MDPGP
Contents
OpenPGP is an industry standard protocol for exchanging encrypted data, and there are a variety of OpenPGP plugins for email clients that make it possible for users to send and receive encrypted messages. MDPGP is MDaemon's integrated OpenPGP component that can provide encryption, decryption, and basic key management services for your users without requiring them to use an email client plugin.
MDPGP encrypts and decrypts emails using a public-key/private-key system. To do this, when you wish to use MDPGP to send a private and secure message to someone, MDPGP will encrypt that message using a "key" that you previously obtained from that person (i.e. his "public key") and imported into MDPGP. Conversely, if he wishes to send a private message to you, then he must encrypt the message using your public key, which he obtained from you. Giving the sender your public key is absolutely necessary, because without it he can't send you an OpenPGP encrypted message. Your unique public key must be used to encrypt the message because your unique private key is what MDPGP will use to decrypt the message when it arrives.
In order for MDPGP to manage signing, encrypting, and decrypting messages, it maintains two stores of keys (i.e. keyrings)—one for public keys and one for private keys. MDPGP can generate your users' keys automatically as needed, or you can create them manually for specific users. You can also import keys that were created elsewhere. Further, MDaemon can look for public keys attached to authenticated messages from local users, and then import those keys automatically. That way a user can request a public key from someone and then email that key to himself so that MDPGP will detect it and then import it into the public keyring. MDPGP will never store multiple copies of the same key, but there can be multiple different keys for a single address. Finally, whenever a message arrives for an address that has a key in a keyring, MDPGP will sign, encrypt, or decrypt the message as needed, according to your settings. If an address has multiple keys, MDPGP will use the first one if encrypting the message, or try each one if decrypting it.
You can configure MDPGP's signing and encryption services to operate either automatically or manually. When set to operate automatically, MDPGP will automatically sign and encrypt messages whenever possible. When set to operate manually, MDPGP will only sign or encrypt a message when the sending user inserts a special command into the message's Subject. In any case messages will only be signed or encrypted (or decrypted) when the account has been given permission to use those services.
Enabling MDPGP
Enable MDPGP
MDPGP is disabled by default. Click this checkbox to enable it. Even when enabled, however, MDPGP will still not sign, encrypt, or decrypt any messages until you Configure who can use MDPGP (see below) and create or import keys into its keyrings.
Enable encryption/signing
When MDPGP is enabled, by default messages can be signed and encrypted when the required keys are in the keyring. Disable this option if you do not wish to allow MDPGP to sign or encrypt messages.
|
Messages can be signed without being encrypted, but any message that is encrypted by MDPGP will always be signed as well. |
Enable decryption service
When MDPGP is enabled, by default incoming encrypted messages will be decrypted if the recipient's private key is known and his account is permitted to use the decryption service. Disable this option if you do not wish to allow MDPGP to decrypt any messages, for example if you want all of your users to handle their own decryption via an email client plugin. When disabled, any incoming encrypted message will be handled like a normal message and placed in the recipient's mailbox.
All MDaemon users on this server can use MDPGP
Enable this option if you wish to authorize all of your MDaemon user accounts to use MDPGP to sign, encrypt and/or decrypt messages, depending on the Enable encryption/decryption settings above. This option is disabled by default and not recommended. However, if you choose to enable this option, you can use the Configure who can use MDPGP option below to specifically exclude users whom you do not wish to allow to use MDPGP.
Configure who can use MDPGP
Click this button to open the rules.txt file for configuring user permissions for MDPGP. Using this file you can specify who is allowed to sign messages, encrypt messages, and have messages decrypted. You can also specifically restrict users from these options. For example, you could use the rule "+*@example.com" to allow all example.com users to encrypt messages, but then add "-frank@example.com" to specifically prevent frank@example.com from being able to do so. See the text at the top of the rules.txt file for examples and instructions.
