Initial situation:
A bidirectional domain encryption is to be set up for a communication partner that uses an encryption gateway from another manufacturer.
Solution:
Provided that the encryption gateway of the communication partner also supports this function, the public domain keys (preferably S/MIME, although OpenPGP is also possible) must be exchanged between the communication partners.
Setting up the domain encryption to the communication partner:
After checking the fingerprint/hash of the public domain key of the communication partner, this can be imported under Domain Certificates, depending on the key material via S/MIME domain certificates..., or OpenPGP domain keys....
Providing your own public domain key for the communication partner:
The public domain key of the SEPPmail appliance can be downloaded by the communication partner directly via the GINA interface, provided that this function has been enabled (see Extended settings Allow download of public domain keys/domain certificates). Checking the fingerprint or hash of the public domain key is not necessary at this point, as the key was obtained via an SSL-secured channel in this case.
Otherwise, the key is to be downloaded in the detailed settings of the respective Managed domain under S/MIME domain encryption or OpenPGP domain encryption and made available to the communication partner. If the transmission was made via an unsecured channel (e.g. unencrypted email), the fingerprint or hash of the public domain key should be checked by the communication partner before use.
