SecureAge Technology



	SecureAge^® l SecureEmail l SecureFile l SecureDisk
	SecureEmail
	General
	1.	Why do we need to secure email?
	2.	Why do we use public key algorithm to encrypt emails instead of just using password?
	3.	Can I send secured emails to my business partners who do not have SecureEmail?
	Security Standards
	4.	Which email protocols and applications do SecureEmail currently support?
	5.	What email security standard does SecureEmail use?
	6.	What is the difference between PGP and S/MIME?
	7.	What is the difference between using SSL (e.g. HTTPS or SMTP/POP3/IMAP over SSL) to secure my email access, vs. S/MIME?

	8.	What is the security strength of SecureEmail solution?
	Digital Certificate and Private Key
	9.	If I lost my private key, does it mean that I cannot read the encrypted email in my mailbox?
	10.	Can I have a separate signing and encryption key?
	11.	I have multiple email accounts, do I need a separate digital certificate for each account?
	12.	My email certificate expires after a few years and when I get a new set of key and certificate, will I still be able to decrypt my old emails?

	SecureEmail Interoperability
	13.	Can I use SecureEmail plug-in to communicate securely with outside users?
	14.	Can I send secure email with compression to outside users?
	15.	Can I send secure email with 256-bit AES encryption to outside users?
	16.	Since most of the email clients S/MIME enabled, why do we still need SecureEmail solution?
	17.	I am using web mail. Can I use SecureEmail solution to securely send and receive email?
	Trouble Shooting
	18.	When receiving a signed email, the email software is reporting an invalid signature. Why is the signed email reported as invalid?

	19.	After installing SecureAge^®, why is my Outlook secure email plug-in not working?
	20.	I received an email that contains a smime.p7m attachment, what does it mean?
	21.	I wanted to send a secure email. But when I click ‘send’ on my email software, the email was sent out as plain email without prompting?


	General
	1.	Why do we need to secure email?
		Any email that contain sensitive information should be protected. An email, when sent, travels through multiple mail servers and it is always stored at these servers before being forwarded to the intended recipient / relaying email server. At these servers, or on the network, email can be easily intercepted, copied or altered. Weeks, months, or even years later, email, which you thought you have deleted, may still be stored as backup somewhere in the email server and can still be retrieved using keyword search strings. It is therefore important to secure all your confidential emails if you only want the intended recipients to read the message. With our SecureEmail solution, a core component of our SecureAge® client, you can be assured that your confidential email will remain encrypted from the point of its transmission up to the point when it is stored on the desktop / laptop / server. Without the recipient private key, no one will be able to read the email.
		[ Back to top l Back to 'General' Questions]

	2.	Why do we use public key algorithm to encrypt emails instead of just using password?
		Password encryption requires communicating parties to share the same password or key using what is commonly known as symmetric key algorithms. Public key algorithms have key management advantages over equivalently strong symmetric ones. First, one key of the pair does not need to be known by anyone but its owner; so it can more easily be kept secret. Second, although the other key of the pair is shared by all entities that use the algorithm, that key does not need to be kept secret from other, non-using entities; so the key distribution part of key management can be done more easily. Another reason for using public key algorithm is that it can perform digital signature operation while symmetric key algorithm cannot.
		[ Back to top l Back to 'General' Questions ]

	3.	Can I send secured emails to my business partners who do not have SecureEmail?
		Yes, you can send secured emails to your business partners provided they have a S/MIME enabled email software and a digital certificate from a Certificate Authority. Basically, SecureEmail interoperates with other email software that is S/MIME compatible.
		[ Back to top l Back to 'General' Questions ]

	Security Standards
	4.	Which email protocols and applications do SecureEmail currently support?
		SecureEmail supports a wide range of email protocols like SMTP, POP3, IMAP as well as specialized MAPI protocols of Microsoft Exchange, and Lotus Notes servers. It also supports many web mail protocols including those used by Exchange, Lotus Domino, Sun Messaging Server, Hotmail, and Yahoo Mail. It could also be customized easily for other web mail systems.
		[ Back to top l Back to 'Security Standards' Questions ]