Rules.txt Notes and Syntax
| • | Only SMTP authenticated email from users of this MDaemon server are eligible for encryption service. |
| • | If there is a conflict between the settings in rules.txt and the global "All MDaemon users on this server can use MDPGP" option, the rules.txt setting is used. |
| • | Text after # on a line is ignored. |
| • | Separate multiple email addresses on the same line with a space. |
| • | Wildcards (* and ?) in email addresses are permitted. |
| • | Even though MDPGP encrypted messages are always signed, granting encryption permission to a user doesn't also grant that user permission to sign unencrypted messages. In order to sign an unencrypted message the account must be given signing permission. |
| • | Each email address must be prefixed with one of the following tags: |
+ (plus) - address can use MDPGP encryption service.
- (minus) - address cannot use MDPGP encryption service.
! (exclamation) - address can use MDPGP decryption service.
~ (tilde) - address cannot use MDPGP decryption service.
^ (caret) - address can use MDPGP signing service.
= (equal) - address cannot use MDPGP signing service.
Examples:
+*@* — all users of all domains can encrypt.
!*@* — all users of all domains can decrypt.
^*@* — all users of all domains can sign.
^*@example.com — all users of example.com can sign.
+frank@example.com ~frank@example.com — the user can encrypt but not decrypt.
+GROUP:EncryptingUsers — members of MDaemon's EncryptingUsers group can encrypt
^GROUP:Signers — members of MDaemon's Signers group can sign
Encryption/Signing Modes
Automatic Mode
Use the Settings options to configure MDPGP to sign and encrypt messages automatically for accounts permitted to do so. When an account sends an authenticated message and MDPGP knows the required key, the message will be signed or encrypted according to the settings below.
|
The special Subject codes outlined in the Manual Mode section below always take precedence over the Automatic Mode options. Therefore if one of these options is disabled, an account that is permitted to sign or encrypt messages can still manually cause a message to be signed or encrypted by using one of the codes. |
Settings
Sign mail automatically if sender's private key is known
By default, if an account is allowed to sign messages, MDPGP will sign them automatically if the sending account's private key is known. Disable this option if you do not wish to sign them automatically; messages can still be signed manually by using the special codes outlined in the Manual Mode section below.
Encrypt mail automatically if recipient's public key is known
By default, if an account is allowed to encrypt messages, MDPGP will encrypt them automatically if the recipient's public key is known. Disable this option if you do not wish to encrypt them automatically; messages can still be encrypted manually by using the special codes outlined in the Manual Mode section below.
Encrypt/Sign mail between users of the same domain
When MDPGP is set to encrypt or sign messages automatically, this option causes MDPGP to do this even when messages are sent between users of the same domain, provided the required keys are known. This option is enabled by default.
Encrypt/Sign mail between users of local MDaemon domains
When MDPGP is set to encrypt or sign messages automatically, this option causes MDPGP to do this even when messages are being sent between users of local MDaemon domains, provided the required keys are known. For example, if your MDaemon domains include "example.com" and "example.net," then messages sent between those domains' users will be automatically encrypted or signed. This option is enabled by default.
Encrypt/Sign mail sent to self
When MDPGP is set to encrypt or sign messages automatically, this option would cause MDPGP to do this even when an account is sending a message to itself (e.g. frank@example.com sending to frank@example.com). If the account has permission to use both encryption and decryption then this would effectively cause MDPGP to accept the message, encrypt it, and then immediately decrypt it and place it in the same user's mailbox. If, however, the account wasn't configured for decryption, then this would cause the message to be encrypted and then placed in the same user's mailbox still encrypted. This option is disabled by default.
