Manage standard key and certificates with iQ.Suite Crypt
iQ.Suite Tips & Tricks for Microsoft Exchange / SMTP
The iQ.Suite Crypt Key Import Job can be used to import PGP keys automatically. There are two ways to actively use the new keys for encryption. Either set the owner trust to "Ultimately trusted" or use the key without any further validation. Here we describe the approach to follow for the latter option.
Step by step:
- First decide which validations you want to perform on newly imported PGP keys. Automatic use of new PGP keys means fewer chances for the administrator to intervene. At the same time, it does not require any additional work.
- If you decide to use keys without further validation, the relevant crypt engine must be modified.
- To do this, open the required engine under Basic Configuration -> Crypt Engines.
- Now go to the "Options" field on the "PGP Options" tab.
- There you will find a parameter "Always Trust". In the standard configuration this parameter is deactivated with "#".
- The "Always Trust" function is activated by removing "#".
- As a result iQ.Suite Crypt no longer checks the owner trust of each individual public key so that every newly imported key can be used immediately.
- The advantage of this approach is that there is no need for additional key validation or for owner trusts to be set manually. However, do remember this means there is no instance that controls the new keys. A case of a typical trade-off between automation and security considerations!