DeskNow Knowledge Base
 
      
Home Mail How do I enable digital encryption and signing for a domain?

How do I enable digital encryption and signing for a domain?
This article applies to DeskNow 3.2.1 and later

DeskNow supports the S/MIME protocol for digital encryption and signing of emails.

Digital encryption

When an user digitally encrypts an email, the email content is scrambled with advanced cryptographic technologies. The original message can only be read by the intended recipient. The message cannot be read by any other person. This makes digital encryption essential for protecting private communication.

All attachments are encrypted along with the text of the message. Headers (including the subject) are not encrypted.

Digital signing

When a person digitally signs an email, a digital signature is added to the mail content. This means that the recipient can verify that:

  1. the email was not tampered with while in transit

  2. the content of the email is signed by the declared sender

All attachments are signed along with the text of the message. Headers (including the subject) are not signed.

An email can be both digitally encrypted and digitally signed.

How to enable digital encryption and signing

In order to be able to digitally decrypt and sign emails, users need to have a Personal Digital ID (also known as digital certificate).

There are two ways of getting a Personal Digital ID:

  1. by obtaining one (usually by purchasing one) from a trusted public Certification Authority, like Thawte or Verisign. In this case, users can directly import their certificate files in the page Preferences/Personal Digital IDs
  2. by generating one using DeskNow. Only the administrator of a domain can generate certificates for the users of the domain.

    To generate certificates for users of the domain, the domain administrator must first generate a 'root' certificate for the entire domain. This can be done via the 'Administration/Domain Root Certificate' page.
    Once the domain has a root certificate, the administrator can generate a default certificate for all the existing users (button 'Create Digital IDs' on the same page, visible only when there is a root certificate), or individually (via the 'Administration/Create user certificate' page).

Once an user has a digital ID (an user can have more than one digital ID), he can associate it to a mail identity to sign outgoing emails when using that identity. He can also send the public key of the certificate to others, so that they can encrypt emails directed to the user.

For full details on how users can encrypt, decrypt, sign and verify signatures in emails, please see the online DeskNow help (simply login into DeskNow and click on the help icon).

Trusted root certificates

The super administrator of a DeskNow server can define what root certificates are trusted by the system. Personal digital IDs that were signed by a trusted root certificate are automatically trusted.

DeskNow by default trusts the root certificates of the most common Certification Authorities. The super administrator can add other certificates (ex. the root certificates of a DeskNow domain on another server) in the Administration/Trusted root certificates page.

 

Email Article Email
Print Article Print


How helpful was this article to you?
Related Articles
article How can I enable compression of the web pages served?
It is possible to enable gzip compression of...

(No rating)  October 25, 2007    Views: 14146   
article How to install the unlimited-strength encryption policy files
These files allow DeskNow and java to use...

  October 18, 2006    Views: 57299   
article Can I change the name of a domain?
You certainly can! Simply go to...

  February 26, 2007    Views: 17794   



Powered by Lore :: (c)2003 Pineapple Technologies.