	5.	What email security standard does SecureEmail use?
		SecureEmail is based on S/MIME v3 (RFC 2633) and the latest S/MIME v3.1 standards. S/MIME v3 is the most commonly used email security standard adopted by commercial email solutions, including the latest version of Lotus Notes, Outlook, Outlook Express, Netscape, etc.
		[ Back to top l Back to 'Security Standards' Questions ]

	6.	What is the difference between PGP and S/MIME?
		PGP is one of the earliest public key technologies for email signing and encryption. It has attracted many early adopters of public key technology and is well suited for technically savvy users. The newer S/MIME standard has the advantage of being well integrated with the email MIME standard and fully exploits the Public Key Infrastructure (PKI) technology. Commercially, the use of patented encryption algorithm (IDEA) in PGP has prevented it from being widely used in the commercial world because of licensing issue. Subsequently, almost all commercial email software are already, or moving towards, supporting the S/MIME standard.
		[ Back to top l Back to 'Security Standards' Questions ]

	7.	What is the difference between using SSL (e.g. HTTPS or SMTP/POP3/IMAP over SSL) to secure my email access, vs. S/MIME?

		SSL only encrypts the network traffic between the user’s machine and the immediate mail server. The emails will be stored in plain format in your own mail server as well as your recipient’s mail server. With S/MIME, the security is end-to-end and the emails stay encrypted on the network and on the mail servers. Only the recipient with the correct private key can decrypt the emails on their own machine.
		[ Back to top l Back to 'Security Standards' Questions ]

	8.	What is the security strength of SecureEmail solution?
		SecureEmail supports a wide range of symmetric key encryption algorithms. From the SecureAge® configuration menu, under the "EMail tab folder=>Advanced...", you can select from low security 40-bit RC2 to full strength security 256-bit AES. The default is 168-bit Triple-DES. In terms of public key for digital signature and email session key encryption, SecureEmail supports RSA with key strength up-to 4096-bit.
		[ Back to top l Back to 'Security Standards' Questions ]

	Digital Certificate and Private Key
	9.	If I lost my private key, does it mean that I cannot read the encrypted email in my mailbox?
		This is mostly correct, unless you have a backup encryption key, or your Certification authority (CA) provides a key recovery service.
		[ Back to top l Back to 'Digital Certificate and Private Key' Questions ]

	10.	Can I have a separate signing and encryption key?
		Yes.
		[ Back to top l Back to 'Digital Certificate and Private Key' Questions ]

	11.	I have multiple email accounts, do I need a separate digital certificate for each account?
		Yes. S/MIME requires the digital certificate to contain the email account info. Since each certificate can store only one email address, the user needs to apply for a digital certificate for each email account that he/she wants to send or receive secure emails.
		[ Back to top l Back to 'Digital Certificate and Private Key' Questions ]

	12.	My email certificate expires after a few years and when I get a new set of key and certificate, will I still be able to decrypt my old emails?

		Yes. SecureEmail supports a flexible user profile that can store unlimited key history. This enables a seamless support for multiple keys to co-exist and allows all your emails to be automatically decrypted when you access them. SecureEmail also provides a powerful migration tool that allows the IT administrators of an organization to re-encrypt old emails with the new encryption key. They can use the old key for a one time migration and immediately discard it after use. After the migration, the emails in the email server and the archive folders will be encrypted with the new keys and the old key will no longer be needed.
		[ Back to top l Back to 'Digital Certificate and Private Key' Questions ]

	SecureEmail Interoperability
	13.	Can I use SecureEmail plug-in to communicate securely with outside users?
		Yes. SecureEmail is based on the S/MIME email security standard. This allows SecureEmail users to communicate securely with other users who use standard email software that supports S/MIME. Such email software include Outlook (version 2000 & above), Outlook Express, Netscape 7.x, and Lotus Notes r6. If the other party is also using SecureEmail, then both parties can communicate securely using any version of Outlook, Outlook Express, Lotus Notes, Netscape, any SMTP / POP3 / IMAP4 compliance email clients, and web mail access based on Exchange, Lotus Domino, Sun Messaging Server, Hotmail and Yahoo Mail.
		[ Back to top l Back to 'SecureEmail Interoperability' Questions ]

