mkryptor allows you to easily send secure emails. This document will give you a technical overview of how. mkryptor is a software product from

Similar documents
Secure Frequently Asked Questions

Secure User Guide

Secur User Guide

Secure Mail Message Retrieval Instructions

User Guide - Table of Contents

Options for encrypted communication with AUDI AG Version of: 31 May 2011

1 Outlook Web Access. 1.1 Outlook Web Access (OWA) Foundation IT Written approximately Dec 2010

How to make the s you Send with Outlook and Exchange Appear to Originate from Different Addresses

Using WinGate 6 . Concepts, Features, and Configurations.

NeoMail Guide. Neotel (Pty) Ltd

SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

Spambrella SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

Secure User Guide. Guidance for Recipients of Secure Messages from Lloyds Banking Group

Receiving Secure from Citi For External Customers and Business Partners

Clearswift Information Governance

Sutter Health. Send It / Secure It / Control It Cloud based data exchange for business. For more information / info@datamotioncorp.

Aloaha Mail and Archive

INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v ONWARDS)

U.S. Bank Secure Mail

UC Irvine Health Secure Mail Message Center

Server Software Installation Guide

Barracuda User Guide. Managing your Spam Quarantine

enicq 5 System Administrator s Guide

Using over FleetBroadband

Administrator Guide. v 11

Creating a Content Group and assigning the Encrypt action to the Group.

Service Overview & Installation Guide

Vodafone Hosted Services. Getting your . User guide

Outlook 2010 Setup Guide (POP3)

HMRC Secure Electronic Transfer (SET)

Ciphermail Gateway PDF Encryption Setup Guide

How To Secure Mail Delivery

Djigzo encryption. Djigzo white paper

E Mail Encryption End User Guide

GFI White Paper: GFI FaxMaker and HIPAA compliance

CIPHERMAIL ENCRYPTION. CipherMail white paper

Basic Exchange Setup Guide

Novar Database Mail Setup Guidelines

How to Pop to Outlook

Using etoken for Securing s Using Outlook and Outlook Express

Pragmatic Version Control

Version 1.7. Inbound Integration (POP3 and IMAP) Installation, Configuration and User Guide. Last updated October 2011

March PGP White Paper. Transport Layer Security (TLS) & Encryption: Complementary Security Tools

Bridging People and Process. Bridging People and Process. Bridging People and Process. Bridging People and Process

F-Secure Messaging Security Gateway. Deployment Guide

User Guide. You will be presented with a login screen which will ask you for your username and password.

Frequently Asked Questions

Talk Internet User Guides Controlgate Administrative User Guide

DJIGZO ENCRYPTION. Djigzo white paper

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

OutDisk 4.0 FTP FTP for Users using Microsoft Windows and/or Microsoft Outlook. 5/1/ Encryptomatic LLC

Technical White Paper BlackBerry Enterprise Server

FileCloud Security FAQ

End-to-End Encryption for Everybody?

Secure Retrieval (First Time)

Quick Start Guide Sendio Hosted

Okta/Dropbox Active Directory Integration Guide

MelbourneOnline Hosted Exchange Setup

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

PaperClip. em4 Cloud Client. Manual Setup Guide

Security Considerations

Secure Mail Registration and Viewing Procedures

White paper. Why Encrypt? Securing without compromising communications

Secure User Guide

WaveWare Technologies, Inc. We Deliver Information at the Speed of Light

Hushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications

redcoal SMS for MS Outlook and Lotus Notes

8.7. NET SatisFAXtion Gateway Installation Guide. For NET SatisFAXtion 8.7. Contents

Using Avaya Aura Messaging

Tax and Accounting Document Delivery

Optus SMS for MS Outlook and Lotus Notes

8.6. NET SatisFAXtion Gateway Installation Guide. For NET SatisFAXtion 8.6. Contents

How To Send Mail From A Macbook Access To A Pc Or Ipad With A Password Protected Address (Monroe Access) On A Pc (For Macbook) Or Ipa (For Ipa) On Pc Or Macbook (For

Ciphermail for BlackBerry Quick Start Guide

Setting up Microsoft Office 365

User guide Business Internet features

NODE4 SERVICE DESK SYSTEM

RPost Outlook Quick Start Guide

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4

Business Case for Voltage Secur Mobile Edition

Sticky Password 7. Sticky Password 7 is the latest, most advanced, portable, cross platform version of the powerful yet

CREATING YOUR ONLINE PRESENCE

DATA PROTECTION. OneWorld Encrypted Messages USER GUIDE

Division of Information Technology Lehman College CUNY

FileMaker Security Guide The Key to Securing Your Apps

Configuring an Client to Connect to CASS Mail Servers

BASIC CLASSWEB.LINK INSTALLATION MANUAL

Shipping Services Files (SSF) Secure File Transmission Account Setup

Server Installation ZENworks Mobile Management 2.7.x August 2013

Bank of Hawaii Protecting Confidential . What's in this User Guide

Training module 2 Installing VMware View

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Versions Addressed: Microsoft Office Outlook 2010/2013. Document Updated: Copyright 2014 Smarsh, Inc. All right reserved

Migration Manual (For Outlook 2010)

How to configure Mac OS X Server

RemotelyAnywhere. Security Considerations

Wayland Student & Adjunct Account Instructions

Transcription:

Technical Overview

mkryptor allows you to easily send secure emails. This document will give you a technical overview of how. mkryptor is a software product from

Contents What is mkryptor? 1 Mkryptor VS other technologies 2 Wait, what about SMTPS / SSL / TLS? 3 Mkryptor key technologies 4 PDF with AES Encryption 5 What about attachments? 5 Other options 5 Known Facts 6 Adding Known Facts to messages 7 Special tags / facts 8 Storing / re-using Known Facts 8 Where does mkryptor sit in my infrastructure? 9 Load balancing / redundancy 10 Selective Routing 10 What about replies? 11 Can a recipient choose their own password / facts? 13 Do you offer a cloud service? 14 What branding options do I have? 15 Contact and further reading 16 Technical Overview Page i www.mkryptor.com

What is mkryptor? As the connected world becomes ever more conscious of data security in government, industry and our homes - One area of digital life remains completely insecure and easy to hack: email. In 1982, when SMTP email first came in to use, Internet security and privacy was not a consideration. There have been a few attempts to solve the issue over the years, but none have had what it takes for wide-scale adoption, primarily because they were too complicated to use. Now there is mkryptor a simple to use system that makes your private email private. And what s more it does it using your ordinary email system and without all the fuss and technological know-how required of other such systems. mkryptor has been designed for real people with ordinary computers and average skills. Importantly, we ve come up with a solution which needs no special software at either end, meaning that you can access mkrypted emails from any device desktop, laptop, tablet or smart phone. This document is a technology overview, so rather than just telling you what it does and how easy it is to use, instead we re going to concentrate on how it actually works Technical Overview Page 1 of 16 www.mkryptor.com

Mkryptor VS other technologies Email encryption is not a new concept, A few specialist organisations like the military, security forces, parts of government and several areas of civilian business have been using encryption software for years. The drawback with existing products however, is that they re complicated, time-consuming, and difficult to use. Let s first look at the alternatives, then we ll start to examine how mkryptor does things differently There are 2 types of email encryption on the market: Type 1 PGP keys, X509 certificate public/private key pairs and/or a password have to be shared before messages can be exchanged. Often special software must be installed by both the sender and recipient. This is far beyond the capabilities and understanding of the average user. Even if used in a closed environment where all senders/recipients are known to each other, there is still a complex management overhead. Type 2 Messages are stored on a web platform. Recipients must be registered before they can view messages. When a secure message is created, the recipient gets an email to tell them that a secure message is waiting for them. They then have to access the web platform and log-in to retrieve the message. This is not email and it is not convenient. It is just a glorified document storage platform. Mkryptor can be considered type 3. It does away with all of this complexity. There is no exchange of keys or pre-registration required, and the message ends up in the recipient s email inbox, where it is supposed to be. There are 2 key components to how mkryptor works: Known Facts; and PDF with AES Technical Overview Page 2 of 16 www.mkryptor.com

Wait, what about SMTPS / SSL / TLS? SMTPS, a method of securing SMTP with Transport Layer Security (TLS) came in to use around 1997. It is used for securing the SMTP transmission between 2 computers (i.e., point-to-point). The problem with email is that it can pass through many, many points between sender and recipient, with each point being managed by different entities. There is no way to know which of these points is / isn t protected by SMTPS. In addition to this, the message contents can still be read by any of the intermediate points, as the content is still clear text. In summary, SMTPS cannot provide end-to-end security and so does not solve the problem. Technical Overview Page 3 of 16 www.mkryptor.com

