Open with table of contents

Share keys with external partners

You can allow the request and provision of your company’s public keys to external partners, therefore providing a mechanism for encrypted email exchange, by using the Gateway Mail Initiated Key Exchange feature. With this feature you can:

• Provide public keys for a specific email address within your organization to an external partner when they submit an email request to a defined Responder Address.

The key responder will process successful requests using the following rules:

• Only the corporate store will be searched for matches.
• Only public keys where a private key part exists will be sent. The private key will not be sent.
• If multiple matches exist, the active key with the latest valid from value will be sent.

How do I...

• Enable and configure Mail Initiated Key Exchange?

  1. From the Home page, click System > Encryption > Mail Initiated Key Exchange.

     The Mail Initiated Key Exchange page is displayed.

  2. Configure the options as required.

     Responder Address Provide an email address to be used for key provision. This is the address that users will send key request to. We recommend that you use a specific address for this purpose. For example, MIKE@MyCompany.com. Reply Address Provide an email address that will be used to prevent non-delivery email loops. This is the address MIKE will use to send key replies. The address should exist on your company mail server but should not auto-respond. Typically, this could be the Gateway Administrator email address.

• Communicate the steps required to obtain my organizations keys to an external partner?

  You can download a template file containing instructions from key share instructions.

  Depending on your organization's policy, you can publish these instructions on, for example, your company website.

See also...

• Email encryption overview
• Deployment scenarios outbound
• Deployment scenarios inbound