Over the last couple of weeks we’ve looked at the theory behind public key encryption and public key infrastructure. But how is all of this pulled together into a product that enables you to send or receive encrypted e-mail messages?
If you need encryption in an enterprise environment then the ideal solution is as transparent to those using it as possible. That’s because any specific steps that users have to take to encrypt their messages are likely to be forgotten, ignored or carried our incorrectly.
For that reason, many organizations choose to install an encryption gateway appliance which encrypts messages after they have been sent by users from standard e-mail clients like Microsoft Outlook, and which decrypts incoming messages before passing them on to their destinations.
One of the earliest public key encryption applications was called Pretty Good Privacy (PGP), written in 1991 by Phil Zimmermann. PGP, Inc. was bought by Network Associates in 1997, but following a management buyout in 2002 PGP morphed into PGP Corporation, which today is one of the best known vendors of corporate encryption solutions. The company’s offerings are based around a set of encryption applications—for e-mail and other targets such as mobile devices or storage disks - that use a common encryption platform, plus a management server called PGP Universal Server that oversees them all.
PGP’s Universal Gateway Email
PGP’s Universal Gateway Email is the company’s gateway encryption (and decryption) application. To build a transparent secure e-mail system an organization runs a virtual appliance made up of PGP Universal Server and Universal Gateway Email. This can run on a hardened version of Linux on one of several specific server hardware configurations from vendors including Dell, HP and IBM, or it can take the form of a virtual machine running on VMware ESX.
The appliance is connected between the corporate mail server and the corporate firewall, and when it receives outgoing e-mail messages from the mail server it kicks in to action. The first things the encryption application has to do is decide which messages to encrypt and find the public keys belonging to the recipients of those messages that need to be encrypted. This information is provided by the PGP Universal Server. Its role is to manage and apply rules and policies for encryption, based on factors including the destination, the sender, or even the contents of the message. Account creation, group management and policy enforcement can be automated by integrating Active Directory, Lotus Notes/Domino directories or other LDAP directories with the Universal Server.
Let’s imaging that you want to send an e-mail to someone at another organizations, and the Universal Server determines, by looking at the rules and policies that it has to apply, that your message should be encrypted—perhaps because you are working in a confidential new product group. To encrypt the message the encryption software first needs the intended recipient’s public key. So how does it get that?
Universal Server Key Management
Key management is a key role (if you’ll pardon the pun) that the Universal Server carries out for the encryption software. One place it can look for a key is PGP’s Global Directory. (Whenever PGP products generate keys anywhere in the word, the public keys are sent automatically to this Global Directory. Key owners are e-mailed every six months to confirm that the keys should remain in the directory, which may not be the case if, for example, the matching private key has been lost or compromised.) It can also search for a key by looking for a corporate keyserver at the message’s destination domain, or it could have already received it “out of band,” perhaps manually delivered on a memory stick.
What happens if policy dictates that a message you want to send should be encrypted, but no public key for the recipient can be found- perhaps because the intended recipient or their organization doesn’t use encryption software and therefore has no key?
In this situation you can’t use public key encryption, but you can use a compromise. Universal Gateway Email provides two alternatives: PGP Universal Web Messenger and PDF Messenger. The first of these sends an unencrypted e-mail to your intended recipient informing them that they have been sent a message, and that they can view it by visiting a secure website and entering a password which could be delivered separately—perhaps by SMS. The second encrypts the message as a PDF which is sent to the recipient, who can then decrypt and view it using standard Adobe Acrobat Reader software once they have the password.
When Does Gateway Encryption Fail?
A gateway encryption product may make e-mail encryption totally transparent to users, but there are a number of reasons why it may not be suitable in all cases. For example, an e-mail must be digitally signed (using a private key) at the point it was created to provide non-repudiation for some legal purposes—otherwise the sender could disown the message on the grounds that it could have been tampered with after it left their computer but before it was encrypted at a gateway - or even that they did not originate it in the first place. A gateway encryption product may also not be practical when mobile users need to send e-mail from outside the corporate network.
To cater to these and other circumstances PGP also offers its Desktop e-mail application. This runs as a local desktop mail proxy service which works with all e-mail clients (not as a plug-in for specific e-mail applications.) Key and policy management can be carried out by the application, or by the corporate Universal Server. The machine’s private key can be stored on the machine itself protected by a passphrase and, optionally, some second factor authentication system such as a GemPlus, Alladin or Axalto (Schlumberger) smart card. It can also be stored within the Trusted Platform Module (TPM) of suitably equipped laptops or on a Universal Server, or synchronized between the two. When the software is managed by a Universal Server separate policies can be enforced on the computer when the Universal Server is unreachable.
For smaller organizations or individuals, a full blown encryption platform such as this may seem like overkill, and in many ways it probably is. In the next piece in this series I’ll be taking a look at low-cost or free open source encryption solutions which use the same public key encryption technology.