gpg4o vs. mailarchivers
There are several reasons why companies would want to archive emails and other messages:
- Compliance and legal issues
- Removal of mail server load
- Data loss prevention
- Ability to read messages of absent or gone employees
With gpg4o and other OpenPGP based mailencryption products, encrypted mail will be encrypted in the archive. To read encrypted mail, the availability of the appropriate secret keys is inevitable. Since a non-encrypted storage of sensitive data is not recommended, a secure archiving of secret keys in the company is necessary. Please keep in mind, that highest security measures for those archives have to be established.
Organize your key management from the start
Whenever you start to use mail encryption within your company, you should thoroughly plan a centralized key management to achieve the following results:
- The usage of encryption keys within companies has to be controlled by management
- Backup and archive used keypairs in case of loss
- Possibility of revocation plus the ability to read encrypted mail if employees are absent or gone
- Therefore protection for the interest of the company when using mailencryption
Integration of already existing keypairs
Very often you’ll find key infrastructures growing from the scratch and starting with the first employee using encryption in the company. In this case you will need to get your hands on the keys to regain control over the data in your company. Do so before you roll new keypairs out.
Key Management for administrators
To get the most out of gpg4o, Giegerich & Partner provides some documentation for administrators. In this paper, you’ll find strategies for key management with gpg4o with basic scenarios for practical use. Advantages and weaknesses of these strategies are discussed. Please keep in mind that it might be useful to talk to all stakeholders in your company before implementation.