Question

2
Replies
603
Views
Close popover
Vishal Aswale (VishalAswale)
Infosys

Infosys
IN
View Profile Send Message
VishalAswale Member since 2014 9 posts
Infosys
Posted: August 6, 2019
Last activity: August 20, 2019
Closed

Sending encrypted emails

Hi Team,

We have a requirement to send out encrypted emails. I was referring a link for configuring the rules required for encryption.

https://community.pega.com/knowledgebase/articles/sending-encrypted-email

here we have a decision table(pyEmailCertificateMap) to configure the email address and keystore instance and alias.

  • Email Address – Specify the email address of the intended recipient of the encrypted message.
  • Keystore Instance – Specify the keystore instance that you want to use for encryption.
  • Keystore Alias – Specify the keystore alias for the email address

The email address mentioned here is it the recipient. Is it a sender email address or recipent?

In our application we send notification to the workbasket, so we do not have a single recipient. Also our recipients are not a fixed users. They may change, so how do we configure the keystore.

Enterprise Application Development Dev/Designer Studio Case Management Data Integration Security
Close popover
Moderation Team has archived post,
Close popover This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.
Posted: 1 year ago
Close popover
John Pritchard-Williams (JOHNPW_GCS)
PEGA
Client Support Team Lead
Pegasystems Inc.
GB
View Profile Send Message

In order to send out s/mime encrypted emails (from any system, this is not unique to PRPC) - you will need one Certificate for every recipient you wish to send a message to.


The Certificate has to be provided by the recipient ; and the recipient keeps hold of the corresponding Private Key (which is needed to *decrypt* any incoming emails).


So in PRPC; you will need to load a PRPC keystore with all the Certificates from all the recipients you wish to send encrypted emails to the decision table.


The main thing to note here: It is the Recipient *owns* the Private Key, and provides the Sender with a Public Certificate. Just to emphasize this:


You as the sender are *unable* to decrypt a message you encrypted; *only* the receiver (the owner of the corresponding private key) can do this. 


In your brief description of a 'pool' of users (which changes over time); you will need to get each of these users to generate / provide their Certificates to you; rather than you providing the Certificates.


If you (as the Sender) want to control the Certificates and hand out the Private key to multiple users - defeats the purpose of encrypting the emails in the first place. (I would say).


Note: don't confuse email encryption (which encrypts the *contents* of the email) with end-to-end encryption (which encrypts the message *in-transit*).


If your goal is to keep the emails secret from anybody sniffing the network - then just make sure you are using a secure protocol (SMTP over SSL) to do this.


If your goal is to keep the email secret with the user on the other side; then handing out a single Private Key to a big group of changing user population isn't going to work. (You lose control over the Private key for one - so if a user leaves the pool - you have no way of revoking this key for instance).


I hope this helps?


 


 


 


 

Posted: 1 year ago
Close popover
Vishal Aswale (VishalAswale)
Infosys

Infosys
IN
View Profile Send Message

Thanks John, 


One question here i have is we have a PKI certificates which can be used to send encrypted emails to any user from my outlook.


So why is the recipient certificate required in pega for sending out the encrypted emails.


Thanks and regards,


Vishal  
Share this page Share via LinkedIn Copying...
Copied!