Email Encryption

Posted on 2013-08-27
Medium Priority
Last Modified: 2013-09-05
Our company is a small business company that has around 100 users with a Exchange 2010 environment and Office 2013 Clients. We are currently in discovery mode of understanding how to manage encryption of email to our clients. What is a good practice on deploying certificates to the end users and their clients? How do you handle password management with the certificates if the end users forget them? Is there any good plugins that work well with Outlook 2013? Is there any good mobile apps that work with email encryption for iPhone/Android? So far I have been testing with http://www.gpg4win.org and https://code.google.com/p/outlook-privacy-plugin/.
Question by:ITimaging
1 Comment
LVL 33

Accepted Solution

Dave Howe earned 2000 total points
ID: 39445296
Ok, from the top then.

1) s/mime is the default for email encryption - largely because it is built into most email clients, outlook not being an exception there. PGP is less well supported, and in many cases you are better served looking at a gateway device (such as pgp universal gateway) where you can do the key management yourself rather than leaving it to your users.

2) key management is not hard if you centrally issue the keys, and keep a copy. If you want users to create and manage their keys, then commercial pgp has a "corporate key" function that allows you to insist all mails are encrypted both to your user's key and a corporate recovery key.

3) the cheapest way to get started with X509 (s/mime) in an exchange environment is just to issue the keys centrally yourself. there is an automated process for this using a system microsoft call "autoenrollment" (see the MS website for details) or you can just use something like XCA

4) what gpg, s/mime and most other solutions have in common is that you must have the key of the recipient already before you can send them any mail. gpg use a system of keyservers to allow you to "pull" a key from the internet, plus you can send them out of band for manual import. s/mime have a system where the key is sent with digitally signed mail, so the easiest way to get a key is to have your correspondent send you such a digitally signed mail, accept the key, then use it to send encrypted mail.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Disk errors can be the source of sundry problems for the Exchange server, the most common one being that the database fails to mount.
Outlook is not just an email client. It's a personal information manager that has great features. Sometimes you may confront serious problems which leave you helpless. For a novice user, troubleshooting the problem is not easy. I've listed top 10 ti…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Watch the video to know the simple way to remove or recover or reset lost or forgotten passwords of Outlook PST file. With Kernel Outlook Password Recovery tool such operation is very easy to perform. It is a freeware with limitation to use with 500…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question