption  >  CompanyCRYPT  >  FAQ
Search

General FAQ (Frequently Asked Question)

CompanyCRYPT FAQAnswers to the most frequently asked questions (FAQs) are compiled here for you. By selecting one of the topics from the drop-down list below, all questions and answers concerning that topic are listed.


In case you couldn't find an answer, you are welcome to send your question to support@companycrypt.com wenden.

Answers to technical questions and support for implementing CompanyCRYPT are available to registered users by accessing the technical FAQ under "Support & Download".

 

010 | Does the recipient also require CompanyCRYPT, if I want to send him encrypted eMails?

No. (But of course we do recommend this) The external partner can use standard email-client extensions or plug-ins (PGP-Corporation, GnuPG, ?), as well as server based systems (Lotus Notes, PGP Universal, ?). Compliance with the applicable RFC??s is the dominant factor.

020 | Can I encrypt all my email traffic then?

Theoretically yes, realistically rather not. Every external partner would have to have the technical ability to de- and encrypt all messages. That is unlikely for the foreseeable future. On top of that there would be an enormous key management. The actual need however is defined by amount of messages that require protection and that is typically around 1% of the whole message stream.

030 | As an end-user, can I control the encryption?

This feature has been implemented in two ways in version 1.2.1. Both are activated by the administrator.By placing a keyword in the subject line the signing and/or encryption can be suppressed. This is useful, if a general signing for all outgoing eMails is activated, but the external recipients is unable to receive the message, because of the signature.Signing and/or encryption is triggered by a keyword in the subject line. Please note that this feature should be used with care and a realistic view for it??s abilities, since encryption can only take place, if the recipients key is available and declared trustworthy

040 | Can I send encrypted messages to multiple recipients.

Yes. For every recipient for which a valid key is available, the message will be encrypted. All others will receive a plaintext message. Background: The MIMEsweeper automatically generates copies of email, whenever different policies (encrypt/plain) applies.

050 | Do my external partner have to encrypt every message that they send to me now?

No. The external partner handle this question to his own responsibility. Encrypt messages will be decrypted. Plaintext messages will de delivered unchanged.

060 | Does the end user have to indicate the method of encryption (PGP or S/MIME) on every send message?

No. That is selected automatically depending on the recipient. The external partner has pointed out the preferred method in the beginning, which is then put down in the policies by the administrator.

070 | Does the internal end user have to consider anything?

No. He or she uses email like before. Depending on the configuration/policy set up by the administrator, ??new?? notifications or information about the de- and encryption may appear.

080 | Do I have to change something on my MIMEsweeper?

Technically no. Configuration yes. The functionality is being supplied by the CompanyCRYPT, GnuPG and OpenSSL executables. They reside along the MIMEsweeper system files. The activation itself is done by and within the policies (Address lists, scenarios, classifications). This of course has to be adopted to the need of the company regulations.

090 | What do I need to use this solution?

First of all, the messages transmitted via the internet have to have a need for protection. Stating that the following is required:A MIMEsweeper version 4.x or 5.xExternal partner, with whom you want to (or have to) communicate securelyAn administrator, who is able to services this system extension. (Alternatively an external IT service provider).

100 | What kind of system is CompanyCRYPT?

It is a system that extends the functionality of the eMail-content-scan-system ??MIMEsweeper? by de- and encryption and still keeping the high level content inspection, even on the encrypted messages. The main data processing (on binary level) is performed by the OpenSource Software GnuPG (www.gnupg.org) and OpenSSL (www.openssl.org). CompanyCRYPT puts their performance into usage by two groups of functions:Interface between MIMEsweeper and GnuPG/OpenSSL binariesUnified key management for PGP and S/MIME without any further knowledge about GnuPG/OpenSSL required.

110 | Will all encrypted emails decrypted for me?

Almost all. Those messages, that have been encrypted with your public key (distributed by CompanyCRYPT key distribution or manually by administrator) will be decrypted for you. On all other encrypted messages the content-scan can not be performed and the responsible administrator will probably not let you have them.

120 | How strong is the encryption?

PGP and S/MIME are worldwide accredited methods to protect electronic data. The biggest threat to both methods is commonly the behaviour of the end user. This threat has been reliably defused by the central approach of CompanyCRYPT.

130 | Are attachments encrypted or decrypted as well?

YES. Regardless of their type or amount, incoming or outgoing.