Mkryptor key technologies There are 2 key technologies used by mkryptor to send secure messages. These are: Portable Document Format (PDF) with AES encryption Known Facts We will examine these in detail over the next sections Technical Overview Page 4 of 16 www.mkryptor.com

PDF with AES Encryption Why would you invent a new proprietary technology when a suitable open standard already exists? You wouldn t, and neither would we. It s just common sense. And that is why mkryptor uses standard PDF documents for its payload. Although not known by many, the PDF specification provides for various levels of encryption including, since 2008, AES 256, the de-facto standard for encryption preferred by military, government and security agencies throughout the world. What s more, PDF readers are built into nearly all new computers and smart-phones, or ship as part of standard software packages. And PDF files are understood by all mailing systems and firewalls. PDFs have become so much a part of normal digital life, that they are understood by almost everyone. When you send an email through mkryptor, it takes the message body, converts it to a PDF, encrypts it and adds that PDF to the email as an attachment. What about attachments? Another little-known feature of PDF is that it supports file attachments. So any files that were attached to the original email will be stripped off and added in to the encrypted PDF payload. These attachments are shown at the top of the PDF. They can be opened or extracted, just as they could be from an ordinary email. Not all PDF readers support attachments, but the most popular do, such as Adobe Reader, which is the most common desktop reader. There are also PDF readers available for most mobile operating systems that will support attachments. Other options While there is rarely any need to stray from the default set-up, mkryptor does offer some alternatives should you find a need them... You can use encrypted ZIP (AES 256, 128) as an alternative to PDF payload You can also change the level of encryption used in the PDF (e.g., AES 128, RC128, etc.) Any of these options can be set as a default, or can be overridden for an individual message. Technical Overview Page 5 of 16 www.mkryptor.com

Known Facts So we ve seen that mkryptor converts the payload to an encrypted PDF. But to open that PDF you would need a password, and we said that you didn t need to exchange passwords / keys with a recipient before sending them a message. This is where Known facts come in to play Essentially Known Facts are questions, with answers, that are used to create a password. When the recipient gets their email they ll be shown the questions and told which characters of the answers make up the password. Mkryptor randomly grabs sections of each answer and combines them together in a random order to form a password. Known Facts can be absolutely anything that the recipient will know the answer to. They are free text. Obviously there is some art to choosing what to use as a known fact. For some guidance see the support article What makes a good Known Fact? on support.freshskies.com ## Cat s name : Tiddles ## City of birth : London ## Name of highschool : Dean Stanley ondeansttid To keep things simple for the recipient, certain transforms are applied to the password: All text is converted to lower-case All spaces are removed Dates are converted to the format DDMMYYYY (can be changed in regional settings) Mkryptor chooses a length for the password at random. By default it will be between 8 and 32 characters, but this can be changed in the configuration. You can add as many Known Facts to a message as you like. We recommend between 2 and 4 Technical Overview Page 6 of 16 www.mkryptor.com

These instructions are conveyed to the recipient in the outer email (also called the cover message), in a similar manner to the example below: Figure 1 - Example of a cover email Adding Known Facts to messages Known Facts are just text. You type them at the top of an email that you want to encrypt. Because of this you can use any email client, including smart-phones, etc. Known facts must be written one per line and, in the format: ## <question> : <answer> Spaces after the ## and before/after the : are optional (they will be ignored). You can add as many different facts as you like, but we recommend between 2 and 4 (the more you have the greater the complexity of the password) The ## is used as a special tag. When mkryptor sees a line beginning with this tag it knows it is an instruction it should parse. You can use any text you like for the <question> and <answer>. E.g: ## Cat s name : Tiddles ## City of birth : London Hi Dave, The combination for the lock on the crown jewels is 7, 5, 4, 2. Joe. Technical Overview Page 7 of 16 www.mkryptor.com

