Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
17-3
Cisco AsyncOS 8.5 for Email User Guide
Chapter 17 Cisco Email Encryption
Encrypting Messages using the Email Security Appliance
Figure 17-1
Encryption Workflow
The basic workflow for opening encrypted messages is:
1.
When you configure an encryption profile, you specify the parameters for message encryption. For
an encrypted message, the Email Security appliance creates and stores a message key on a local key
server or on the hosted key service (Cisco Registered Envelope Service).
an encrypted message, the Email Security appliance creates and stores a message key on a local key
server or on the hosted key service (Cisco Registered Envelope Service).
2.
The recipient opens the secure envelope in a browser.
3.
When a recipient opens an encrypted message in a browser, a password may be required to
authenticate the recipient’s identity. The key server returns the encryption key associated with the
message.
authenticate the recipient’s identity. The key server returns the encryption key associated with the
message.
Note
When opening an encrypted email message for the first time, the recipient is required to register
with the key service to open the secure envelope. After registering, the recipient may be able to
open encrypted messages without authenticating, depending on settings configured in the
encryption profile. The encryption profile may specify that a password isn’t required, but certain
features will be unavailable.
with the key service to open the secure envelope. After registering, the recipient may be able to
open encrypted messages without authenticating, depending on settings configured in the
encryption profile. The encryption profile may specify that a password isn’t required, but certain
features will be unavailable.
4.
The decrypted message is displayed.
Encrypting Messages using the Email Security Appliance
To use encryption with the Email Security appliance, you must configure an encryption profile. You can
enable and configure an encryption profile using the
enable and configure an encryption profile using the
encryptionconfig
CLI command, or via Security
Services > Cisco IronPort Email Encryption in the GUI.
Pass
word
Key
370550
1) Email Security appliance encrypts and
stores message key in key server
stores message key in key server
2) User opens secure
envelope in browser
envelope in browser
3) User authenticates
and gets message key.
and gets message key.
Key Server or Hosted Key Service
4) Decrypted message
is displayed.
is displayed.