140 | Are internal emails encrypted as well?

Not normally. Basically messages into the internet will be encrypted and messages from the internet decrypted. This excludes the message exchange within the groupware. On the other hand CompanyCRYPT offers the ability to establish so called site-to-site encryption links. This is useful when your company includes branches at different location which are connected by internet mail. Those links can be protected by using a single key on every message that goes to a certain domain and are typically set up fully transparent for the end user (no notifications) almost like a email VPN tunnel.

150 | How does that work in the MIMEsweeper?

The basic decryption process word very much like cleaning a email from a virus, which is one of the core functionalities of the MIMEsweeper. This is the principal process: Pattern detection = virus scan (binary or decrypt attempt) and if applicable decryption = cleaning. Outgoing messages are encrypted or signed by the policies regardless of their content.

160 | Where do I get the key material from?

All keys (PGP and S/MIME, user and company) can be generated with CompanyCRYPT functions (onboard CA included). Alternatively existing keys can be used as long as they are available as a file along with their pass phrase.

170 | How do I notice that a message was encrypted for an external partner?

Typically the administrator will configure an automatic encryption confirmation (email notice).

180 | How do I know, that a received message was encrypted?

As a standard function if a message was decrypted, a decrypt summary will be added to the beginning of the body text. If needed this function can be suppressed by the administrator in the configuration.

190 | CompanyCRYPT supports PGP and S/MIME, but I just want to handle one method. Is that possible?

Such an enable/disable function is technically integrated. CompanyCRYPT will ignore the de-selected method on incoming traffic. The used method for the outgoing traffic is controlled by the administrator. But please be reminded, that eMail is used communicate with many people in a easy fashion. PGP and S/MIME help to do this in a confidential and secure manner. Since both sides have to do something to use this (key generation, exchange, software), it would make things even more complicated, if only one method were allowed. If you choose to do so, you are either in the more powerful position or you are willingly accepting more complicated ways with your external partners.

200 | I have a distributed environment (one PCS and a couple of PS). Is that a problem? Where are the keys located?

No problem. CompanyCRYPT is installed on every PS. After that you select one system as the "Master". This is also the only one to manage afterwards. All other installations are set to "Slave" mode and you tell them where their "master" is. Then a fully automatic synchronisation including the key material and the configuration will take over.

210 | PGP or S/MIME? Part 1: I want to have a secure connection to an external partner.

First ask the external partner, if he or she has already decided upon the method, or prepared anything on their side:They have already decided. OK, take their key and set up the connection. Basically with CompanyCRYPT you don??t care.They haven??t decided yet. Then let them take the following aspects into account:Official (Trustcenter certified) S/MIME keys do cost money and are typically only valid for one year.If they don??t have an encryption gateway, only with PGP will it be able to set up a site-to-site connection. That means all messages to them and their employees, as well as the other way round to you and your employees, will be protected by a pair of single keys. That reduces the key management (for the future) to the bare minimum.

220 | PGP or S/MIME? Part 2: What is better?

This question you will have to answer for yourself, based on the sum of aspects you will find applicable. Yet, the following facts may help you to find a decision:That is common for PGP and S/MIME:PGP and S/MIME are equally safe and suitable to protect emails. They are using almost an identical set of algorithms with the same key lengths.Both technologies are accredited worldwide. That is typical for PGP:PGP clients are more flexible in regard to encryption. They will let you encrypt for a company key on which the address will not be the same as the recipients address. That reduces the key management).PGP requires extra software at the external partner (but it??s available free of charge)PGP keys can have multiple signatures (certifications) and are also free of charge.PGP key server will not tell you, if a key really belongs to a person (no Trustcenter functionality)That is typical for S/MIME:S/MIME is more suitable for signatures, if legally binding "qualified signatures" are important.S/MIME available on virtually any eMail client. The external partner does not have to install anything.S/MIME clients do not support company keys and will quickly lead to an excessive key management. Background: If the external partner wants to encrypt a message for you using your company key, he will find that no available S/MIME client supports that. Instead the client will need a separate key for each target address. (And it will be your task to supply them, depending on the amount of user in your company).(Trustcenter certified) S/MIME key material does cost money. Then again the keys are trustworthy to a certain extend, because the trustcenter has checked upon the identity of the key owner (depending in the certification class).


Infocenter
Last change: 25.10.2016, Product of Interest: