Configure Encryption Management Server Web Email Protection to use only keys

book

Article ID: 205536

calendar_today

Updated On:

Products

Encryption Management Server Encryption Management Server Powered by PGP Technology Gateway Email Encryption Gateway Email Encryption Powered by PGP Technology

Issue/Introduction

The Delivery Options for Encryption Management Server Web Email Protection are:

  1. Symantec Web Email Protection.
  2. Generate and download digital ID/ X.509 Certificate for S/MIME.
  3. Import OpenPGP Key or digital ID/X.509 Certificate for S/MIME.
  4. PDF Email Protection.
  5. Regular Email.

In order to force external users to upload their own PGP key or S/MIME certificate, you can enable only Import OpenPGP Key or digital ID/X.509 Certificate for S/MIME. This will force external users to upload a key or certificate and reduce the storage space required for Web Email Protection messages.

Environment

Symantec Encryption Management Server 3.4.2 and above.

Resolution

To enable this configuration, from the administration console:

  1. Click on Consumers / Consumer Policy.
  2. Click on the Default policy.
  3. Click on the Edit button next to Symantec Web Email Protection.
  4. Under Delivery Options, ensure that only Import OpenPGP Key or digital ID/X.509 Certificate for S/MIME is enabled.
  5. Click the Save button.

The external user experience is as follows:

  1. When the external user is sent a message, they receive a notification requesting them to set their passphrase for Web Email Protection.
  2. They set their passphrase in the normal way by connecting to the Web Email Protection portal.
  3. However, until they have uploaded a key or certificate, they cannot access their Web Email Protection Inbox and read the message they were sent.
  4. Additional messages sent to the external user will continue to be delivered to their Web Email Protection Inbox.
  5. Once the external user has uploaded their key or certificate, they are able to read and reply to any messages they have previously been sent using Web Email Protection.
  6. However, all subsequent messages will be encrypted to their key or certificate and will not appear in their Web Email Protection Inbox.

Because messages will be delivered to the external user's Web Email Protection Inbox until they have uploaded a key or certificate, it may be advisable to reduce the Web Email Protection Inactivity Expiration time from the default of three months. This will avoid the build-up of unread messages and hence reduce disk space usage. To do this from the administration console:

  1. Click on Services / Web Email Protection.
  2. Click on the Edit button in the lower right corner of the page to change the Options.
  3. Select a lower value than the default of 3 months from the Inactivity Expiration dropdown list.
  4. Click the Save button.