Encrypted Email Alerts

gos-5

#1

One or many Alerts can be attached to a Task and act upon a scan status change. Very common is to send an email to a user when a scan finished and inform that the scan finished, perhaps also add the scan report as an attachment.

GOS 5 introduces the option to encrypt the Alert emails with a configured public PGP key. This takes only a few steps. However, it is assumed that you already have a PGP key to use for encryption.

The alert feature is available for SME, MIDRANGE and ENTERPRISE class appliances.

1. Configure Mail Server

In the GOS administration, go to menu Setup->Mail->Mail and enter the address of your local email server. Note, that you need to configure your email server to accept emails from the GSM.

Select “Save” to finally activate the new mail server.

See the GSM User Manual for details about mail server configuration.

2. Create a PGP Encryption Key:

Via Menu Configuration->Credentials you can create a new credential of type “PGP Encryption Key”:

The PGP Public Key file to upload must be a so-called ascii-armored public key file. Your key manager surely allows you to export it in this format. On a command line using gpg it can be created like this:

gpg --armor --export your-key-id > my_pub_key.asc

3. Create Email Alert

Via Configuration->Alerts you can now create the Alert using this credential:

Please be aware that the subject of the email will not be encrypted and thus be in clear text while transfered via the network. If you do not want to expose a task name, edit the subject for the email in this dialog.

4. Test the alert

It is always a good idea to test a new alert before attaching it to a task and hope for the best. Typical mistakes that can happen:

  • Typos in the email address: The recipient email address must match exactly (case sensitive!) with one of the email addresses in the PGP public key.
  • The mailhub does not allow to receive emails from the GSM

In the Alert list you will find a test button for the alert. Press it. A failure looks like this:

To analyze the problem, enter the GOS administration under menu Advanced->Logs->Manager and go to the latest entries (press “G”):

Scroling to the right the explanation says there was no matching email address in the key.
After fixing the spelling of the recipient email address the next test worked:

Of course you will find a test email in your incoming box. Try to decrypt. If it works, you are ready for using this alert.

5. Attach the new Email Alert to a new or existing Task

Either you can now add this new alert to a new task or edit an existing task and add the alert. Of course you can attach the same alert to as many tasks as you want.

6. Receive encrypted emails

Start the task and wait for the email to arrive in your incoming box.

The encrypted email from the GSM can now be decrypted like any other encrypted email. Of course your email tool needs to be capable of this and have access to the private decryption key that pairs with the public encryption key.

Internal feature code: FS-171122-0309.