I've been asked to verify how email could be recovered in the event someone has sent email to an external user and there is some sort of legal discovery required. We archive our email on Postini. When emails are encrypted they use the public key of the "TO" user and the private key of the "FROM". I need to understand how I would go about collecting the public keys in order to decrypt outbound email from the archives. David Jenkins

You can only decrypt with private key...so all the outgoing mail (encryptet with receiver public key) can not be opened in the encryptet format (as the receiver has the only key to decrypt the message). Therefore this message needs to be archived before encypting. When it comes to incoming mail encryptet with a users public key; one needs access to the users private key to decrypt it. This key needs to be archived to be able to decrypt messages, also the different versions of the private key (depending on lifetime of user cert; normal one year) needs to be stored if ones need to decrypt old messages who have been encrypted with a previous user certificate (private key).

I'm looking for some solution similar to PGP's Additional Decryption Key (ADK). http://www.symantec.com/business/support/index?page=content&id=TECH149500 David Jenkins

You must use pGP to do this. SMIME does not support an additional decryption key Remember though, the sender also encrypts a copy in their Sent Items email box If the PKI is properly set up, an auditor could import the user's email encyrption certificate and private key (KRA recovery) to read the outbound (and inbound emails) Brian

Thank you. I understand that the ADK stuff is PGP only. It's an example. Understanding that SMIME doesn't support additional decryption keys maybe there is a way to implement it anyway. For ADK an additional email address is added to the BCC field and is restricted from being removed. I'm wondering if there is a way to do something similar for Exchange. Then I could capture all outbound mail. Kind of sounds like Journal Archiving doesn't it?David Jenkins

On Tue, 31 Jan 2012 20:15:31 +0000, David L. Jenkins wrote: I'm wondering if there is a way to do something similar for Exchange.? Then I could capture all outbound mail.? Kind of sounds like Journal Archiving doesn't it? You might want to ask this question in the Exchange Server forum. Paul Adare MVP - Forefront Identity Manager http://www.identit.ca Apple: Typically, a device used to seduce men. Usually equipped with display screens and/or worms.

Hi David, As your question is related to Exchange Server, I suggest you also ask in the Exchange Server forum. The support professional there are more familiar with it and can help you in a more efficient way. Exchange Server Forums http://social.technet.microsoft.com/forums/en-US/category/exchangeserver/ Regards, Bruce

I did. Forgot to close this.David Jenkins

Hi David, As your question is related to Exchange Server, I suggest you also ask in the Exchange Server forum. The support professional there are more familiar with it and can help you in a more efficient way. Exchange Server Forums http://social.technet.microsoft.com/forums/en-US/category/exchangeserver/ Regards, Bruce