Encryption Management Server cannot always decrypt messages that have been modified

book

Article ID: 169623

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

Encryption Management Server cannot always decrypt inbound messages that have been modified. For example, if the message has text added to it stating that it originated from an external source then Encryption Management Server may pass the message to the recipient without decrypting it.

Cause

Messages encrypted by Encryption Management Server to a PGP/MIME format key use this content type and protocol:
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"

According to RFC 3156 multipart/encrypted are to be treated by agents as opaque, meaning that the data is not to be altered in any way.

Therefore, altering such messages by adding text to them will invalidate them.

HTML format messages encrypted by Encryption Management Server to a PGP Partitioned format key use this content type:

Content-Type: multipart/mixed

Altering such messages by adding text to them will not invalidate them and Encryption Management Server can decrypt them but the additional text will probably be lost.

Messages encrypted by Encryption Desktop to a PGP/MIME format key use this content type:

Content-Type: multipart/mixed

Altering such messages by adding text to them will not invalidate them and Encryption Management Server can decrypt them but the additional text will probably be lost.

Environment

Encryption Management Server 3.3 and above.

Resolution

By far the best solution is for Encryption Management Server to decrypt messages before any additional text is added to them.

If this is not possible, the sender will have to do one of the following:

  1. Use Encryption Desktop to encrypt the message.
  2. Use Encryption Management Server to encrypt the message using PGP Partitioned encoding.