Note: Values you specify in the Encrypt Outbound, Decrypt
Inbound, and certificate fields are shared between the OpenPGP and XML
encryption configurations. You can specify these values once in either place to populate both
configurations.
When using OpenPGP, if your trading partner has provided an OpenPGP public key, you can use
the Certificate Manager to generate a Trusted CA Certificate from an OpenPGP key . See Certificate management and Generating trusted CA certificates from OpenPGP or SSH FTP keys. Similarly, if your trading partner requires an OpenPGP public key,
you can use the Certificate Manager to export an OpenPGP key . See Certificate management and Exporting certificates.
- Encrypt Outbound
- Select this check box to enable fields related to encrypting outbound messages.
- It is recommended that you enter both your trading partner's certificate and your user
certificate as both might be necessary depending upon the options selected.
- Values you specify in the Encrypt Outbound, Decrypt
Inbound, and certificate fields are shared between the OpenPGP and XML
encryption configurations. You can specify these values once in either place to populate
both configurations.
- Decrypt Inbound
- Select this check box to enable fields related to decrypting inbound messages.
- it is recommended that you enter both your trading partner's certificate and your user
certificate as both might be necessary depending upon the options selected.
- It is important to understand that the Encrypt Outbound,
Decrypt Inbound, and certificate fields are shared between the
two dialogs.
- Encryption/Signature Verification
-
- Certificate
- Enabled when you select either the Encrypt Outbound or
Decrypt Inbound check box.
- Click Browse to navigate to and select the certificate you
want to use. The Certificate field is populated with the path
of the certificate you select.
- If multiple recipients are required, you can use the SET
command to specify multiple certificates using the ‘|’ (pipe) character. For
example:
SET mailbox.PartnerPGPEncryptionCert=certs\companyA.cer | certs\personB.cer | certs\trunk.cer | certs\companyC.p7b
- Decryption/Signing
- By default, the signing certificate you configured on the
Certificates tab of the Local Listener panel is used to sign and
decrypt your files. See Configuring certificates for Local Listener.
- Override Local Listener Certificate
- Enables fields where you specify a certificate to use instead of the one you
configured for the Local Listener. See Configuring certificates for Local Listener.
- If you override the default certificates, you must also exchange the certificates
you specify here with your partner.
- Exchange Certificates
- Displays the Certificate Exchange dialog box, which allows you to send your
certificates to your trading partner. See Exchanging certificates with your trading partner.
- If you choose to schedule the PGP packaging certificate for future use, there is
a field available, Allow Overlapping Key Usage, that lets
you choose how certificates should be used when their schedules overlap. See
Allowing overlapping signing/encryption keys.
- Certificate Alias
- Password
- Click Browse to navigate to and select a certificate. Enter
the Password for your certificate's private key.
- Outbound Options
-
A file can be sent to the remote host with any combination of the following options
available on the Advanced tab under Configure System
Options. See Advanced system options for more information.
- Encrypted
- Encrypt using the PGP Encryption Algorithm property.
- Signed
- Sign using the PGP Hash Algorithm.
- Encrypt to My Certificate
- Allow My Certificate as well as Trading Partner’s
Certificate to decrypt outbound encrypted files. The
Encrypted box must be checked to enable and use this
option.
- Armored (Base 64)
- Armor (Base64 encode) the data. Base64 encoding converts binary data to printable
ASCII characters.
- Compressed
- Compress using the PGP Compression Algorithm.
- Inbound Security
-
- Force Encryption
- Force Signature
- When you select Force Encryption or Force
Signature, all inbound messages are checked for the required security
level. An error is logged and the message is rejected if the message is not received
according to the corresponding message security settings. If either setting is not
selected (default), the message is not checked for conformance with that security
setting.
- Allow non-OpenPGP
- Allows non-OpenPGP formatted data to be processed without generating OpenPGP
related errors.