Reading secure messages
This chapter explains how to read secure messages and reply to them.
Opening secure messages
You receive and read messages as you normally would using your messaging software. If an e-mail has been encrypted by its sender, Stormshield Data Mail will decrypt it when you open the e-mail. If the message contains a signature, Stormshield Data Mail verifies the signature and indicates issues if any.
If you are not connected to SDS Enterprise, a window displays and prompts you to connect to be able to read the message or verify the signature.
NOTE
An encrypted and/or signed .msg file cannot be opened from Windows Explorer. For more information, refer to the article in the Stormshield Knowledge Base.
IMPORTANT
You cannot modify a received secured message with the Outlook menu Actions > Edit
Message because this action could disable the security of the message.
Viewing the security report
When a secure message is opened, you can view the security report by clicking on the link in the upper banner Stormshield Data Security.
An icon next to the Security report link may indicate an error or a warning explained in the report, if any. If an error occurs, the security banner will appear in red.
The security report details the algorithms used to encrypt and sign the message.
If the message is signed, the security report also displays:
- The identity of the sender who has signed the message,
- An indication of the level of trust assigned to the sender’s certificate in the upper banner of the report window which indicates:
- The result of the signature's cryptographic verification. The signature is then considered correct or incorrect,
- The results of checks carried out on the sender’s certificate: Stormshield Data Mail checks whether the certificate is valid, is authorized to sign, and does not present any unsupported critical extensions. If it does, the security policy will force the certificate to be rejected.
NOTE
Stormshield Data Mail does not support the verification of the signature of messages signed in PGP format. A message indicating that the signature could not be verified appears in the lower banner.
Replying or forwarding encrypted messages
When you reply one or more recipients of an encrypted message, automatic encryption is automatically selected in the reply message.
This is also the case when forwarding encrypted messages.
Reading secure messages sent as attachments
To be able to read a secure message which is attached to another message (secure or not), you need to drag and drop it to one of the folders of your mailbox.
When receiving e-mails including attachments, Outlook displays the size of the attachments. When the e-mails are encrypted, Outlook always displays “0 bytes”.
Reading a message secured in OpenPGP
Stormshield Data Mail can now decrypt e-mails secured by a mail client that supports the OpenPGP protocol (PGP/MIME format). Decryption keys must be imported into your keyring beforehand in OpenPGP format.
For more information, refer to the SDS Enterprise Administration guide.
Importing an OpenPGP keyring
- Right-click on the SDS Enterprise icon and select Properties.
- In the Configuration tab, double-click on Keyring.
- Select the OpenPGP keyring tab.
- Click on Operations then on Import a keyring.
- Select a file in OpenPGP format (.gpg, .pgpor .asc). The file may contain several keys.
- Enter the password that protects the file.
To delete or replace the keyring, select the menus Delete the keyring or Replace the keyring in the Operations menu.
Replacing a keyring overwrites the existing keyring.
Reading a message secured in OpenPGP
You receive and read messages as you normally would using your messaging software. If an e-mail has been encrypted by its sender, Stormshield Data Mail will decrypt it when you open the e-mail.
If you are not connected to SDS Enterprise, a window appears and prompts you to connect to be able to read the message.
The security of a message encrypted and signed or only signed with the OpenPGP format cannot be disabled.
NOTE
Stormshield Data Mail does not support the verification of the signature of messages signed in PGP format. A message indicating that the signature could not be verified appears in the lower banner.
Reading a message secured in partitioned PGP
¨The Partitioned PGP format is the predecessor of the PGP/MIME format. Both formats rely on the same security mechanisms so the keyring format is the same.
Messages secured in Partitioned PGP are read in the same way as messages in PGP/MIME format.