https://oxpedia.org/wiki/index.php?title=AppSuite:OX_Guard_Modular&feed=atom&action=historyAppSuite:OX Guard Modular - Revision history2024-03-28T23:48:19ZRevision history for this page on the wikiMediaWiki 1.31.0https://oxpedia.org/wiki/index.php?title=AppSuite:OX_Guard_Modular&diff=23868&oldid=prevGreg.hill: /* Configuring key servers */2018-03-13T12:36:22Z<p><span dir="auto"><span class="autocomment">Configuring key servers</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 12:36, 13 March 2018</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l17" >Line 17:</td>
<td colspan="2" class="diff-lineno">Line 17:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Configuring key servers ==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Configuring key servers ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>In the file /opt/open-xchange<del class="diffchange diffchange-inline">/guard</del>/etc/guard.properties file, there is a configuration setting</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>In the file /opt/open-xchange/etc/guard<ins class="diffchange diffchange-inline">-core</ins>.properties file, there is a configuration setting</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>  com.openexchange.guard.publicPGPDirectory = hkp://keys.gnupg.net:11371, hkp://pgp.mit.edu:11371</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>  com.openexchange.guard.publicPGPDirectory = hkp://keys.gnupg.net:11371, hkp://pgp.mit.edu:11371</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l32" >Line 32:</td>
<td colspan="2" class="diff-lineno">Line 32:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>  com.openexchange.guard.publicPGPDirectory = http://frontend</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>  com.openexchange.guard.publicPGPDirectory = http://frontend</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Key Generation ==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Key Generation ==</div></td></tr>
</table>Greg.hillhttps://oxpedia.org/wiki/index.php?title=AppSuite:OX_Guard_Modular&diff=20362&oldid=prevGreg.hill: /* Testing */2015-09-08T19:25:12Z<p><span dir="auto"><span class="autocomment">Testing</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 19:25, 8 September 2015</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l55" >Line 55:</td>
<td colspan="2" class="diff-lineno">Line 55:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The response of a Guard server can be tested by using the URL</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The response of a Guard server can be tested by using the URL</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>  http://guardserver:8080/pgp/lookup?op=index&<del class="diffchange diffchange-inline">email</del>=john@somewhere.com</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>  http://guardserver:8080/pgp/lookup?op=index&<ins class="diffchange diffchange-inline">search</ins>=john@somewhere.com</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Substitute the email address for a test user.  If the user has set up keys already, their public keys will be listed.  If they don't have keys yet, it will depend on the whitelist settings.  If your computer is in the whitelist, then keys should be generated and the user should receive a welcome email.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Substitute the email address for a test user.  If the user has set up keys already, their public keys will be listed.  If they don't have keys yet, it will depend on the whitelist settings.  If your computer is in the whitelist, then keys should be generated and the user should receive a welcome email.</div></td></tr>
</table>Greg.hillhttps://oxpedia.org/wiki/index.php?title=AppSuite:OX_Guard_Modular&diff=20333&oldid=prevGreg.hill: Multi-node Guard setup2015-09-03T13:30:29Z<p>Multi-node Guard setup</p>
<p><b>New page</b></p><div>= Ox Guard Multi Node Setup =<br />
<br />
== Overview ==<br />
<br />
If there are multiple installations of Guard and OX backends some additional configuration may be required to maximize the user experience.<br />
<br />
When a Guard email is sent to a user not local to the Guard installation (not a member of the local OX installation), then Guard takes the following steps<br />
<br />
* Search for any keys available using configured key servers<br />
* Search for SRV records containing PGP information<br />
* If no keys found, then create a Guest account<br />
<br />
A Guest account creates a pair of PGP Public/Private keys, and sends the user a link to read the email using Guard's Guest reader.<br />
<br />
Ideally, if the recipient is in a Guard installation, they should receive an encrypted email using their Guard keys rather than a Guest account link. That way, the experience is the same for them regardless if they received an email from a local user, or an external Guard account.<br />
<br />
== Configuring key servers ==<br />
<br />
In the file /opt/open-xchange/guard/etc/guard.properties file, there is a configuration setting<br />
<br />
com.openexchange.guard.publicPGPDirectory = hkp://keys.gnupg.net:11371, hkp://pgp.mit.edu:11371<br />
<br />
If you know of other Guard installations that your users will be using, then it should be added here. The URLs can follow the standard hkp://domain:11371, or can specify a more detailed URL. If a more detailed URL, then it should end with a "?" at which point the standard hkp parameters will be added. If just the domain is given, then the standard "/pks/lookup?" is used.<br />
<br />
Guard servers, if addressed directly, should have the URL http://address:port/pgp/lookup?<br />
<br />
For example, if you are addressing another Guard server (say 10.10.10.100 using port 8080) directly, you would use the URL<br />
<br />
com.openexchange.guard.publicPGPDirectory = http://10.10.10.100:8080/pgp/lookup?<br />
<br />
If, on the other hand, you are using an Apache front end load balancer as configured in the installation directions, the URL would be<br />
<br />
com.openexchange.guard.publicPGPDirectory = http://frontend<br />
<br />
<br />
== Key Generation ==<br />
<br />
Guard creates user keys on demand. Key generation, on the other hand, is very CPU intensive. Therefore, the public key lookup service does not, by default, create keys for users.<br />
<br />
So, if sending to a user in another Guard installation that has a Guard server, but the user hasn't setup keys, the public key server will return "No keys" for the user.<br />
<br />
Again, this is less than ideal, as we would like that user to have the full UI experience. To work around this, Guard has a whitelist setting for known Guard servers<br />
<br />
# Comma delim CDIR notation or distinct IP. eg "= 10.0.100.0/24, 192.168.10.3"<br />
com.openexchange.guard.publicKeyWhitelist=<br />
<br />
If the sending server is listed in this Whitelist, then the public key server WILL create keys for the user, and send that user a welcome message with a temporary password.<br />
<br />
With the Whitelist parameter set, the experience for the sender and recipient is the same as if both users were local.<br />
<br />
If there is a frontend used, the IP address of the sending Guard server might be masked, however. In this case, Guard respect the HTTP parameter "X-Forwarded-For"<br />
<br />
== Testing ==<br />
<br />
The response of a Guard server can be tested by using the URL<br />
<br />
http://guardserver:8080/pgp/lookup?op=index&email=john@somewhere.com<br />
<br />
Substitute the email address for a test user. If the user has set up keys already, their public keys will be listed. If they don't have keys yet, it will depend on the whitelist settings. If your computer is in the whitelist, then keys should be generated and the user should receive a welcome email.<br />
<br />
Ideally, you should also check between two different nodes. Log into an account in node 1. Compose an email, enable encryption, then type the name of a user in node 2. A PGP key icon should appear next to the name if proper lookup done. If a "green man" icon appears, then a Guest account would be created and the key lookup failed.<br />
<br />
== User Capabilities ==<br />
<br />
We strongly encourage administrators to enable the capability<br />
<br />
com.openexchange.capability.guard=true<br />
<br />
for all users. This is the minimum Guard capability level. It allows the user to read an encrypted emails sent to them, and reply to those emails. This minimum level, though, does not allow the user to create new emails or encrypt files. We feel this is the best experience for the sender and recipients, and provides an excellent upsell opportunity.</div>Greg.hill