Review: E-mail Encryption Made Easy
PGP Universal Gateway Email
PGP (for Pretty Good Privacy), the granddaddy of e-mail encryption, started as a pet project of Phil Zimmermann (who is still associated with the company) and has been on its own now since 2002, after breaking away from Network Associates, Inc. PGP offers a plethora of products, including whole disk encryption, desktop e-mail encryption clients and its Universal server, which runs its own variation of the Linux operating system on a very limited collection of hardware that it lists on its Web site or on VMware virtual machine images.
To start things off, you install PGP Desktop or its Outlook plug-in on a client computer and set up PGP Universal on a separate server to handle the external communications. If you send an encrypted message to an external user, they will get a message with a URL pointing them to the Universal Server's Web Messenger and the automatic registration process.
This is the whole point to the product: You don't have to manage a bunch of certificates and can begin communicating with your external correspondents immediately.
The Web Messenger works simply and effectively for users new to the encryption game, and the messages are encrypted at the edge of the enterprise network and across the Internet; Web access is via HTTPS and no information is stored on the client machine.
When a user clicks on the embedded URL, they are taken through a series of steps to register their identity, pick a passphrase and select how they want to receive subsequent communications from among four different options:
You can also limit these choices globally for all users on the Universal Console.
The biggest drawback to using Universal Server is that it is a complex product and has many options that might be intimidating to people new to PGP products or encryption in general. There is a Web control panel that is used to set up policies and users, collect reports and set up other configuration parameters; that has numerous key management options that could be overwhelming, such as controlling how keys are generated and authenticated, and whether they are stored on clients or just the server.
The advantage to using PGP is that if you have correspondents who have implemented encrypted e-mail, chances are high that they are familiar with PGP and are using its desktop products.