Special tags / facts In addition to just Known Facts, mkryptor will also recognise certain keywords (preceded by ##). These can perform a variety of functions, such as overriding encryption methods, adding a watermark to the PDF, using stored facts, etc. These special tags are detailed in the user-guide and in the support article on support.freshskies.com titled Tags reference. Storing / re-using Known Facts If you are sending to the same people on a regular basis you wouldn t want to have to type in known facts every time that you want to send them an encrypted email. This is why with mkryptor business+ and enterprise editions, known facts can be automatically stored to a database the first time a message is sent. The database can be either an XML file on the mkryptor server or a Microsoft SQL Server database. To tell mkryptor to use stored facts when sending an encrypted message, simply add the special tag ##encrypt to the top of the email. When mkryptor sees a message with the ##encrypt tag in, it will look in the database for any stored facts for the email address(es) and use them to mkrypt the message. If no facts are found, the message will be returned to the sender. Note: It is possible to set mkryptor to always encrypt a message when known facts exist in the database. This can be set for the organisation as a whole, or on an individual address basis. Usually though we find that most people like to use ##encrypt, to give them the option. It is also possible to add known facts directly to the database, before a message is sent. This is useful in situations such as when taking on a new client a secretary can pre-add facts as part of the new-client set-up. This is also detailed in the user guide. Technical Overview Page 8 of 16 www.mkryptor.com

Where does mkryptor sit in my infrastructure? Mkryptor is an SMTP smart host. It is installed as a Microsoft Windows service and can live anywhere within your network (including on the same machine as your mail server). Because mkryptor is just an SMTP smart host it will work with pretty much any email server or in any email setup. There are various ways to incorporate it into your email infrastructure. The normal place would be after your mail server, i.e., all messages coming out of your mail server are passed through mkryptor: Mkryptor does not affect messages that are not marked for encryption (i.e., don t have any Known Facts / tags). Those messages will simply pass-through. Because of this it is safe to pass all outbound messages through the mkryptor server. Mkryptor can understand SMTPS (SSL & TLS) and supports all the normal methods for SMTP authentication, so if you want to secure the link between your email server and mkryptor then this is very simple to achieve. An alternative scenario used by some is to have the email client (desktop, phone, PDA, etc.) use mkryptor as its outbound SMTP server, then have mkryptor send the (mkrypted) message onwards to the mail server for delivery. This can even be configured on a per user / domain basis (i.e., send Bob s messages to Server A and Susan s to Server B) For further information and guidance with installing mkryptor, see the mkryptor installation section of support.freshskies.com Mailserver Internet Technical Overview Page 9 of 16 www.mkryptor.com

Load balancing / redundancy You can have any number of mkryptor servers working together to provide load-balancing and redundancy. Again, because mkryptor uses standard SMTP, it will work with any equipment capable of load balancing SMTP. Also most mail servers support using multiple smart hosts for outbound mail. For mkryptor business+ and enterprise editions each mkryptor server will need to have access to the same Known Facts database (i.e., shared XML file or SQL Server database). Selective Routing It is safe to pass all messages through mkryptor (it doesn t do anything to messages not marked for encryption). However, if you have high volumes of email, with only a small percentage of that mail requiring encryption, then you can choose to selectively route only those messages requiring encryption through mkryptor. This can be achieved with the normal filtering and [SMTP] routing rules of your email server. For instance you could add a rule that sends any messages containing the text ## in the body to go via the mkryptor route and all other messages to go via a direct route. Some customers even like to have messages with ## in the body to go to mkryptor, then have mkryptor pass the encrypted version of the message back to the mail server, which delivers it via the standard route. Mailserver Internet Technical Overview Page 10 of 16 www.mkryptor.com

What about replies? It s all well and good being able to send information securely and confidentially to recipients, but what if they want to reply? You cannot expect all your recipients to have mkryptor, so we have added a way that they can reply without any software. To facilitate secure replies, we provide an auxiliary service called mkryptor satellite server (available with Business+ and Enterprise editions only). This is a small web app. It can be added as a virtual directory to your normal company website (e.g., www.yourcompany.com/satellite), or as a totally standalone site. Note: If you do not wish to install your own satellite server instance, mkryptor provide a cloud service at https://www.mkryptor.com/ satellite Mailserver In the secure PDF there is a Secure reply button that the user clicks. This will open a web browser to the satellite secure reply page (SSL secured). From address, to address and subject are all pre-filled with details from the original message. The user types their reply in the box and clicks send. The satellite service will then create an encrypted package and transmit it to your mkryptor server in one of 2 ways: Via HTTP Mkryptor server can listen on a special http satellite communication port (port number can be set in configuration). The satellite service can talk to mkryptor over this channel. This HTTP method has the advantage of 2-way communication, which can provide delivery feedback to the satellite service, as well as enabling extra functions for the user such as changing their stored known facts and password, etc. This is the recommended method. Technical Overview Page 11 of 16 www.mkryptor.com

