PrivaSphere Gateway Certificate Authority (GW CA)

19  Download (0)

Full text

(1)

PrivaSphere Gateway Certificate Authority (GW CA)

Send and receive secure eMails with your eMail program through restricting firewalls using SMIME gateway functionalities.

PrivaSphere Secure Messaging supports sending secure eMails to recipients using SMIME encryption to recipients over the PrivaSphere Secure Messaging Platform. The recipient does not need to be a registered PrivaSphere user.

This can be useful if the sender is behind a corporate firewall and is not allowed to use the SMTP protocol and/or he can not configure a second eMail account in his eMail client. Be aware that this breaks the relationship privacy! This means that it is visible from outside who sends eMails to whom. The content is still encrypted and safe.

Prerequisites

To use the PrivaSphere Gateway CA, the following prerequisites are necessary:

1. Registered PrivaSphere User: As sender it is necessary to be a fully registered PrivaSphere Secure Messaging user with an eMail address and a valid password. 2. The sender needs a valid SMIME key pair (private and public key). It can be a

commercial one or a self signed. The public key must be uploaded in the PrivaSphere Secure Messaging profile.

3. Need of an eMail client which is able to encrypt and decrypt eMails using SMIME. This can be Microsoft Outlook, Mozilla Thunderbird or others.

Sender Firewall Recipient









a)



c)

ev. MUC



b)

(2)

Principle

1. The sender requests a certificate for the recipient on the PrivaSphere Secure Messaging Platform.

2. The PrivaSphere Secure Messaging Platform generates and delivers a SMIME public key for the recipient.

3. The sender sends a SMIME encrypted and signed eMail to the PrivaSphere Secure Messaging Platform for delivery to the recipient.

4. The recipient gets the secure eMail depending of his personal settings. a. New recipient: browser based with notification mail and Message Unlock

Code (MUC)

Existing recipient using web interface: browser based with password (and ev. MUC)

b. Via secure POP to the mail client

c. Encrypted with his deposited public key (SMIME) or delivered via domain (if applicable).

Step by step instruction for Microsoft Outlook 2002/2003/XP 1. The sender needs to be a fully registered PrivaSphere user.

2. The sender has to upload his public key into the PrivaSphere profile. Log in to PrivaSphere Secure Messaging.

go to ‘Edit Profile’ and press ‘go’

go to ‘Receive in Mail Program’

(3)

press ‘Open’ and then press ‘Update Account’ Your public key is uploaded now.

You will get a first SMIME encrypted eMail for testing.

3. Go to the page ‘Help’ on the PrivaSphere Secure Messaging Platform.

go to ‘Receive in your mail program with your public key (SMIME)’ go to ‘How the Gateway CA works’

(4)

4. To validate the Gateway Certificates install the PrivaSphere GW Certificate first. Press ‘Get gateway certificates for your recipients here.’

Click on ‘Download Gateway-CA Root Certificate and install it in your mail program’.

(5)

5. Request GW CA (SMIME)

a. Direct as *.crt file (*.crt)

fill in the recipients eMail address and press ‘Save Certificate of recipient’

Save the downloaded certificate for further use. b. Direct as MS Outlook Contact file

fill in the recipients eMail address and press ‘Save as recipients contact’ Save the downloaded file, open it and press ‘save and close’ to use it in MS Outlook.

(6)

c. via eMail

fill in the recipients eMail address and press ‘Send Gateway-Certificate via eMail to you’.

You will get an eMail signed with the gateway certificate of the respective recipient.

(7)
(8)

6. Send an eMail to the recipient

Edit a new eMail and send it encrypted and signed to the eMail address which has the format: john_at_doe.org@gw.privasphere.com

Be aware that the eMail must be signed with the same key deposited in your profile.

Send this eMail.

7. Transmit the Message Unlock Code (MUC) to the sender if necessary

8. The recipient gets the notification mail and can access the message with the Message Unlock Code (MUC).

For the Mozilla Thunderbird eMail client Start with Steps 1 to 3

4. Import the Root Certificate into the Mozilla Thunderbird Root Store To validate the Gateway Certificates install the PrivaSphere GW Certificate first. Press ‘Get gateway certificates for your recipients here.’

Click on ‘Download Gateway-CA Root Certificate and save it on your computer.

(9)

Open ‘Certificate Authorities’

(10)

trust this certificate

(11)

5. Get the user certificate

a. Direct as *.crt file (*.crt)

fill in the recipients eMail address and press ‘Save Certificate of recipient’

Save the downloaded certificate for further use.

Import the certificate into your Mozilla Thunderbird certificate store: go to ‘certificates’ – ‘certificates of others’ and import the user certificate.

(12)

and you will find the user certificate in your store.

b. Sending out of Mozilla Thunderbird:

to send an eMail via the Gateway CA to a recipient, just use the email address in the format

name_at_company.com@gw-privasphere.com and enable signing and encryption.

(13)

6. via eMail

fill in the recipients eMail address and press ‘Send Gateway-Certificate via eMail to you’.

You will get an eMail signed with the gateway certificate of the respective recipient.

the signature (*.crt) is attached as a zip file. Save this zip-file, extract the certificate, save it and import it into the Mozilla Tunderbird root store as shown unter § 5 a).

(14)

For Lotus Notes Mail Client (V 6.5) Start with Steps 1 to 3

4. Import your own SMIME Certificate Lotus Notes Certificate Store

You must have your SMIME certificate (public and private key) as a *.p12 or *.pfx file. Open Lotus Notes ‘File’ – ‘Security’ – ‘User Security’ – ‘Your Certificates’

(15)

Select the format (PKCS 12 encoded).

Enter your password (if the *.pfx file is password protected)

(16)

And you can see your certificate in the store.

(17)

fill in the recipients eMail address and press ‘Send Gateway-Certificate via eMail to you’.

You will get an eMail signed with the gateway certificate of the respective recipient.

6. Open the received eMail and accept the certificate (‘cross cerify’)

(18)

Include the X.509 certificate

7. Send a secure eMail to the recipient using the Gateway CA Write an eMail to the saved contact (address format is:

name_at_company.com@gw.privasphere.com) and mark Sign and Encrypt in the Delivery Options. Send the eMail as usual.

Other Operating Systems / Mail Clients

For advanced users or other Operating Systems than Windows and other eMail clients than MS Outlook, you can get the certificate as a text file. Therefore press ‘Next in Browser’.

(19)

Save this file as *.crt. This is the public key of the respective user.

Sending your Gateway Certificate to an other user of PrivaSphere Secure Messaging

With the function ‘Senden Ihr Gateway-Zertifikat via eMail an Absender’ you are able to send an eMail to the recipient signed with your Gateway-Certificate and with your Gateway eMail address as sender’s address.

The recipient must be a registered PrivaSphere user and must hav uploaded his SMIME public key into his profile.

Then he will be able to send you SMIME encrypted and signed eMails over the PrivaSphere Secure Messaging Platform out of his eMail client without using a SMTP connection to PrivaSphere.

Figure

Updating...

References

Related subjects :