Encryption And Certificates; Personal Digital Certificates, Digital Signatures, And S/Mime Encryption - Novell GROUPWISE 8 - ADMINISTRATION Administration Manual

Encryption and Certificates

7 5
®
Although GroupWise native encryption is employed throughout your GroupWise system,
additional security measures should be utilized to secure your GroupWise data.
Section 75.1, "Personal Digital Certificates, Digital Signatures, and S/MIME Encryption," on
page 1159
Section 75.2, "Server Certificates and SSL Encryption," on page 1161
Section 75.3, "Trusted Root Certificates and LDAP Authentication," on page 1167
See also Part XVII, "Security Policies," on page
75.1 Personal Digital Certificates, Digital
Signatures, and S/MIME Encryption
If desired, you can implement S/MIME encryption for GroupWise client users by installing various
security providers on users' workstations, including:
Entrust* 4.0 or later (http://www.entrust.com)
Microsoft Base Cryptographic Provider 1.0 or later (included with Internet Explorer 4.0 or
later)
Microsoft Enhanced Cryptographic Provider 1.0 or later (http://www.microsoft.com/windows/
ie/downloads/recommended/128bit/default.asp)
Microsoft Strong Cryptographic Provider (http://www.siliconprairiesc.com/spsckb/EncryptAll/
strong_cryptographic_provider.htm)
Gemplus GemSAFE Card CSP 1.0 or later (http://www.gemplus.com)
Schlumberger Cryptographic Provider (http://www.slb.com)
For additional providers, consult the
partnerguide).
These products enable users to digitally sign and/or encrypt their messages using S/MIME
encryption. When a sender digitally signs a message, the recipient is able to verify that the item was
not modified en route and that it originated from the sender specified. When a sender encrypts a
message, the sender ensures that the intended recipient is the only one who can read it. Digitally
signed and/or encrypted messages are protected as they travel across the Internet, whereas native
GroupWise encryption is removed as messages leave your GroupWise system.
After users have installed the S/MIME security providers on their workstations, you can configure
default functionality for it in ConsoleOne
GroupWise Utilities > Client Options > Send > Security > Secure Item Options). You can specify a
URL from which you want users to obtain their S/MIME certificates. You can require the use of
digital signatures and/or encryption, rather than letting users decide when to use them. You can even
select the encryption algorithm and encryption key size if necessary. For more information, see
Section 69.2.2, "Modifying Send Options," on page
1203.
Novell Partner Product Guide (http://www.novell.com/
®
(Domain, Post Office, or User object > Tools >
1107.
75
Encryption and Certificates 1159