Related Pages

 

Frequently Asked Questions (FAQs)

These FAQs only apply to E-mail Encryption.

QUESTIONS:

  1. Why use encryption?
  2. When should I encrypt?
  3. Will having encryption on my Outlook change or mess-up my e-mail?
  4. What if I send a message to someone who does not have encryption capabilities?
  5. What happens if someone receives an encrypted message, but does not have e-mail encryption installed?
  6. How much larger is the encrypted data from non-encrypted data?
  7. What is the best way to maintain access to archived data that has been encrypted?
  8. I can't see the Encryption\Digital signature buttons on my toolbar.
  9. Can I send an encrypted message to a distribution list or listproc?
  10. If I forward an encrypted message to someone else will they be able to read it?
  11. What happens if I attach an encrypted message that I received to an outgoing e-mail?
  12. A screen pops up that says a specific user does not have encryption capabilities but I know that the encryption was set up.
  13. How do I publish to the Global Address List?
  14. How do I change my encryption password?
  15. Help, I can no longer open encrypted messages or send digitally signed messages!
  16. Do I need to save the e-mails I got after requesting my certificates?
  17. Can you set your e-mail client options to automatically digitally sign, or to automatically encrypt all e-mail?
  18. If a professor wanted to communicate with student(s) private information like Student ID, would the student(s) also need encryption?
  19. I got a new computer and now my encryption doesn't work.
  20. Help, I lost my eToken, what do I do?
  21. I use more than one computer, how does that affect my ability to send or read encrypted messages?
  22. I use my home computer to do campus work and read or respond to e-mail. Can I have encryption set up on it?
  23. Why can't I use encryption on my PDA?
  24. Can I use encryption through KUAnywhere?
  25. Can I use a different KU-issued e-mail address (alias) than my registered (official) KU e-mail address to send/receive encrypted e-mail?
  26. I read my KU e-mail through the link on the main KU Web Page, can I use encryption?
  27. When traveling I use my phone/PDA or OWA access on other people's computers (i.e. motel computers), will I still be able to use my e-mail?
  28. What does 'registered' mean when discussing digital credentials?
  29. When you are renewing credentials, are you only renewing the personal credentials, the institutional credentials, or both?

ANSWERS:

  1. Why use encryption?
    The availability of encryption allows a higher level of security for sending confidential or sensitive information via e-mail.
     
  2. When should I encrypt?
    Encryption is appropriate for transmitting Personally Identifiable Information or confidential information such as information covered by FERPA, HIPAA, GLB, PCI, etc. Anytime there is a name along with an identifying number (such as employee number, student ID number, grades or rosters information, etc.), encryption is appropriate. Encryption is not recommended for non-identifiable information or for general communication regarding meeting times, non-confidential info, etc. Overuse of encryption for normal business matters is not recommended.
     
  3. Will having encryption on my Outlook change or mess-up my e-mail?
    No, everything will work exactly the same except that you will be able to send or receive encrypted messages to users within the campus community that also have encryption capabilities.
     
  4. What if I send a message to someone who does not have encryption capabilities?
    Once you click send, you will receive a pop up on your screen indicating that the intended recipient(s) do(es) not have encryption. You will also see buttons that allow you to cancel or send the message unencrypted. Choosing to send unencrypted removes encryption for all recipients.
     
    If you are sending to a list of multiple users or to a distribution list and one or more of the users does not have encryption, you will see an additional option to 'Continue'. Choosing this option encrypts the message to all recipients but only those without encryption capabilities will be able to view it.
     
  5. What happens if someone receives an encrypted message, but does not have e-mail encryption installed?
    They will receive the message, but they will not be able to open or read the contents of the message; they will only be able to see the header and the sender of the message. If the user installs encryption at a later date, they still will not be able to read the message from the pre-encryption installation.
     
  6. How much larger is the encrypted data from non-encrypted data?
    It is significantly larger because of the key information that is included with the encrypted message. As an example, a 2-line message that is encrypted may be 12 KB of space.
     
  7. What is the best way to maintain access to archived data that has been encrypted?
    Always retain all your certificates in specially marked folders; do no delete or overwrite the certificates from year to year. Once the materials are ready for official University archive, please check in with the University archivist (http://spencer.lib.ku.edu/ua/) for more information on transition keys, as appropriate.
     
  8. I can't see the Encryption\Digital signature buttons on my toolbar.
    (This is dependent on which version of Outlook you are running)
    Outlook XP/2002:
    • Encryption icons are not available on the Toolbar. In order use the encryption, once you are in a message view, you must go to Options and select the box(es) to digitally sign and/or encrypt a message.
       
    Outlook 2003:
    • Make sure that you are looking in a message view. The Encryption/Digital Signing buttons do not appear on the toolbars of the main Outlook page. You must be on a screen where a message can be sent in order for the buttons to be visible. By clicking New, Reply or Forward you will be able to see the digital signing and encryption buttons on your toolbar.
    • If the buttons still are not showing, make sure that the Formatting toolbar is visible. (Go to View->Toolbars-> Formatting) Once the Formatting toolbar is visible, use the drop down arrow to add the Encryption/Digital signature buttons. (When adding these buttons, they actually appear on the Standard toolbar).
    • If the buttons were showing but are no longer visible, click the drop down arrow on the Standard tool bar and re-add them.

     
  9. Can I send an encrypted message to a distribution list or listproc?
    Yes, as long as they have encryption capabilities enabled on their computer and have downloaded all the certificates as required
    • Distributions lists will allow you to send encrypted e-mails, but only those recipients who have encryption capabilities will be able to read the message. (see additional information in #4 above.)
    • Listproc will not allow you to send an encrypted e-mail.

     
  10. If I forward an encrypted message to someone else will they be able to read it?
    Yes, as long as they have encryption capabilities
     
  11. What happens if I attach an encrypted message that I received to an outgoing e-mail?
    The user will be unable to open the attached e-mail because the encryption was directed to you, the person who received it originally.
     
  12. A screen pops up that says a specific user does not have encryption capabilities but I know that the encryption was set up.
    The user's certificate may not have been published to the Global Address List (GAL). Contact the user, and ask them to publish their certificates. See the following response for more information.
     
  13. How do I publish to the Global Address List?
    In Outlook, click on the Tools menu->go to the bottom of the list and click on Options-> Choose the security tab-> Click the bottom left hand button that says Publish to GAL->Enter your encryption password.
     
    If you do not use Outlook, send email signed using your certificate to kuca@ku.edu with the subject line: Publish my certificate.

  14. How do I change my encryption password?
    The encryption password cannot be changed.
     
  15. Help, I can no longer open encrypted messages or send digitally signed messages!
    The most common reason for this problem is changing your Novell password on a Windows system that is configured to force a Windows password change instead of changing it through a Windows update process.

    This will result in the following message:
    Your Digital ID cannot be found by the underlying security system

    Another possible cause is that occasionally when processing a software update Windows systems may lose the connection to certificates.

    In either situation re-installing credentials from your institutional-id.p12 file will fix the problem. You do NOT need to repeat the Exchange configuration step, just the installation.

    You can also avoid the password change problem by changing your Windows desktop password with Windows control panel, then immediately changing your Novell password to the same new password instead of changing both through Novell. If your computer is configured so that its system name appears in the Novell resource list you should not need to change the passwords separately and should not have the password change problem.
     
  16. Do I need to save the e-mails I got after requesting my certificates?
    No, it is not necessary to save the e-mails but it is STRONGLY RECOMMENDED that you save a copy of the downloaded credentials file to a secure location. This may be your U: drive, other network drive, or an encrypted USB device. Contact your technical support person for advice or assistance.
     
  17. Can you set your e-mail client options to automatically digitally sign, or to automatically encrypt all e-mail?
    Yes, however, recipients (either on or off campus) who have not installed the KU root certificate will see a warning that your identity cannot be confirmed when reading signed e-mail. They can eliminate this warning by downloading and installing the root certificate from www.technology.ku.edu/ca
    You must have access to a recipient's certificate in order to send them encrypted e-mail. The Exchange Global Address List (GAL) automatically provides certificate access for all KU users configured to use encrypted e-mail. You can store certificates for others in your Contacts or Macintosh Keychain. If you attempt to send e-mail to and address for which a certificate cannot be found you will receive a warning and can cancel sending the e-mail.
     