Manual Mode
When you have disabled the Sign mail automatically... and Encrypt mail automatically... options outlined above, you are using MDPGP in Manual Mode. MDPGP will not sign or encrypt any messages except those that are authenticated and have one of the following codes in the message's Subject header:
--pgps |
Sign this message if possible. Code can be placed at the beginning or end of the Subject. |
--pgpe |
Encrypt this message if possible. Code can be placed at the beginning or end of the Subject. |
--pgpx |
The message MUST be encrypted. If it cannot be encrypted (e.g. because the recipient's key isn't known) then do not deliver it; the message will be bounced/returned to the sender. Code can be placed at the beginning or end of the Subject. |
--pgpk |
Send me my public key. The user places this code at the beginning of the Subject and sends the message to himself. MDPGP will then email the user his public key. |
--pgpk<Email> |
Send me this address' public key. The user places this code at the beginning of the Subject and sends the message to himself. MDPGP will then email the user the address' public key. Example: Subject: --pgpk<frank@example.com> |
Key Management
Public and private keys are managed using the options on the bottom half of the MDPGP dialog. There is an entry for each key, and you can right-click any entry to export the key, delete it, or enable/disable it. When you click Export Key it will be saved to the \MDaemon\Pem\_mdpgp\exports\ folder and you can optionally email the public key to an email address. "Show Local/Remote" and "Filter" options are provided to help you locate certain addresses or groups.
Auto-import public-keys sent from authenticated users
By default, when an authenticated user sends an email message with a public key in ASCII armored format attached, MDPGP will import that public key into the keyring. This is a simple way for a user to get a contact's public key into MDPGP, by emailing the public key to himself as an attachment. Disable this option if you do not wish to auto-import public keys.
Email public-keys when requests are made (--pgpk command)
When this option is enabled, non-local users can request public-keys via email. An email can be sent to your MDaemon server's system account (e.g. MDaemon@example.com) with "--pgpk<email address>" as the subject (e.g. --pgpk<frank@example.com>). If a public-key for <email address> exists it will be emailed back to the requester. This option is disabled by default.
Email details of encryption failures to sender (--pgpe command)
When someone uses the --pgpe command to send encrypted mail and that encryption fails (for example, because no encryption key is found), then this option will cause a notification email to be sent back to the sender informing him or her of the failure. This option is disabled by default, meaning no failure notification message will be sent.
Create keys automatically
Enable this option if you want MDPGP to create a public/private key pair automatically for each MDaemon user. Rather than generate them all at once, however, MDPGP will create them over time, creating each user's key pair the next time a message is processed for that user. This option is disabled by default to conserve resources and avoid needlessly generating keys for accounts that may never use MDPGP.
Key size
Use this option to specify the key size for keys that MDPGP generates. You can set the key size to 1024, 2048, or 4096. The default setting is 2048 bit keys.
Expires in [xx] days (0=never)
Use this option to specify the number of days from creation date that a key generated by MDPGP will be valid before it expires. Set the option to "0" if you do not want keys to expire. The default setting is 0.
Create keys for a specific user
To manually generate a key pair for an account:
| 1. | Click Create keys for a specific user. |
| 2. | Select the account from the drop-down list. |
| 3. | Optional: Check the box Email public key to key owner... if you wish to send the key to the user as an email attachment. |
| 4. | Click Ok. |
Import keys
If you wish to import a key file into MDPGP manually, click this button, locate the key file, and click Open. When importing a private key file, you do not need to import the corresponding public key, as it is included in the private key. If you are importing a private key protected by a passphrase then MDPGP will prompt you to enter the passphrase. Without the passphrase you cannot import the private key. After importing a private key, MDaemon will change that key's passphrase to whichever passphrase MDPGP is currently using.
Change passphrase
Private keys are protected at all times by a passphrase. When attempting to import a private key, you must enter its passphrase. When exporting a private key, that exported key will still be protected by the passphrase, and it cannot be used or imported elsewhere without it. MDPGP's default passphrase is MDaemon. For security reasons you should change this passphrase after you begin using MDPGP, because until you do so, every key created by or successfully imported into MDPGP will have its passphrase set (or changed) to MDaemon. You can change the passphrase at any time by clicking Change passphrase on the MDPGP screen. When you change the passphrase, every private key on the keyring is updated to the new passphrase.
Backup data files
Click this button to make a backup of your current Keyring.private and Keyring.public keyring files. By default the backup files will be copied to: "\MDaemon\Pem\_mdpgp\backups" and have a date and .bak extension appended to the filenames.
|
|
