M-Switch Encryption

M-Switch provides an encryption option which enables message encryption and decryption capabilities (using S/MIME for SMTP messages and STANAG 4406 Encryption for X.400 messages).

Server-to-Server Operation

The simplest way to deploy M-Switch servers with the Encryption add-on is in a pair-wise configuration, where messages are encrypted by one server and then decrypted by its peer. This provides a setup where messages between a pair of MTAs, possibly with other MTAs in between that switch the encrypted messages, support end points that do not encrypt messages.

There are several situations where this approach may be reasonable, such as:

• Two organizations run messaging locally without the use of encryption, which may be for technical reasons (e.g., components that do not support encryption) or for policy reasons (e.g., to not encrypt data in a secure local environment). M-Switch Encryption enables messages to be encrypted when they are transferred between organizations, thus providing protection.
• Support for email clients that do not provide encryption. Typically, local protection, such as use of TLS, can provide security to and from the client, and then M-Switch Encryption can provide server-to-server protection.

Server to Client Operation

M-Switch servers with the Encryption add-on can also be used in an asymmetrical configuration, as shown below. As with the symmetric configuration, one side of the system is unencrypted. However, on the encrypted side, encryption is handled at the client level. This might be used to support a mix of organizations where some use client encryption and others do not.

When it receives an encrypted message from a client, the M-Switch Encryption add-on will need to decrypt it. An encrypted message will be encrypted for several recipients, using the public key of that recipient. This means that the sender needs to encrypt the message for the specific instance of the encryption-equipped server. This is often achieved by the user copying the gateway, which is a practical, although not entirely desirable approach.

When encrypting a message for an end client, the M-Switch server will need the public key for that user. It obtains this key by looking up a local database based on the recipient’s address. This database can be manually populated or automatically by caching a certificate, from when that user has sent a signed message.

M-Switch Encryption supports two types of message encryption, both of which are based on the use of the Cryptographic Message Syntax (CMS) open standard specified in RFC 5652.

The first is S/MIME encryption (RFC 5751) for use with SMTP-based messaging. This uses CMS enveloped data, which is the encryption approach used in widely deployed S/MIME clients.

The second type is STANAG 4406 encryption for use with STANAG 4406 military messaging. This uses a technique called “triple wrap”, where there are three layers:

1. An inner CMS layer which has message signatures and security labels.
2. An enveloped data CMS layer which provides the encryption.
3. An outer CMS layer which has message signatures and security labels.

Signature capabilities are provided in all products in the M-Switch family. M-Switch Encryption adds the encryption layer. Where triple wrap is used, M-Switch Encryption can add and remove all three layers. It can also add encryption only (no signature layers) and can add encryption and signature layers to a signed message.

Configuration options allow for the encryption of all messages or the encryption of messages on a selective basis. Decryption is always performed if a suitable private key is available. M-Switch Encryption supports the following CMS Capabilities and Algorithms:

The M-Switch Encryption add-on complies with the following Open Standards: