How to use S/MIME and PGP Keys

[zin]

Dear all,

I am new user of OTRS 5s and i don't know how to use S/MIME and PGP keys for email encryption at all.
Moreover i'm also have a very little knowledge of system admin.
Please help me with this.
Thank in advanced.

[wurzel]

Hi,

http://otrs.github.io/doc/manual/admin/ ... area-smime

if you have no (or little) experience I would strongly recommend to get professional support. Encryption is not easy and needs to be setup properly.

S/MIME and PGP is 99% configuration with openSSL and backend linux configuration. OTRS "uses" this config, only.


Regards
Florian

[jojo]

Did you read the admin manual (http://doc.otrs.org). Also for using S/Mime and PGP a deeper level of linux knowledge is needed.

[zin]

Hi,
May i call you Florian?
I tried PGP keys generated and used in otrs sysConfig then sent mail to customer.
Customer receive Encrypted mail with PGP Key but i don't know how to Decrypte to read the mail.

PGP keys generated in server is using the command: gpg --gen-key

[zin]

Did you read the admin manual (http://doc.otrs.org). Also for using S/Mime and PGP a deeper level of linux knowledge is needed.

Hi JoJo,

Thanks for your suggestion and i followed the instructions by otrs manaul.
But i am confused which one is more secure and easy to use.

[zin]

Hi,

http://otrs.github.io/doc/manual/admin/ ... area-smime

if you have no (or little) experience I would strongly recommend to get professional support. Encryption is not easy and needs to be setup properly.

S/MIME and PGP is 99% configuration with openSSL and backend linux configuration. OTRS "uses" this config, only.


Regards
Florian

Hi,
May i call you Florian?
I tried PGP keys generated and used in otrs sysConfig then sent mail to customer.
Customer receive Encrypted mail with PGP Key but i don't know how to Decrypte to read the mail.

PGP keys generated in server is using the command: gpg --gen-key

[RStraub]

You won't be able to read the email if you only created one certificate. How this (very very roughly) works is:

- A user or firm (let's call them Alice!) has a private / public pair and sends you the public key
- You (let's call you Bob!) created a private / public pair and send the public one to the user

To talk encrypted with Alice, you will now encrypt Emails with THEIR public key. Alice then can use THEIR private key to decrypt them.

Vica versa, if Alice want's to talk to you, Alice will encrypt the mail with YOUR public key, and you can then decrypt it with YOUR private key.

[zin]

You won't be able to read the email if you only created one certificate. How this (very very roughly) works is:

- A user or firm (let's call them Alice!) has a private / public pair and sends you the public key
- You (let's call you Bob!) created a private / public pair and send the public one to the user

To talk encrypted with Alice, you will now encrypt Emails with THEIR public key. Alice then can use THEIR private key to decrypt them.

Vica versa, if Alice want's to talk to you, Alice will encrypt the mail with YOUR public key, and you can then decrypt it with YOUR private key.

Thanks for your reply.
Obviously,it is very good explanation.
Please help me out this.
I configured, OTRS admin uses PGP key generated(public key) is upload and OTRS customer upload that(same)public key on the same sever.
Is it right?or wrong?
Or have OTRS admin and OTRS customer separate private keys?If so,how to get OTRS customer private and public keys.

[RStraub]

Well, as for OTRS, you will need to upload it's private key (but never send the private one out).
Then send the public one to the customer who wants to send you encrypted mails.

Likewise you will need the public key from the customer and upload that one to OTRS.

If you want to create a second key pair, try this command on a linux server:

Code: Select all

ssh-keygen -b 4096

This should create you two files: ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa

The key without file-extension is your private key.

[zin]

Well, as for OTRS, you will need to upload it's private key (but never send the private one out).
Then send the public one to the customer who wants to send you encrypted mails.

Likewise you will need the public key from the customer and upload that one to OTRS.

If you want to create a second key pair, try this command on a linux server:

Code: Select all

ssh-keygen -b 4096

This should create you two files: ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa

The key without file-extension is your private key.

I can't add another key pair in otrs.

I added PGP private key in OTRS admin and public key in OTRS customer.
Please see the following figures.
I receive encrypt email sent from OTRS but i don't the step how to read the email(I mean decrypt email).
The other issues is OTRS receive ticket sent from email is not encrypt.

[zin]

Well, as for OTRS, you will need to upload it's private key (but never send the private one out).
Then send the public one to the customer who wants to send you encrypted mails.

Likewise you will need the public key from the customer and upload that one to OTRS.

If you want to create a second key pair, try this command on a linux server:

Code: Select all

ssh-keygen -b 4096

This should create you two files: ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa

The key without file-extension is your private key.

I can't add another key pair in otrs.

I added PGP private key in OTRS admin and public key in OTRS customer.
Please see the following figures.
I receive encrypt email sent from OTRS but i don't the step how to read the email(I mean decrypt email).
The other issues is OTRS receive ticket sent from email is not encrypt.

I followed the steps of "Secure Email with PGP" contents in otrs admin book.
what's wrong with my setting.
I am confused gmail setting or should i use other mail client?

[wurzel]

Hi,

the screenshot shows OTRS Business Solution Skin. Why not ask xxx?

Flo

[zin]

Hi,

the screenshot shows OTRS Business Solution Skin. Why not ask xxx?

Flo

Sorry for being late reply.
I used managed otrs site for testing new features and will expire within 30 days.

[root]

I used managed otrs site for testing new features and will expire within 30 days.

You should always test the same system/version you'll use later and can afford. Or do you know all differences?

[zin]

I used managed otrs site for testing new features and will expire within 30 days.

You should always test the same system/version you'll use later and can afford. Or do you know all differences?

Hi Roy,

Thanks for your suggestion.

[zin]

I used managed otrs site for testing new features and will expire within 30 days.

You should always test the same system/version you'll use later and can afford. Or do you know all differences?

Hi Roy,

Thanks for your suggestion.

Why not crypt on?
Do i need to more configures and please light me up how to do.

[zin]

It is not OTRS 5s
it is just used my testing OTRS 5.0.14

[jojo]

As RStraub wrote:

You won't be able to read the email if you only created one certificate. How this (very very roughly) works is:

- A user or firm (let's call them Alice!) has a private / public pair and sends you the public key
- You (let's call you Bob!) created a private / public pair and send the public one to the user

To talk encrypted with Alice, you will now encrypt Emails with THEIR public key. Alice then can use THEIR private key to decrypt them.

Vica versa, if Alice want's to talk to you, Alice will encrypt the mail with YOUR public key, and you can then decrypt it with YOUR private key.

It seems that there is no private key for OTRS sender address available. You should contact your support contact at OTRS group for further support