	14.	Can I send secure email with compression to outside users?
		SecureEmail supports the latest S/MIME v3.1 which comes with email compression capability. Email compression is very useful in reducing the size of the emails by as much as 70 percent. You can communicate with other SecureEmail users with the compression mode on. However, compression is an advanced email feature that has only been standardized in 2002. Many commercial secure email solutions in the market may not have catch up with the standard and hence unable to decompress the email properly. So you should turn off the compression mode if your recipient's secure email solution does not support it.
		[ Back to top l Back to 'SecureEmail Interoperability' Questions ]

	15.	Can I send secure email with 256-bit AES encryption to outside users?
		AES is a relatively new encryption standard (FIPS 197, 2001). It is therefore not as widely adopted as RC2 and 3DES. Hence, like email compression, you should ensure that your recipient is able to support this encryption standard before using it.
		[ Back to top l Back to 'SecureEmail Interoperability' Questions ]

	16.	Since most of the email clients S/MIME enabled, why do we still need SecureEmail solution?
		For email clients like Outlook that already supports the S/MIME capability, SecureEmail solution provides additional secure email features apart from those already provided by the email client. For instance, SecureEmail can help organizations to add email security features like email security classification and incorporate their own secure email business logics.
		[ Back to top l Back to 'SecureEmail Interoperability' Questions ]

	17.	I am using web mail. Can I use SecureEmail solution to securely send and receive email?
		Yes. SecureAge® client supports standard web mail access to enterprise email systems. These include Outlook Web Access (OWA) to Exchange server, Domino default web mail system and Sun Messaging server. It also supports public web mail system like Hotmail and Yahoo Mail. However, the latter are not activated in standard SecureAge® installation. Please contact us if you need to activate these features.
		[ Back to top l Back to 'SecureEmail Interoperability' Questions ]
	Trouble Shooting
	18.	When receiving a signed email, the email software is reporting an invalid signature. Why is the signed email reported as invalid?

		Email softwares like Microsoft Outlook, Outlook Express and Netscape, will report "invalid signature" if the SecureAge® CA certificate has not been installed in your system. You can install the SecureAge® CA certificate by right clicking on the SecureAge® icon (located at the bottom right-hand corner of your Windows screen) and select "Install CA Certificate".
		[ Back to top l Back to 'Trouble Shooting' Questions ]

	19.	After installing SecureAge®, why is my Outlook SecureEmail plug-in not working?
		You may have accidentally disabled the plug-in item during the installation. Please enable the item in order to make the Outlook SecureEmail plug-in working. Open the “About Microsoft Outlook” dialog, select “Disabled Items…” button. Select “ExchgExt.dll” if found. Click “Enable”. You may have to restart Outlook for the change to take place.
		[ Back to top l Back to 'Trouble Shooting' Questions ]

	20.	I received an email that contains a smime.p7m attachment, what does it mean?
		A smime.p7m attachment is a secure email body. Please ensure that SecureAge® is activated so that this email can be decrypted. If you do not have the proper key to decrypt the email, it will also show up as just a smime.p7m attachment.
		[ Back to top l Back to 'Trouble Shooting' Questions ]

	21.	I wanted to send a secure email. But when I click ‘send’ on my email software, the email was sent out as plain email without prompting?

		First, check whether SecureAge® is running by double clicking on the SecureAge® icon located on the bottom right-hand corner of the Windows screen. Then click on the “Email” tab to check your secure email setting – make sure that the setting is not ‘Never sign and encrypt’. Next, make sure that your current profile contains a digital certificate that matches your (sender) email address. This is important since SecureAge® will send a plain email if your email address is not found among the certificates in your profile.
		[ Back to top l Back to 'Trouble Shooting' Questions ]