MDPGP
Contents
OpenPGP is an industry standard protocol for exchanging encrypted data, and there are a variety of OpenPGP plugins for email clients that make it possible for users to send and receive encrypted messages. MDPGP is MDaemon's integrated OpenPGP component that can provide encryption, decryption, and basic key management services for your users without requiring them to use an email client plugin.
MDPGP encrypts and decrypts emails using a public-key/private-key system. To do this, when you wish to use MDPGP to send a private and secure message to someone, MDPGP will encrypt that message using a "key" that you previously obtained from that person (i.e. his "public key") and imported into MDPGP. Conversely, if he wishes to send a private message to you, then he must encrypt the message using your public key, which he obtained from you. Giving the sender your public key is absolutely necessary, because without it he can't send you an OpenPGP encrypted message. Your unique public key must be used to encrypt the message because your unique private key is what MDPGP will use to decrypt the message when it arrives.
In order for MDPGP to manage signing, encrypting, and decrypting messages, it maintains two stores of keys (i.e. keyrings)—one for public keys and one for private keys. MDPGP can generate your users' keys automatically as needed, or you can create them manually for specific users. You can also import keys that were created elsewhere. Further, MDaemon can look for public keys attached to authenticated messages from local users, and then import those keys automatically. That way a user can request a public key from someone and then email that key to himself so that MDPGP will detect it and then import it into the public keyring. MDPGP will never store multiple copies of the same key, but there can be multiple different keys for a single address. Finally, whenever a message arrives for an address that has a key in a keyring, MDPGP will sign, encrypt, or decrypt the message as needed, according to your settings. If an address has multiple keys, MDPGP will use the one you have designated as the preferred key to encrypt the message. If no preferred key has been designated then MDPGP will use the first one. When decrypting a message MDaemon will try each one.
You can configure MDPGP's signing and encryption services to operate either automatically or manually. When set to operate automatically, MDPGP will automatically sign and encrypt messages whenever possible. When set to operate manually, MDPGP will only sign or encrypt a message when the sending user inserts a special command into the message's Subject. In any case messages will only be signed or encrypted (or decrypted) when the account has been given permission to use those services.
Enabling MDPGP
Enable MDPGP
MDPGP is enabled by default, but it will still not sign, encrypt, or decrypt any messages until you create or import keys into its keyrings, or until you use the option below to set MDPGP to Create keys automatically.
Enable encryption & signing services
By default messages can be signed and encrypted when the required keys are in the keyring. Disable this option if you do not wish to allow MDPGP to sign or encrypt messages.
|
Messages can be signed without being encrypted, but any message that is encrypted by MDPGP will always be signed as well. |
Enable decryption & verification services
By default incoming encrypted messages will be decrypted if the recipient's private key is known. Further, MDPGP will also verify embedded signatures in unencrypted messages. Note, however, that both the recipient and sender must be authorized to use the decryption and verification services, either through the "Authorize all..." options or "Configure exactly who..." option below (everyone is authorized by default). Disable this option if you do not wish to verify embedded signatures or allow MDPGP to decrypt any messages, for example if you want all of your users to handle their own decryption via an email client plugin. When disabled, any incoming encrypted message will be handled like a normal message and placed in the recipient's mailbox.
Collect public-keys from DNS (pka1) and cache for [xx] hours
Enable this option if you want MDPGP to query for message recipient public-keys over DNS using PKA1. This is useful because it automates the process of obtaining some recipients' public keys, preventing you or your users from having to obtain and import them manually in order to send encrypted messages. When PKA1 queries are made, any key URI found is immediately collected, validated, and added to the key-ring. Keys successfully collected and imported to the key-ring using this method are tracked in a file called fetchedkeys.txt, and these keys will automatically expire after the number of hours specified in this option or according to the TTL value of the PKA1 record that referred them, whichever value is greater. Therefore the value specified here is the minimum length of time that a key will be cached. The default value is 12 hours and the lowest value allowed is 1 hour.
|
If you wish to publish your own public-keys to DNS then you must create special TXT records. For example, for the user frank@example.com with the key-id: 0A2B3C4D5E6F7G8H, in the DNS for domain "example.com" you would create a TXT record at "frank._pka.example.com" (replacing the @ in the email address with the string "._pka."). The data for the TXT record would look something like this: "v=pka1; fpr=<key's full fingerprint>; uri=<WorldClient-URL>/WorldClient.dll?view=mdpgp&k=0A2B3C4D5E6F7G8H" where <key's full fingerprint> is the full fingerprint of the key (40 characters long representing the full 20 byte fingerprint value). You can see a key's full fingerprint value by double clicking on the key in the MDPGP GUI. |
Send public-keys over HTTP (WorldClient)
Enable this option if you wish to use WorldClient as a basic public-key server; WorldClient will honor requests for your users' public-keys. The format of the URL to make the request looks like this: "http://<WorldClient-URL>/WorldClient.dll?View=MDPGP&k=<Key-ID>". Where <WorldClient-URL> is the path to your WorldClient server (for example, "http://wc.example.com") and <Key-ID> is the sixteen character key-id of the key you want (for example, "0A1B3C4D5E6F7G8H"). The key-id is constructed from the last 8 bytes of the key fingerprint - 16 characters in total.
