sword12
asked on
end-to-end encrypted email
Hi Experts
we are searching for end-to-end encrypted email
i found these two options
one
https://www.voltage.com/products/email-security/hpe-securemail/
two
https://www.zixcorp.com/why-zix/resources/videos/zix-email-encryption-what-makes-it-so-popular
and as i understand that we can get this as physical appliance or virtual appliance
and i understand that this appliance will generates and manages the keys for you
but what i don't see or understand the recipients experience
how they will get our public key and how we will get there public keys
i want to know the decryption steps for these salutations and what end user should do
kindly advice
Sword
we are searching for end-to-end encrypted email
i found these two options
one
https://www.voltage.com/products/email-security/hpe-securemail/
two
https://www.zixcorp.com/why-zix/resources/videos/zix-email-encryption-what-makes-it-so-popular
and as i understand that we can get this as physical appliance or virtual appliance
and i understand that this appliance will generates and manages the keys for you
but what i don't see or understand the recipients experience
how they will get our public key and how we will get there public keys
i want to know the decryption steps for these salutations and what end user should do
kindly advice
Sword
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
but HP said you don't have to worry about it Mr customer because the recipients will use our online service to exchange keys
imo, when initializing a secure channel nobody should be involved other than the two parties desiring to communicate.
"it is look like that the user which will receive the encrypted email should connect to web site in order to give and get the public key
this is what i understand maybe i am wrong for this i want to know the key switching mechanism" - right. But be aware that they might have a local standard mail client and this secured communication will be outside of that client, it will be browser based. Possible, but not convenient for anyone.
"imo, when initializing a secure channel nobody should be involved other than the two parties desiring to communicate." - what? I thought privacy was given up back in 2001!? ;-)
this is what i understand maybe i am wrong for this i want to know the key switching mechanism" - right. But be aware that they might have a local standard mail client and this secured communication will be outside of that client, it will be browser based. Possible, but not convenient for anyone.
"imo, when initializing a secure channel nobody should be involved other than the two parties desiring to communicate." - what? I thought privacy was given up back in 2001!? ;-)
ASKER
HI Dr Klahn
when initializing a secure channel nobody should be involved other than the two parties desiring to communicate.
100 % right but HP said use our online service to switch public keys not privet keys
and as you know if third party get our public key no problem at all
because our privet key localy generated and we have it internally
as you know you use public key to close the message and only the owner of privet key can open this message
please correct me if i am telling something wrong
waiting for your feedback about my original question (( i want to know the key switching mechanism and end user experience ))
when initializing a secure channel nobody should be involved other than the two parties desiring to communicate.
100 % right but HP said use our online service to switch public keys not privet keys
and as you know if third party get our public key no problem at all
because our privet key localy generated and we have it internally
as you know you use public key to close the message and only the owner of privet key can open this message
please correct me if i am telling something wrong
waiting for your feedback about my original question (( i want to know the key switching mechanism and end user experience ))
and as you know if third party get our public key no problem at all
That assumes the factoring of large numbers will remain difficult. This is not a proven conjecture. Elliptical curve factoring makes it much easier. There has also been a new discovery using quantum physics that might make public key cryptography using products of large pseudoprimes insecure.
And only God knows what the NSA is up to. imo, all keys should be handled using the best methods available. Every method of cryptography has eventually been broken.
If data is worth encrypting, then it's worth using the best available protection at every stage in the process to protect it.
ASKER
so in other words nobody approve that HPE as solution to send encrypted emails
so any recommendation please ? to do this
thanks
so any recommendation please ? to do this
thanks
I see I have never recommended our solution: it's sophos secure e-mail gateway.
ASKER
Hi Mcknife
i know sophos . but all the time i asking about key management
as i mentioned before HPE solution offer online HP service to switch public keys but your privet key will locally generated .
but as i know Sophos you need to switch public keys first in order to save them inside sophos then you can send encrypted emails or ?
i know sophos . but all the time i asking about key management
as i mentioned before HPE solution offer online HP service to switch public keys but your privet key will locally generated .
but as i know Sophos you need to switch public keys first in order to save them inside sophos then you can send encrypted emails or ?
Will ask our sophos guy tomorrow.
ASKER
Hi McKnife
thanks
now I am reading about cisco iron port c190 they said they have encryption feature also but I want details plus they said they have outlook plugin for this I don't know I need help to understand
please check the attached file and let me know if you can give me some extra info
Cisco-Email-Security-Appliances-data.pdf
thanks
now I am reading about cisco iron port c190 they said they have encryption feature also but I want details plus they said they have outlook plugin for this I don't know I need help to understand
please check the attached file and let me know if you can give me some extra info
Cisco-Email-Security-Appliances-data.pdf
It works with pgp keys and s/mime. The latter is exchanged via mail, pgp keys can be exchanged through online services (key servers) or through mail.
ASKER
HI McKnife
i think not
they said the convert everything to PDF and protect it with password please check the attached file
plus if sophos use only pgp that mean this is old school way
now i found a new product which look like cool to me
https://www.totemo.com/products/mail/overview/architecture/
anyway i think i have to close this question so what do think ?
Sophos-Email-Appliance.pdf
i think not
they said the convert everything to PDF and protect it with password please check the attached file
plus if sophos use only pgp that mean this is old school way
now i found a new product which look like cool to me
https://www.totemo.com/products/mail/overview/architecture/
anyway i think i have to close this question so what do think ?
Sophos-Email-Appliance.pdf
The sophos product that you link is not what we use. We use "secure e-mail gateway". It uses either pgp or s/mime.
I cannot comment on the other links, this is not really my favorite topic, I was participating to add the basic requirements and stress that this is something you need to communicate to partners, it won't work with configuration on your side only :-)
Good luck
I cannot comment on the other links, this is not really my favorite topic, I was participating to add the basic requirements and stress that this is something you need to communicate to partners, it won't work with configuration on your side only :-)
Good luck
ASKER
yes i know we have to exchange keys (( public keys ))
but HP said you don't have to worry about it Mr customer because the recipients will use our online service to exchange keys
it is look like that the user which will receive the encrypted email should connect to web site in order to give and get the public key
this is what i understand maybe i am wrong for this i want to know the key switching mechanism
THEY SAID
Step 1: Your organization encrypts messages with the Voltage SecureMail Connected Gateway
Step 2: Recipients use the Voltage SecureMail Network service to decrypt their email and reply securely
PLEASE CHECK THE ATTACHED FILE AND UPDATE ME IF YOU UNDERSTAND SOMETHING ELS
VoltageSecureMail_Connected_Gateway_.pdf