| Table of Contents | ||||||||
|---|---|---|---|---|---|---|---|---|
|
...
S/Notify selects the encryption algorithm based on the preferences stored on PGP key according to the OpenPGP specifications as defined in RFC 4880. If you need to override this and always use a specific cipher, please contact the S/Notify support team for instructions how to change the encryption algorithm.
Prior to version 3.2.0, S/Notify used AES-128 for PGP email encryption, because of known vulnerabilities in Triple-DES.
Can we use S/Notify to just sign all outgoing emails?
...
You can freely choose the option that is easier to handle for you. You may as well use a mixture of both options.
We want to use the SKS key server pool over HTTPS, but it fails with a certificate error. How can we fix that?
If your connection fails with something like
Error message: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
this means, that the responding server uses a certificate which has not been signed by a trusted certificate authority (CA).
Since the HKPS pool at sks-keyservers.net uses a self-signed root certificate to sign the SSL certificates of the PGP servers in the pool, you must download and import this self-signed root certificate into your your Java trust store. Please see SKS Key Server Pool for a description how to that.
Why does the connection to the key server fail, while I am sure the key server URL is correct?
...