Key (S/MIME or PGP) encryption
How it works
Key encryption utilizes a public key and a private key. The system works by encrypting email messages using the public key. The messages can then only be decrypted using the private key.
Help me make a quick choice
S/MIME encryption is superior to PGP encryption for a number of reasons.
Advantages
From an administrative and security perspective, S/MIME encryption is particularly good because of its strength, support for centralized key management via X.509 certificate servers, and widespread industry support.
From an end-user perspective, S/MIME technology is preferable because it allows most standard email clients to send and receive encrypted email without the need for additional software.
Disadvantages
From an end-user perspective, PGP is more complicated, requiring additional plug-ins or downloads.
PGP encryption is unavailable in FIPS Mode.
|
Password encryption
How it works
Password encryption creates a password-protected zip archive of the email message.
An 8-36 character password is automatically generated at the time of encryption. The auto-generated password is returned back to the email sender for manual distribution.
If you want added security, you can instead define a passphrase of up to 128 characters.
|
Some zip utilities may not support a password of this length, so you will need to make sure that recipients have a suitable zip package if you choose this option. |
Help me make a quick choice
Password encryption is a good choice if your users need to send email messages to a partner with no PGP or S/MIME capability.
Advantages
- There is no complex setup or administration required. As long as you create an endpoint with the right addresses, password encryption works "out of the box".
- Encrypted email can be sent to partners with no PGP or S/MIME capability.
Disadvantages
-
It is a weaker security technology than S/MIME and PGP.
Stronger password security can be achieved using AES, but it requires recipients to have a zip package that supports AES-256.
- It relies on the password being sent separately by the user to the recipient. However, password-encrypted emails contain a notification for the recipient that they will need the password from the sender to decrypt the message.
- Password encryption is unavailable in FIPS Mode.
Transport Layer Security (TLS) encryption
How it works
Transport Layer Security (TLS) provides a secure, encrypted communications tunnel between two TLS-enabled email servers. Email passes through the TLS communications tunnel without itself being encrypted.
|
|
If you want, you can use both TLS and key or password encryption, but there is more setup and administration involved. |
Help me make a quick choice
TLS is a good choice for two organizations that communicate frequently and wish to exchange confidential data as long as the following statements are true:
- The other organization is able and willing to set up TLS on their
- Both
Advantages
- Each email server authenticates to the other, making it harder to send spoofed email.
- The traffic between the two servers is encrypted, protecting the email content from prying eyes while in transit.
- The encryption of the conversation between the two hosts makes it exceedingly difficult for an attacker to tamper with the email's contents.
Disadvantages
- TLS protects the connection from your
- If your
