Cisco Cisco Email Security Appliance C160 Guía Del Usuario
16-3
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 16 Cisco Email Encryption
Encrypting Messages using the Email Security Appliance
Figure 16-1
Encryption Workflow
The basic workflow for opening encrypted messages is:
1.
When you configure an encryption profile, you specify the parameters for message encryption. For
an encrypted message, the Email Security appliance creates and stores a message key on a local key
server or on the hosted key service (Cisco Registered Envelope Service).
an encrypted message, the Email Security appliance creates and stores a message key on a local key
server or on the hosted key service (Cisco Registered Envelope Service).
2.
The recipient opens the secure envelope in a browser.
3.
When a recipient opens an encrypted message in a browser, a password may be required to
authenticate the recipient’s identity. The key server returns the encryption key associated with the
message.
authenticate the recipient’s identity. The key server returns the encryption key associated with the
message.
Note
When opening an encrypted email message for the first time, the recipient is required to register
with the key service to open the secure envelope. After registering, the recipient may be able to
open encrypted messages without authenticating, depending on settings configured in the
encryption profile. The encryption profile may specify that a password isn’t required, but certain
features will be unavailable.
with the key service to open the secure envelope. After registering, the recipient may be able to
open encrypted messages without authenticating, depending on settings configured in the
encryption profile. The encryption profile may specify that a password isn’t required, but certain
features will be unavailable.
4.
The decrypted message is displayed.
Encrypting Messages using the Email Security Appliance
To use encryption with the Email Security appliance, you must configure an encryption profile. You can
enable and configure an encryption profile using the
enable and configure an encryption profile using the
encryptionconfig
CLI command, or via Security
Services > IronPort Email Encryption in the GUI.
1) Email Security appliance encrypts and
stores message key in key server
stores message key in key server
Key Server or Hosted Key Service
Password
Key
2) User opens secure
envelope in browser
envelope in browser
4) Decrypted message is
displayed.
displayed.
3) User authenticates
and gets message key.
and gets message key.