Stormshield Data Mail
Stormshield Data Mail does not support RTF format because it does not guarantee reliable interoperability with the security mechanism in SDS Enterprise. Using the RTF format may cause information loss.
HTML is therefore the recommended format for writing secure messages, as it enables interoperability.
Cross-encryption makes it possible to update the protection level of secured messages (S/MIME format messages or plain text messages including an attachment encrypted with Stormshield Data File). It consists of re-encrypting with your new key any message encrypted with a former encryption key and by using the default encryption algorithm defined in the user account.
To access the user's private keys during cross-encryption, you must be connected to SDS Enterprise.
You are therefore advised to disable automatic logout and session locking in your screen saver options when there are many messages to be cross-encrypted. The processing time is proportional to the number of messages to be processed.
A secured message will not be cross-encrypted if the user's current encryption key is the key that originally encrypted the message.
A message which has already been cross-encrypted by the current key will not be cross-encrypted again, as long as the user's current key is not updated.
If recipients with several e-mail addresses in their certificates are not in the SDS Enterprise trusted address book but are in your LDAP directory(ies), a dialog box warning that "the certificate has not been found in your trusted address book" may appear when an encrypted e-mail is sent to this recipient.
In this case, you can configure the LDAP directory to retrieve the certificate when sending the encrypted e-mail.
To do so, check that the user attribute « proxyAddresses » in the LDAP directory contains all the user secondary e-mail addresses.
In the attribute, each secondary e-mail address must be preceded by « smtp: ", whereas the main address is preceded by « SMTP: ».
This attribute can be updated via enterprise mail servers such as Exchange.
When sending e-mails, the system will search for the best available certificate for each recipient. If the certificate comes from the LDAP directory, the consistency of the recipient’s e-mail address will be verified with the address specified in this certificate. If they are not the same, the certificate is rejected and the e-mail may not be sent.
If you use internal aliases for users’ addresses, this mechanism may not be appropriate.
- To disable the consistency check on a user’s workstation, set the value of DWORD CheckLDAPCertificateEmailAddress to 0 in the HKLM\SOFTWARE\Arkoon\Security BOX Enterprise\Mail registry key.
The e-mail address consistency check is implemented for security reasons. We therefore recommend that you do not disable it unless specifically required.