Note that mkryptor encrypts all traffic using AES256, so HTTPS is not required (but can be used). Via SMTP The satellite service creates an email containing the encrypted blob of data as the body. This email is then sent to a special mailbox (set in the configuration) that the mkryptor server can read. The message can travel in through your normal email system. The only real advantage of this method is if you are using the mkryptor cloud satellite service and you do not want to open up a new firewall port. Because there is no 2-way communication, some functions of the satellite service will be disabled. Once the mkryptor server receives the message from the satellite service, it will decrypt it, convert it into an email and deliver it to the mailbox of the intended recipient (via your standard SMTP mail connector). The reply can be delivered as an mkrypted PDF or, if your mkryptor server has a secure link to your mail server, it can be delivered as clear text. The easiest to use for your staff is to have mkryptor deliver the reply to their mailbox as clear text. If this is not feasible then each member of staff will set their own password for opening secure replies this is set the first time they send an mkrypted message, using the ##MyPassword special tag. Technical Overview Page 12 of 16 www.mkryptor.com

Can a recipient choose their own password / facts? As a recipient, if you re receiving regular messages from the same sender(s), it could eventually become tedious having to work out the correct answer to your Known facts questions each time (especially as mkryptor randomises the order of the questions, answers and the length of the password each time). To solve this we give the user the option to choose their own password and / or update the facts stored for them in your Known Facts database. This is achieved with the help of the satellite service (see What about replies? earlier in this document) and is only available for Business+ and Enterprise edition. In the Secure PDF there is a button for Change Password. If the user clicks this they will be taken to the Change Password page of the satellite service. Note: Unlike Known Facts, user passwords are case-sensitive. When setting a password it must meet some minimum complexity requirements. These can be altered in your configuration, but by default require a minimum of 8 characters with at least 1 upper-case letter and 1 number. The satellite service will communicate securely with the mkryptor server to update the Known Facts database. The user will receive a notification via email to confirm their changes. Password changes only affect future messages. Passwords for messages already sent are set in the PDF and cannot be changed. Technical Overview Page 13 of 16 www.mkryptor.com

Do you offer a cloud service? More and more businesses are taking advantage of cloud platforms for running many of their services. And why not, cloud services have many advantages in cost, ease of setup and scalability. Fresh skies also offer mkryptor as a cloud service. Using the cloud service is virtually the same as having your own local install (minus the requirement for a server or installing software). You simply point your mail server / mail clients to the mkryptor cloud SMTP smart host servers, rather than to a local mkryptor SMTP smart host. See Where does mkryptor sit in my infrastructure? for more info. Mkryptor cloud offers all the benefits of Business+ edition, but for a small monthly cost (priced per user). See www.freshskies.com for more information. Technical Overview Page 14 of 16 www.mkryptor.com

What branding options do I have? When you install mkryptor, the cover messages for your mkrypted emails will have mkryptor branding on them. These can easily be changed to match your own company branding. All the cover messages are stored as HTML templates. By simply changing a couple of images and some colours you can quickly modify them to match your own brand. Of course if you really want to you can go all-out and totally re-design them! For further info on how to set branding on your messages see the article titled How do I customise email templates? on support.freshskies.com As well as email templates, you can also set the branding for the satellite service web site. This uses standard CSS 3.0 style sheets and with a few tweaks you can have it looking just the way you want it. Changing the branding is a very simple task, but if you don t want to do it yourself, fresh skies do offer a branding service at an additional cost Technical Overview Page 15 of 16 www.mkryptor.com

Contact and further reading There are lots of more detailed articles available for particular topics at support.freshskies.com. If you have any further questions, please don t hesitate to contact us. W: www.freshskies.com T: +44 (0)845 269 2259 E: tellmemore@freshskies.com our support website - http://support.freshskies.com Technical Overview Page 16 of 16 www.mkryptor.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information