We add letter encryption and electronic signature to Zimbra

    Information security systems devote so much attention to some enterprise systems as e-mail servers. Hacking electronic mailboxes and publishing multi-year business correspondence archives therein often cause public scandals, and also form the basis for antitrust and even criminal cases. That is why the protection of e-mail guide is one of the top priorities for any security guard.


    However, there is no consensus on how to protect email from hacking. Since there are a lot of solutions for its protection, and the budgets of enterprises for ensuring information security are vanishingly small, everyone is trying to develop their own strategy for protecting data stored in e-mail. The most common ways to protect mail is to encrypt and sign emails with an electronic key. The electronic signature allows the addressee to make sure that the letter was written by the sender, and not by anyone else, and encryption of the letter allows the sender to be sure that no one will read the letter except the addressee.

    Since Zimbra is an open source solution, you can enable letter encryption and EDS in several ways. The first and officially supported is encryption and signature of the letter via S / MIME. For its operation, you must obtain S / MIME certificates, for example, in Comodo, StartSSL or from another supplier. Further encryption is done on the client side. Depending on whether your employees use the Zimbra web client or open mail on a mobile device, the procedure will be slightly different.

    Users of mobile devices will need to first transfer to their gadget a pkcs12 file containing the private key. And if Android users can do it directly, then users of iOS devices will have to use some kind of cloud service for these purposes, but Zimbra Briefcase is best to use, because the file with a private key for encryption is not the information that should be trusted by third-party platforms. After downloading and opening the .p12 file on iOS, the system settings application will automatically open, which will offer to install the certificate, creating a new user profile for it. When the installation is complete, all you need to do is enter all the data required for authorization on your mail server with Zimbra, and also enable the S / MIME option for this account. After that, all outgoing emails will be encrypted and signed. The certificate is installed in the same way on Android devices.

    Web client users should import their private key file directly into the browser in use. This is usually done right when downloading the certificate. Then, being in the Zimbra web client, you need to make sure that the “Secure Email” prompt is activated. After that, you need to go to the security settings and make sure that the “Secure Email” zemlet sees the S / MIME certificate in your browser. It is best to immediately assign the status of “Auto” to this certificate, that is, the default one. After all these actions, a drop-down list will appear in the compilation window of the new letter with encryption and signature options.

    The second way to enable encryption in Zimbra is to use the OpenPGP zimlet. Its main disadvantage is that this zimlet can only encrypt a text letter. In the event that you send an email with an attachment, OpenPGP-Zimlet will be useless. In addition, OpenPGP-Zimlet will be quite difficult to use with mobile devices.

    So, after the OpenPGP simlet is installed on the server with Zimbra, in the user settings of the web version of the client it will be possible to activate it. After the new zimlet is enabled, the user can generate a pair from a public and private key, or import existing keys. After that, it will be possible in a couple of clicks to send your public key to any interlocutor with whom you intend to conduct an encrypted conversation. When receiving the public key from the interlocutor, Zimbra web client automatically recognizes and offers to import it, after which the decryption of messages from this user will occur in a few clicks, or, if desired, will become automatic.


    Now when you compose a letter, you will have the opportunity to encrypt his body with your key. Please note that the subject line is not encrypted. After that, the encrypted text of the letter will appear directly in the input window. You can send it only to those addressees who sent you their public keys.


    Encryption of mail and electronic signature are only part of the measures that can be taken to increase the security of using email. We will tell you about other methods in the next article.

    Also popular now: