Cisco Cisco Email Security Appliance C160 Mode D'Emploi

The basic workflow for opening encrypted messages is:

When you configure an encryption profile, you specify the parameters for message encryption. For 
an encrypted message, the Email Security appliance creates and stores a message key on a local key 
server or on the hosted key service (Cisco Registered Envelope Service). 

The recipient opens the secure envelope in a browser.

When a recipient opens an encrypted message in a browser, a password may be required to 
authenticate the recipient’s identity. The key server returns the encryption key associated with the 
message. 

When opening an encrypted email message for the first time, the recipient is required to register 
with the key service to open the secure envelope. After registering, the recipient may be able to 
open encrypted messages without authenticating, depending on settings configured in the 
encryption profile. The encryption profile may specify that a password isn’t required, but certain 
features will be unavailable.

The decrypted message is displayed. 

To use encryption with the Email Security appliance, you must configure an encryption profile. You can 
enable and configure an encryption profile using the 

encryptionconfig

 CLI command, or via Security 

Services > IronPort Email Encryption in the GUI.

1) Email Security appliance encrypts and 
stores message key in key server

Key Server or Hosted Key Service

Password

Key

2) User opens secure 
envelope in browser

4) Decrypted message is 
displayed.

3) User authenticates 
and gets message key.