- Allows every member of your organization to have the benefits of encryption with a single software installation and a centrally controlled system for managing keys.
- Industry standard S/MIME PKI protocol
- Works with desktop applications like Outlook
- Works with other server-based applications
- Supports message encryption and signing
- Encryption actions are managed through the familiar MailMarshal interface
- Supports up to 168-bit strength encryption (Triple DES algorithm)
- Also supports RC2 (40 or 128 bit) and DES (56 bit) encryption
- Supports SHA1 and MD5 signing algorithms
- Uses Domain Certificates for gateway-to-gateway encryption
- Transparently creates Proxy Certificates on-the-fly to allow gateway-to-client encryption
- Allows separate encryption of messages for Escrow archiving (proof of sending)
- Creates self-signed certificates or imports Certificate Authority certificates
- Can retrieve certificates from a remote store through LDAP
SECURITY FEATURES:
Domain Certificate:
- MailMarshal Secure requires one Domain Certificate for each domain it provides services for. A Domain Certificate is also known as a Server Certificate.
- MailMarshal automatically generates and stores one private key for each Domain Certificate created.
Configuring Rules:
- Security rules must be created to facilitate the domain certificate to encrypt, decryptand sign messages.
- These actions will be carried out with nominated entities only.
Sharing Certificates:
- To exchange secure mail, both entities must swap certificates.
- Since certificates contain only public information, it is safe to give the certificates to anyone.
- It is important to install the correct certificate for each site with which emails will be exchanged. Since each certificate contains the encryption key, a wrong certificate will disrupt the security.
- Comparing the "Thumbprint" of the certificates installed at both sites will ensure that the correct certificate is installed.
SUPPORTED STANDARDS:
Secure Electronic Environment:
MailMarshal Secure is accredited by S.E.E., the E-government unit of the State Services Commission of New Zealand.
S/MIME:
MailMarshal Secure supports Secure Multipart Internet Message Extensions.
LDAP Support:
MailMarshal Secure supports Microsoft LDAP (Lightweight Directory Access Protocol), allowing a central point for validation and updates. It retains the LDAP user group structure.
Cryptographic Support:
- Supports nCipher (cryptographic accelerator), which secures the storage of all private keys.
- RSA PKCS#1 (RSA encryption standard),
- PKCS#2 (password based encryption standard),
- PKCS#7 (cryptographic message syntax standard),
- Base 64 encoded PKCS#7 / X.509 and
- PKCS#12 (standard for import and export of Private Keys).
ENCRYPTION STANDARDS:
Signing algorithms:
RSA MD5 and SHA-1.
Encryption levels:
RSA RC2 40, 64 and 128-Bit, DES CBC 56-Bit and DES EDE3 CBC (triple DES 168-Bit).
Key pairs:
512, 1024, 2048, 4096-Bit (Microsoft Windows 2000/XP High Encryption is required for options over 512-Bit).
Key Transport:
PKCS#12 (personal information exchange message syntax).
Other standards:
- RSA RFC2311,
- RFC2312 and
- RFC1422 (X.509 v1, v3 S/MIME certificate compliance).