|
The cryptographic technologies and procedures provided by the SEPPmail Secure E-Mail Gateway ensure the highest level of security and flexibility in the secure communication with the different communication partners. This way, outgoing emails are secured with the most suitable procedures for the respective communication partner. The SEPPmail Secure E-Mail Gateway generally proceeds according to the following hierarchy: |
1.Verified S/MIME certificate of the recipient
2.Verified public OpenPGP key of the recipient
3.Verified S/MIME domains certificate of the recipient domain
4.Certified public OpenPGP key domains of the recipient domain
5.Optionally, a TLS encryption higher than "may" can be used as a valid encryption method at this point; this method is also applied when one of the higher priority methods has already been used.
If none of the previous (standard) procedures is available due to missing key material on the side of the recipient,
6.GINA with stored recipient password
7.GINA with initial password
|
|
Standard encryption characteristics for outgoing emails are subject line keywords, sensitivity parameters (confidentiality marking, please also refer to Microsoft Outlook Confidentiality) as well as specific X-headers.
Optionally, LDAP queries, for example, can also be used as characteristics, such as Microsoft Active Directory (AD) user groups.
If a different order or another process is desired, however, the ruleset can be adapted correspondingly at any time. Thus, desired standardisations in the handling of emails from and to specific addresses or domains can be pre-set in such a way that these rules take priority, irrespective of the user actions.
For the secured receipt of emails, the communication partner can be offered an arbitrary standard procedure or GINA for spontaneous communication.
These types of secure communication are transparent at all times for the internal user.
Additionally, incoming emails can be provided with a digital signature (please also refer to Electronic Signatures). Part of this S/MIME signature is the sender’s public S/MIME key (certificate). To minimise the administrative workload, the SEPPmail Secure E-Mail Gateway saves these S/MIME certificates automatically after a successful verification of the signature. This ensures that the certificates collected this way are subsequently available across the entire company for the encryption of emails to the corresponding communication partners.
On our Youtube channel you will find a explanatory video on the function sequence of the encryption hierarchy.
