Centralized PGP Server

Hello people:

I would like to set up a Centralized PGP server for my research
organization. I want all out-going mails from the organzation's mail
server to be routed to a separate PGP Server, where encryption will
take place. I basically want to know how to accomplish this using
SendMail, GnuPG, and LDAP Directory Services.

Can anyone please let me know what's the best way to start and
implement this. This is quite urgent, so kindly pour in all your
suggestions asap

Thanks.

Re: Centralized PGP Server

sganapathy85@gmail.com wrote:

> Hello people:
>
> I would like to set up a Centralized PGP server for my research
> organization. I want all out-going mails from the organzation's mail
> server to be routed to a separate PGP Server, where encryption will
> take place. I basically want to know how to accomplish this using
> SendMail, GnuPG, and LDAP Directory Services.
>
> Can anyone please let me know what's the best way to start and
> implement this. This is quite urgent, so kindly pour in all your
> suggestions asap
>
> Thanks.
>

First question, are you looking for the encryption to be transparent to
the user?
Second, if you are only concerned with outgoing email, you would need to
either have the remote recipients keys, or provide them with a key
which does not sound as plausable or each remote user will need to
provide you with their public key for storage.

Not sure what you mean by the messages will be going to a separate PGP
server. You would need to look for hooks/modules/filters that would work
with sendmail where it would process an outgoing message based on the
recipients key. i.e. email is received by sendmail that is destined to a
remote set of recipients. sendmail prior to attempting delivery to each
recipient will need to encrypt the message for each recipient with their
key which can either be retrieved from the LDAP directory or from the
"PGP server".


AK

Re: Centralized PGP Server

> First question, are you looking for the encryption to be transparent to
> the user?
> Second, if you are only concerned with outgoing email, you would need to
> either have the remote recipients keys, or provide them with a key
> which does not sound as plausable or each remote user will need to
> provide you with their public key for storage.
>
> Not sure what you mean by the messages will be going to a separate PGP
> server. You would need to look for hooks/modules/filters that would work
> with sendmail where it would process an outgoing message based on the
> recipients key. i.e. email is received by sendmail that is destined to a
> remote set of recipients. sendmail prior to attempting delivery to each
> recipient will need to encrypt the message for each recipient with their
> key which can either be retrieved from the LDAP directory or from the
> "PGP server".
>
>
> AK

Hello AK:

1. Yes, I want the users not to be bothered about the encryption
process. The just need to click on the send button, and the mail will
be automatically routed for encryption, and sent to the recipient after
that.

2. The problem of possessing the keys is not a problem as this project
is meant only for our research organization, and hence the encryption
is only for our business mails. So, all the organization members will
be made to register their public keys with the key server.

Hope that satisfies your queries.

Now, the basic problem that I'm facing is to "route" the outgoing mails
to a place where I can do the encryption. I have no clue as to how to
do that. Any ideas or suggestions on that?

Thanks.

Shiv.

Re: Centralized PGP Server

sganapathy85@gmail.com wrote:
>>First question, are you looking for the encryption to be transparent to
>>the user?
>>Second, if you are only concerned with outgoing email, you would need to
>> either have the remote recipients keys, or provide them with a key
>>which does not sound as plausable or each remote user will need to
>>provide you with their public key for storage.
>>
>>Not sure what you mean by the messages will be going to a separate PGP
>>server. You would need to look for hooks/modules/filters that would work
>>with sendmail where it would process an outgoing message based on the
>>recipients key. i.e. email is received by sendmail that is destined to a
>>remote set of recipients. sendmail prior to attempting delivery to each
>>recipient will need to encrypt the message for each recipient with their
>>key which can either be retrieved from the LDAP directory or from the
>>"PGP server".
>>
>>
>>AK
>
>
> Hello AK:
>
> 1. Yes, I want the users not to be bothered about the encryption
> process. The just need to click on the send button, and the mail will
> be automatically routed for encryption, and sent to the recipient after
> that.
>
> 2. The problem of possessing the keys is not a problem as this project
> is meant only for our research organization, and hence the encryption
> is only for our business mails. So, all the organization members will
> be made to register their public keys with the key server.
>
> Hope that satisfies your queries.
>
> Now, the basic problem that I'm facing is to "route" the outgoing mails
> to a place where I can do the encryption. I have no clue as to how to
> do that. Any ideas or suggestions on that?
>
> Thanks.
>
> Shiv.
>

Depending on the mail server you are using, you can setup a default
route through which all messages destined outbound must follow. On that
mail server you would need to get the message determine the
recipient/s. Then create and encrypt a mailing for each recipient.

To deal with the reverse (incoming messages), the default mailer used
above, must be the one reflected for the MX or you might have to add
some logic to prevent mailing loops.

Different email servers may be more suitable for addition of
hooks/preprocessors/postprocessors.

One thing to consider is that nothing forces the remote sender from
replying to the encrypted message without encrypting it back.

One way to maintain control over email, is to provide a secure web
interface and accounts to the remote individuals for the sole purpose of
communicating with your organization.

AK