Authorize all local MDaemon users for all services
By default all local MDaemon user accounts are authorized to use any of the MDPGP services that you have enabled: signing, encryption, decryption, and verification. If there are specific users whom you do not wish to allow to use one or more of those services, you can use the "Configure exactly who can and can not use MDPGP services" option below to exclude them. Disable this option if you only wish to authorize specific local users. In that case use the "Configure exactly who can and can not use MDPGP services" option below to grant access to whomever you choose.
Authorize all non-local (foreign) users for decrypt/verify services
By default any incoming encrypted message for a local recipient from a non-local sender can be decrypted if MDPGP knows the local recipient's private key. Similarly, MDPGP will verify embedded signatures in incoming messages from non-local users. If there are certain non-local senders whose messages you do not wish to decrypt or verify, then you can use the "Configure exactly who can and can not use MDPGP services" option below to restrict those senders from those services. Disable this option if you do not wish to decrypt messages or verify embedded signatures when the sender is a non-local address. In that case you can still use the "Configure exactly who can and can not use MDPGP services" option below to specify exceptions to that restriction.
Configure exactly who can and can not use MDPGP services
Click this button to open the rules.txt file for configuring user permissions for MDPGP. Using this file you can specify who is allowed to sign messages, encrypt messages, and have messages decrypted. You can also specifically restrict users from these options. For example, you could use the rule "+*@example.com" to allow all example.com users to encrypt messages, but then add "-frank@example.com" to specifically prevent frank@example.com from being able to do so. See the text at the top of the rules.txt file for examples and instructions.
Rules.txt Notes and Syntax
| • | Only SMTP authenticated email from users of this MDaemon server are eligible for encryption service. You can, however, specify non-local addresses that you wish restrict from the encryption service, meaning that MDPGP will not encrypt messages to them, even if the public key is known. |
| • | If there is a conflict between the settings in rules.txt and the global "Authorize all local MDaemon users for all services" option, the rules.txt setting is used. |
| • | If there is a conflict between the settings in rules.txt and the global "Authorize all non-local (foreign) users for decrypt/verify services" option, the rules.txt setting is used. |
| • | Text after # on a line is ignored. |
| • | Separate multiple email addresses on the same line with a space. |
| • | Wildcards (* and ?) in email addresses are permitted. |
| • | Even though MDPGP encrypted messages are always signed, granting encryption permission to a user doesn't also grant that user permission to sign unencrypted messages. In order to sign an unencrypted message the account must be given signing permission. |
| • | Each email address must be prefixed with one of the following tags: |
+ (plus) - address can use MDPGP encryption service.
- (minus) - address cannot use MDPGP encryption service.
! (exclamation) - address can use MDPGP decryption service.
~ (tilde) - address cannot use MDPGP decryption service.
^ (caret) - address can use MDPGP signing service.
= (equal) - address cannot use MDPGP signing service.
$ (dollar) - address can use MDPGP verification service.
& (ampersand) - address cannot use MDPGP verification service.
Examples:
+*@* — all users of all domains can encrypt.
!*@* — all users of all domains can decrypt.
^*@* — all users of all domains can sign.
^*@example.com — all users of example.com can sign.
+frank@example.com ~frank@example.com — the user can encrypt but not decrypt.
+GROUP:EncryptingUsers — members of MDaemon's EncryptingUsers group can encrypt
^GROUP:Signers — members of MDaemon's Signers group can sign
Encryption/Signing Modes
Automatic Mode
Use the Settings options to configure MDPGP to sign and encrypt messages automatically for accounts permitted to do so. When an account sends an authenticated message and MDPGP knows the required key, the message will be signed or encrypted according to the settings below.
|
The special Subject codes outlined in the Manual Mode section below always take precedence over the Automatic Mode options. Therefore if one of these options is disabled, an account that is permitted to sign or encrypt messages can still manually cause a message to be signed or encrypted by using one of the codes. |
Settings
Encrypt mail automatically if recipient's public key is known
By default, if an account is allowed to encrypt messages, MDPGP will encrypt them automatically if the recipient's public key is known. Disable this option if you do not wish to encrypt them automatically; messages can still be encrypted manually by using the special codes outlined in the Manual Mode section below.
Sign mail automatically if sender's private key is known
Click this option if you want MDPGP to sign messages automatically when the sending account's private key is known, if the account is allowed to sign messages. Even when this option is disabled, messages can still be signed manually by using the special codes outlined in the Manual Mode section below.
Encrypt/Sign mail between users of the same domain
When MDPGP is set to encrypt or sign messages automatically, this option causes MDPGP to do this even when messages are sent between users of the same domain, provided the required keys are known. This option is enabled by default.
Encrypt/Sign mail between users of local MDaemon domains
When MDPGP is set to encrypt or sign messages automatically, this option causes MDPGP to do this even when messages are being sent between users of local MDaemon domains, provided the required keys are known. For example, if your MDaemon domains include "example.com" and "example.net," then messages sent between those domains' users will be automatically encrypted or signed. This option is enabled by default.
