Cisco Cisco Email Security Appliance C170 User Guide
12-3
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter 12 Cisco IronPortEmail Encryption
Figure 12-1
Encryption Workflow
The basic workflow for opening encrypted messages is:
Step 1
When you configure an encryption profile, you specify the parameters for
message encryption. For an encrypted message, the Email Security appliance
creates and stores a message key on a local key server or on the hosted key service
(Cisco Registered Envelope Service).
message encryption. For an encrypted message, the Email Security appliance
creates and stores a message key on a local key server or on the hosted key service
(Cisco Registered Envelope Service).
Step 2
The recipient opens the secure envelope in a browser.
Step 3
When a recipient opens an encrypted message in a browser, a password may be
required to authenticate the recipient’s identity. The key server returns the
encryption key associated with the message.
required to authenticate the recipient’s identity. The key server returns the
encryption key associated with the message.
Note
When opening an encrypted email message for the first time, the recipient
is required to register with the key service to open the secure envelope.
After registering, the recipient may be able to open encrypted messages
without authenticating, depending on settings configured in the
encryption profile. The encryption profile may specify that a password
isn’t required, but certain features will be unavailable.
is required to register with the key service to open the secure envelope.
After registering, the recipient may be able to open encrypted messages
without authenticating, depending on settings configured in the
encryption profile. The encryption profile may specify that a password
isn’t required, but certain features will be unavailable.
1) Email Security appliance encrypts and
stores message key in key server
stores message key in key server
Key Server or Hosted Key Service
Password
Key
2) User opens secure
envelope in browser
envelope in browser
4) Decrypted message is
displayed.
displayed.
3) User authenticates
and gets message key.
and gets message key.