Configuring Signed and Encrypted Emails

To facilitate the decryption of signed and encrypted emails in PeopleSoft, you must configure the existing PeopleSoft pages by adding public certificates, private keys, and private key passphrases to the database.

To verify and decode signed emails, you must configure the smime_signed_verify algorithm keyset. If an email may be both signed and encrypted, you must configure the smime_signandencrypt_decryptandverify algorithm. For encrypted, but not signed emails, the smime_encrypted_decrypt algorithm must be configured.

To configure the smime_signed_verify algorithm, add the email sender's public certificate to the corresponding keyset after ensuring that the keyset ID is the email address of the email sender.

To configure the smime_encrypted_decrypt algorithm and the smime_signandencrypt_decryptandverify algorithm:

1. Add the email sender's public certificate, the email receiver's public certificate, and the email receiver's private key to the corresponding key set.

   Note: Ensure that the key set ID for the certificates is the associated email address. Prefix the greater than (>) sign to the email address for the recipient's private key.

   See Understanding PeopleSoft Encryption Technology.

2. Add the email recipient's private key passphrase to the new configuration page.

   For all private keys entered into the keyset algorithms mentioned in this section, you must enter the passphrases for the recipient’s private keys into the MCF Email Configuration page. To access the configuration page for private key passphrases, select PeopleTools > MultiChannel Framework > Email > MCF Email Configuration.

This example illustrates the fields and controls on the MCF Email Configuration page. You can find definitions for the fields and controls later on this page.