Encrypt/Sign mail sent to self
When MDPGP is set to encrypt or sign messages automatically, this will be done even when the MDaemon user is sending a message to himself (e.g. frank@example.com sending to frank@example.com). Therefore if the account has permission to use both encryption and decryption (the default settings) then MDPGP will accept the user's message, encrypt it, and then immediately decrypt it and place it in the same user's mailbox. If, however, the account isn't configured for decryption, this will cause the message to be encrypted and then placed in the same user's mailbox still encrypted. This option is enabled by default.
Manual Mode
When you have disabled the Sign mail automatically... and Encrypt mail automatically... options outlined above, you are using MDPGP in Manual Mode. MDPGP will not sign or encrypt any messages except those that are authenticated and have one of the following codes in the message's Subject header:
--pgps |
Sign this message if possible. Code can be placed at the beginning or end of the Subject. |
--pgpe |
Encrypt this message if possible. Code can be placed at the beginning or end of the Subject. |
--pgpx |
The message MUST be encrypted. If it cannot be encrypted (e.g. because the recipient's key isn't known) then do not deliver it; the message will be bounced/returned to the sender. Code can be placed at the beginning or end of the Subject. |
--pgpk |
Send me my public key. The user places this code at the beginning of the Subject and sends the message to himself. MDPGP will then email the user his public key. |
--pgpk<Email> |
Send me this address' public key. The user places this code at the beginning of the Subject and sends the message to himself. MDPGP will then email the user the address' public key. Example: Subject: --pgpk<frank@example.com> |
Key Management
Public and private keys are managed using the options on the bottom half of the MDPGP dialog. There is an entry for each key, and you can right-click any entry to export the key, delete it, or enable/disable it. When you click Export Key it will be saved to the \MDaemon\Pem\_mdpgp\exports\ folder and you can optionally email the public key to an email address. "Show Local/Remote" and "Filter" options are provided to help you locate certain addresses or groups.
Email public-keys when requests are made (--pgpk command)
When this option is enabled, non-local users can request public-keys via email. An email can be sent to your MDaemon server's system account (e.g. MDaemon@example.com) with "--pgpk<email address>" as the subject (e.g. --pgpk<frank@example.com>). If a public-key for <email address> exists it will be emailed back to the requester. This option is disabled by default.
Email details of encryption failures to sender (--pgpe command)
When someone uses the --pgpe command to send encrypted mail and that encryption fails (for example, because no encryption key is found), then this option will cause a notification email to be sent back to the sender informing him or her of the failure. This option is disabled by default, meaning no failure notification message will be sent.
Auto-import public-keys sent from authenticated users
By default, when an authenticated user sends an email message with a public key in ASCII armored format attached, MDPGP will import that public key into the keyring. This is a simple way for a user to get a contact's public key into MDPGP, by emailing the public key to himself as an attachment. Disable this option if you do not wish to auto-import public keys.
Create keys automatically
Enable this option if you want MDPGP to create a public/private key pair automatically for each MDaemon user. Rather than generate them all at once, however, MDPGP will create them over time, creating each user's key pair the next time a message is processed for that user. This option is disabled by default to conserve resources and avoid needlessly generating keys for accounts that may never use MDPGP.
Key size
Use this option to specify the key size for keys that MDPGP generates. You can set the key size to 1024, 2048, or 4096. The default setting is 2048 bit keys.
Expires in [xx] days (0=never)
Use this option to specify the number of days from creation date that a key generated by MDPGP will be valid before it expires. Set the option to "0" if you do not want keys to expire. The default setting is 0.
Create keys for a specific user
To manually generate a key pair for an account:
| 1. | Click Create keys for a specific user. |
| 2. | Select the account from the drop-down list. |
| 3. | Optional: Check the box Email public key to key owner... if you wish to send the key to the user as an email attachment. |
| 4. | Click Ok. |
Import keys
If you wish to import a key file into MDPGP manually, click this button, locate the key file, and click Open. When importing a private key file, you do not need to import the corresponding public key, as it is included in the private key. If you are importing a private key protected by a passphrase then MDPGP will prompt you to enter the passphrase. Without the passphrase you cannot import the private key. After importing a private key, MDaemon will change that key's passphrase to whichever passphrase MDPGP is currently using.
Change passphrase
Private keys are protected at all times by a passphrase. When attempting to import a private key, you must enter its passphrase. When exporting a private key, that exported key will still be protected by the passphrase, and it cannot be used or imported elsewhere without it. MDPGP's default passphrase is MDaemon. For security reasons you should change this passphrase after you begin using MDPGP, because until you do so, every key created by or successfully imported into MDPGP will have its passphrase set (or changed) to MDaemon. You can change the passphrase at any time by clicking Change passphrase on the MDPGP screen. When you change the passphrase, every private key on the keyring is updated to the new passphrase.
Backup data files
Click this button to make a backup of your current Keyring.private and Keyring.public keyring files. By default the backup files will be copied to: "\MDaemon\Pem\_mdpgp\backups" and have a date and .bak extension appended to the filenames.
|
|
