Cross-encrypting secure messages

Cross-encryption makes it possible to update the protection level of secured messages. It consists of re-encrypting with your new key any message encrypted with a former encryption key and by using the default encryption algorithm defined in the user account.

The former encryption key may be out of date for the following reasons:

  • The encryption key has been renewed,
  • The user account has been updated and the encryption key became unusable, For example, when switching from a password account to a smart card account, or when a key is revoked or comes from another encryption system, etc.,
  • The encryption key was sent by a third party, for example when privileges are transferred during the user's transition to a new position.

To cross-encrypt a secured message, the former encryption key is needed in order to decrypt the message first. The key must be in the keycase as a decryption key.

Once the message is cross-encrypted, only the new key is able to decrypt it.

Messages and attachments are cross-encrypted to their original formats: if they are in .sbox, they will remain in .sbox after cross-encryption.

A delegation key cannot be used for cross-encryption because it only allows secured messages to be read.