  18. If a professor wanted to communicate with student(s) private information like Student ID, would the student(s) also need encryption?
    Yes and no. Students are the keepers of the information, and can choose to divulge or share that information with the professor. At some point, encryption may be made available to students, but the first phase of the project targets specific business groups on campus.
     
  19. I got a new computer and now my encryption doesn't work.
    The encryption set up has to be done on each computer you will be using to process e-mail regardless of whether you are using locally installed certificates or an eToken.
     
  20. Help, I lost my eToken, what do I do?
    Notify ITSO, itsec@ku.edu, that you have lost the token so that a replacement can be issued.
     
  21. I use more than one computer, how does that affect my ability to send or read encrypted messages?
    Encryption capabilities will only be available if it is set up on each computer. We encourage use of eTokens for users who travel with a laptop or have more than one campus owned computer.
     
  22. I use my home computer to do campus work and read or respond to e-mail. Can I have encryption set up on it?
    The handling of University Information must comply with University policy and procedures. University requirements are that you use an eToken for encryption on your home computer. You may request this by contacting IT Security, itsec@ku.edu. Once you have purchased and received your eToken you will need to install a piece of software and configure your e-mail to recognize your certificates.
     
  23. Why can't I use encryption on my PDA?
    At this point we're concentrating on PC-based (Windows, Mac) services. Theoretically, any smartphone supporting S/MIME e-mail could be used; however, there are likely to be issues with certificate authority acceptance. Similar issues are likely to block use of KU-based encrypted mail on most phones. Another issue is battery and CPU related. There are reports that receiving an S/MIME message on a Blackberry doubles CPU use and seriously cuts into battery life and processing time--the phone just isn't up to handling encryption/decryption. Many messages requiring encryption are likely to need it because they contain attachments with ID numbers or similar content requiring a PC to process, so inability to process them on a phone won't be an issue. There will definitely be some messages it would be nice to receive encrypted via phone, but the current priority is making encryption available University wide.
     
  24. Can I use encryption through KUAnywhere?
    Yes, encryption can be used through any ISP (Internet Service Provider) as long as the user has downloaded and installed the KU Root Certificate, Aladdin eToken PKI software, and configured Outlook to point to their eToken on the machine they are using.
     
  25. Can I use a different KU-issued e-mail address (alias) than my registered (official) KU e-mail address to send/receive encrypted e-mail?
    Certificates are generated using registered KU addresses. This doesn't have to be the same as the Exchange username. Although the account names may be different it works because Exchange is configured to use one as your 'From' address. If you set your 'From' address in Exchange to match your registered address your current certificate will work. You can do this through the 'Manage Exchange Accounts' link at http://www.technology.ku.edu/accounts/
    Alternatively, you could change your registered address to your desired KU issued e-mail address, get us to clear your current certificate entry, and get a certificate with that address. You may request this by contacting IT Security, itsec@ku.edu.
     
  26. I read my KU e-mail through the link on the main KU Web Page, can I use encryption?
    Yes, encryption can be used with OWA (Outlook Web Access), but as with any other use of encryption, the user must have downloaded and installed the KU Root Certificate, Aladdin eToken PKI software, and configured Outlook to point to their eToken on the machine they are using.
     
  27. When traveling I use my phone/PDA or OWA access on other people's computers (i.e. motel computers), will I still be able to use my e-mail?
    Yes, but will be limited to opening un-encrypted e-mail only. All e-mails you receive will be listed as usual. You will be able to see that you have received a message and who it is from but will be unsuccessful in trying to open it because you will not have encryption capabilities on the machine you are using. A solution to this would be to carry a University laptop and eToken with you that has the encryption software installed and configured.
     
  28. What does 'registered' mean when discussing digital credentials?
    Currently, only targeted groups have been registered to request digital credentials. If someone is not registered, he or she is given the opportunity to complete a short note explaining why they need encryption at this time.
     
  29. When you are renewing credentials, are you only renewing the personal credentials, the institutional credentials, or both?
    As of Summer 2008, the KU Certificate Authority is only issuing institutional certificates that include both components.