Encryption And Certificates - Novell GROUPWISE 7 - SECURITY ADMINISTRATION Manual

Encryption and Certificates

7 1
®
Although GroupWise native encryption is employed throughout your GroupWise system,
additional security measures should be utilized to secure your GroupWise data.
Section 71.1, "Personal Digital Certificates, Digital Signatures, and S/MIME Encryption," on
page 1117
Section 71.2, "Server Certificates and SSL Encryption," on page 1119
Section 71.3, "Trusted Root Certificates and LDAP Authentication," on page 1123
See also Part XVI, "Security Policies," on page
71.1 Personal Digital Certificates, Digital
Signatures,
and S/MIME Encryption
If desired, you can implement S/MIME encryption for GroupWise client users by installing various
security providers on users' workstations, including:
Entrust* 4.0 or later (http://www.entrust.com)
Microsoft Base Cryptographic Provider 1.0 or later (included with Internet Explorer 4.0 or
later)
Microsoft Enhanced Cryptographic Provider 1.0 or later (http://www.microsoft.com/windows/
ie/downloads/recommended/128bit/default.asp)
Microsoft Strong Cryptographic Provider (http://www.siliconprairiesc.com/spsckb/EncryptAll/
strong_cryptographic_provider.htm)
Gemplus GemSAFE Card CSP 1.0 or later (http://www.gemplus.com)
Schlumberger Cryptographic Provider (http://www.slb.com)
For additional providers, consult the
partnerguide).
These products enable users to digitally sign and/or encrypt their messages using S/MIME
encryption. When a sender digitally signs a message, the recipient is able to verify that the item was
not modified en route and that it originated from the sender specified. When a sender encrypts a
message, the sender ensures that the intended recipient is the only one who can read it. Digitally
signed and/or encrypted messages are protected as they travel across the Internet, whereas native
GroupWise encryption is removed as messages leave your GroupWise system.
After users have installed the S/MIME security providers on their workstations, you can configure
default functionality for it in ConsoleOne
GroupWise Utilities > Client Options > Send > Security). You can specify a URL from which you
want users to obtain their S/MIME certificates. You can require the use of digital signatures and/or
encryption, rather than letting users decide when to use them. You can even select the encryption
algorithm and encryption key size if necessary. For more information, see
"Modifying Send Options," on page
1159.
Novell Partner Product Guide (http://www.novell.com/
®
(Domain, Post Office, or User object > Tools >
1062.
Section 65.2.2,
Encryption and Certificates
71
1117