12.1 Secure Message Concepts
The security features described in this section are available only if you have installed one of the following security providers:
-
Entrust* 4.0 or Higher: You must install an Entrust client from Entrust Technologies Inc. You must also have an Entrust security certificate issued by your administrator.
-
Microsoft Base Crytographic Provider Version 1.0 or Higher: If you have a Windows 2000 workstation, this is installed when you install Internet Explorer 4.0 or higher. If you have Windows XP installed, it installed by default. You must also obtain a security certificate from an independent Certificate Authority.
-
Microsoft Enhanced Crytographic Provider Version 1.0 or Higher: If you have a Windows 2000 workstation, you must install Microsoft’s Windows 2000 High Encryption Pack before installing Internet Explorer 5.5 or later. You can download this service pack from Microsoft’s Web site. You must also obtain a security certificate from an independent Certificate Authority. If you have Windows XP installed, it installed by default.
Adding Security
You can add security to the items you send by digitally signing them and/or encrypting them. When you digitally sign an item, the recipient is able to verify that the item was not modified en route and that it originated from you. When you encrypt an item, you are able to ensure that the intended recipient is the only one who can read it.
When you sign or encrypt items using GroupWise, the recipients can read the items with any other S/MIME-enabled e-mail product. To find out more about S/MIME and S/MIME products, see S/MIME Central .
Security Certificates
A security certificate is a file that identifies an individual or organization. Before you can send secure items, you must obtain a security certificate. If you are using Entrust, you must use an Entrust certificate. If you are using a Microsoft security provider, use your Web browser to obtain a certificate from an independent Certificate Authority. See the GroupWise Digital Certificate Web page for a list of Certificate Authorities and detailed instructions for obtaining a certificate.
You can also use LDAP to search for a security certificate.
You use your security certificate to digitally sign items you send. You use other users’ public security certificates to verify digitally signed items they send to you.
To encrypt an item and have the recipient user decrypt it, you must have already received the user’s public security certificate. An element of this security certificate, called the public key, is used to encrypt the item. When the recipient opens the encrypted item, it is decrypted with another element from the security certificate, called the private key.
There are two ways to obtain a user’s public security certificate:
-
The user can send you a digitally signed item. When you open the item, you are prompted to add and trust the security certificate.
-
The user can export his or her public certificate, save it to a diskette, and deliver it to you. You then import the public certificate.
Receiving a Secure Item
Secure items are marked in your Item List with the following icons:
Security Service Providers
Depending on the security software you have installed, you can select different security service providers for the items you send. For example, your organization might require you to use one security service provider for work items because of a preferred encryption method, but you might want a different security service provider for sending personal items. The security options available depend on the security service provider you select.
Advanced Information
GroupWise is compatible with the S/MIME version 2 and 3 specification. The security service providers that GroupWise supports have common encryption algorithms such as RC2 and RC4. When digitally signing an item, GroupWise hashes the item into a message digest using the standard algorithm SHA-1. The message digest is distributed with the item being sent.