FAQ

Any email that contain sensitive information should be protected. An email, when sent, travels through multiple mail servers and it is always stored at these servers before being forwarded to the intended recipient / relaying email server. At these servers, or on the network, email can be easily intercepted, copied or altered. Weeks, months, or even years later, email, which you thought you have deleted, may still be stored as backup somewhere in the email server and can still be retrieved using keyword search strings. It is therefore important to secure all your confidential emails if you only want the intended recipients to read the message. With our SecureEmail solution, a core component of our SecureAge client, you can be assured that your confidential email will remain encrypted from the point of its transmission up to the point when it is stored on the desktop / laptop / server. Without the recipient private key, no one will be able to read the email.

Password encryption requires communicating parties to share the same password or key using what is commonly known as symmetric key algorithms. Public key algorithms have key management advantages over equivalently strong symmetric ones. First, one key of the pair does not need to be known by anyone but its owner; so it can more easily be kept secret. Second, although the other key of the pair is shared by all entities that use the algorithm, that key does not need to be kept secret from other, non-using entities; so the key distribution part of key management can be done more easily. Another reason for using public key algorithm is that it can perform digital signature operation while symmetric key algorithm cannot.

Yes, you can send secured emails to your business partners provided they have a S/MIME enabled email software and a digital certificate from a Certificate Authority. Basically, SecureEmail interoperates with other email software that is S/MIME compatible.

SecureEmail supports a wide range of email protocols like SMTP, POP3, IMAP as well as specialized MAPI protocols of Microsoft Exchange, and Lotus Notes servers. It also supports many web mail protocols including those used by Exchange, Lotus Domino, Sun Messaging Server, Hotmail, and Yahoo Mail. It could also be customized easily for other web mail systems.

SecureEmail is based on S/MIME v3 (RFC 2633) and the latest S/MIME v3.1 standards. S/MIME v3 is the most commonly used email security standard adopted by commercial email solutions, including the latest version of Lotus Notes, Outlook, Outlook Express, Netscape, etc.

PGP is one of the earliest public key technologies for email signing and encryption. It has attracted many early adopters of public key technology and is well suited for technically savvy users. The newer S/MIME standard has the advantage of being well integrated with the email MIME standard and fully exploits the Public Key Infrastructure (PKI) technology. Commercially, the use of patented encryption algorithm (IDEA) in PGP has prevented it from being widely used in the commercial world because of licensing issue. Subsequently, almost all commercial email software are already, or moving towards, supporting the S/MIME standard.

SSL only encrypts the network traffic between the user’s machine and the immediate mail server. The emails will be stored in plain format in your own mail server as well as your recipient’s mail server. With S/MIME, the security is end-to-end and the emails stay encrypted on the network and on the mail servers. Only the recipient with the correct private key can decrypt the emails on their own machine.

SecureEmail supports a wide range of symmetric key encryption algorithms. From the SecureAge configuration menu, under the "EMail tab folder=>Advanced...", you can select from low security 40-bit RC2 to full strength security 256-bit AES. The default is 168-bit Triple-DES. In terms of public key for digital signature and email session key encryption, SecureEmail supports RSA with key strength up-to 4096-bit.

This is mostly correct, unless you have a backup encryption key, or your Certification authority (CA) provides a key recovery service.

Yes.

Yes. S/MIME requires the digital certificate to contain the email account info. Since each certificate can store only one email address, the user needs to apply for a digital certificate for each email account that he/she wants to send or receive secure emails.

Yes. SecureEmail supports a flexible user profile that can store unlimited key history. This enables a seamless support for multiple keys to co-exist and allows all your emails to be automatically decrypted when you access them. SecureEmail also provides a powerful migration tool that allows the IT administrators of an organization to re-encrypt old emails with the new encryption key. They can use the old key for a one time migration and immediately discard it after use. After the migration, the emails in the email server and the archive folders will be encrypted with the new keys and the old key will no longer be needed.

Yes. SecureEmail is based on the S/MIME email security standard. This allows SecureEmail users to communicate securely with other users who use standard email software that supports S/MIME. Such email software include Outlook (version 2000 & above), Outlook Express, Netscape 7.x, and Lotus Notes r6. If the other party is also using SecureEmail, then both parties can communicate securely using any version of Outlook, Outlook Express, Lotus Notes, Netscape, any SMTP / POP3 / IMAP4 compliance email clients, and web mail access based on Exchange, Lotus Domino, Sun Messaging Server, Hotmail and Yahoo Mail.

SecureEmail supports the latest S/MIME v3.1 which comes with email compression capability. Email compression is very useful in reducing the size of the emails by as much as 70 percent. You can communicate with other SecureEmail users with the compression mode on. However, compression is an advanced email feature that has only been standardized in 2002. Many commercial secure email solutions in the market may not have catch up with the standard and hence unable to decompress the email properly. So you should turn off the compression mode if your recipient's secure email solution does not support it.

AES is a relatively new encryption standard (FIPS 197, 2001). It is therefore not as widely adopted as RC2 and 3DES. Hence, like email compression, you should ensure that your recipient is able to support this encryption standard before using it.

For email clients like Outlook that already supports the S/MIME capability, SecureEmail solution provides additional secure email features apart from those already provided by the email client. For instance, SecureEmail can help organizations to add email security features like email security classification and incorporate their own secure email business logics.

Yes. SecureAge client supports standard web mail access to enterprise email systems. These include Outlook Web Access (OWA) to Exchange server, Domino default web mail system and Sun Messaging server. It also supports public web mail system like Hotmail and Yahoo Mail. However, the latter are not activated in standard SecureAge installation. Please contact us if you need to activate these features.

Email softwares like Microsoft Outlook, Outlook Express and Netscape, will report "invalid signature" if the SecureAge CA certificate has not been installed in your system. You can install the SecureAge CA certificate by right clicking on the SecureAge icon (located at the bottom right-hand corner of your Windows screen) and select "Install CA Certificate".

You may have accidentally disabled the plug-in item during the installation. Please enable the item in order to make the Outlook SecureEmail plug-in working. Open the “About Microsoft Outlook” dialog, select “Disabled Items…” button. Select “ExchgExt.dll” if found. Click “Enable”. You may have to restart Outlook for the change to take place.

A smime.p7m attachment is a secure email body. Please ensure that SecureAge is activated so that this email can be decrypted. If you do not have the proper key to decrypt the email, it will also show up as just a smime.p7m attachment.

First, check whether SecureAge is running by double clicking on the SecureAge icon located on the bottom right-hand corner of the Windows screen. Then click on the “Email” tab to check your secure email setting – make sure that the setting is not ‘Never sign and encrypt’. Next, make sure that your current profile contains a digital certificate that matches your (sender) email address. This is important since SecureAge will send a plain email if your email address is not found among the certificates in your profile.