If Internal Recipients have not been added in your system under **Gateway --> Internal Recipients**, this page will not show a recipient listing.
By default, When Internal Recipients are added into Hermes SEG, they are NOT configured with the ability to send encrypted email. Each Internal Recipient must be individually configured for the type of encryption you wish for them to use. On this page, a listing of only previously added Internal Recipients will appear. Note, that under the **Encryption Status** section the **PDF** and **S/MIME** and **PGP** columns are set to **No**. Additionally, under the **S/MIME Cert(s)** section, the certificate[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681511189.png)icons are disabled indicating that no S/MIME Certificates are present, and under the **PGP Keyring(s)** section the keyring[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681527764.png)icons are disabled indicating that no PGP Keyrings are present **(Figure 1**). **Figure 1** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681541466.png) ### Filter Internal Recipients Encryption Setting a filter will assist you in narrowing down specific recipients by email address or domain in order to manage encryption settings easier. 1. In the Filter By field, enter a complete or partial email address or domain and click the **Set Filter** button. If any matches are found, the **Internal Recipients** **Encryption** listing will be populated with **only the entries matching the filter you set** (**Figure 2**). **Figure 2** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681552196.png) 2. You can clear a filter you set by clicking the **Clear Filter** button at any time. ### Configure Internal Recipients Encryption 1. Under the C**onfigure Encryption** column of the Internal Recipient you wish to configure, click on the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681570492.png)icon. 2. In the **Edit Internal Recipient Encryption** page, under the **PDF Encryption** field, select Enabled if you wish to enable PDF Encryption for this recipient. 3. Under the **S/MIME Encryption** field, select Enabled if you wish to enable S/MIME Encryption for this recipient. Please note, that if you enable S/MIME Encryption, you must also create or import a S/MIME Certificate for this recipient. 4. Under the **Digital Signature** field, select **Digitally Sign ALL Outgoing Messages** if you wish to have all outgoing messages from this recipient to be digitally signed by S/MIME Certificate regardless if the messsage is encrypted or not. Otherwise, leave selected the default setting of **Digitally Sign ONLY Encrypted Outgoing Messages** which will ONLY digitally sign outgoing messages that have been encrypted. Please note, Digital Signature requires a S/MIME certificate to be created or imported before any messages can be digitally signed. 5. Under the **PGP Encryption** field, select Enabled if you wish to enable PGP Encryption for this recipient. Please note, that if you enable PGP Encryption, you must also create or import a PGP Keyring for this recipient. 6. Click on the **Save and Apply Changes** button (**Figure 3**). **Figure 3** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681584848.png) 6. The button will display a status of **Saving and Apply Changes, please wait...**(**Figure 4**). **Figure 4** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681592985.png) 7. Configuring encryption can be a time consuming process. Please wait for a Success message from the system before clicking the **Back to Internal Recipients Encryption** button at the bottom of the page (**Figure 5**). **Figure 5** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681604978.png) ### Generate Internal Recipient S/MIME Certificate **Do not attempt to generate a S/MIME Certificate for an Internal Recipient unless you have already enabled S/MIME encryption on that recipient.** 1. Under the **S/MIME Certificate(s)** section of the Internal Recipient you wish to generate a certificate, click on the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681614972.png)icon. 2. You will be re-directed to the **Add Recipient S/MIME Certificate** page. 3. Assuming you have previously created an Internal Certificate Authority, under the **Certificate Authority** field, select the Internal Certificate Authority you wish to use to generate the S/MIME certificate. 4. Under the **S/MIME Certificate Validity Period**, select the number of years you wish this S/MIME Certificate to be valid. The default setting of 5 Years is recommended. 5. Under the **S/MIME Certificate Encryption Length**, select the length of the certificate. The default setting of 4096-bits is recommended. 6. Under the **S/MIME Certificate Algorithm**, select the algorithm you wish to generate the certificate. The default setting of RSA-SHA-512 is recommended. 7. Under the **Auto-Generate S/MIME Certificate and Private Key PFX password** field, select **Yes** to have the systtem automatically generate a password for the PFX file or select **No** if you wish to specify your own password. When generating a certificate, the system will also create a PFX file (Personal Information Exchange) and assign a password to it for security. A PFX file will contain both the public AND the private key of the generated certificate. The PFX file is used by the system for sending both the private and public key to the recipient that the certificate is being generated for for backup purposes or for configuring an email client. It's recommended that you allow the system to generate a PFX file password. 8. If you selected No in the **Auto-Generate S/MIME Certificate and Private Key PFX password**, enter the password you wish to use under the **S/MIME Certificate and Private Key PFX password** and enter the same password under the **Verify S/MIME Certificate and Private Key PFX password** field. 9. Click on the **Create Certificate** button (**Figure 6**). Please note that clicking the **Create Certificate** button will not change the button status and the system may appear unresponsive. Please wait until the certificate get created and the system re-directs you back to the **Internal Recipients Encryption** page. **Figure 6** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681629583.png) 10. The system will generate the certificate and automatically redirect you back to the **Internal Recipients Encryption** page. 11. Under the Internal Repients listing on the S/MIME Cert(s) section of the recipient you just generated a certificate, you will note the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681647880.png)icon which will now be enabled and clickable indicating that there are certificates present (**Figure 7**). **Figure 7** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681659089.png) ### Import Internal Recipient S/MIME Certificate **Do not attempt to import a S/MIME Certificate for an Internal Recipient unless you have already enabled S/MIME encryption on that recipient.** **Hermes SEG ONLY supports importing S/MIME certificates from PFX (Personal Information Exchange) files. Ensure that you have a PFX file which will contain both the certificate and the private key along with the password of the PFX file before proceeding.** 1. Under the **S/MIME Cert(s)** section of the Internal Recipient you wish to import a certificate, click on the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681669236.png)icon. 2. You will be re-directed to the **Import Recipient S/MIME Certificate** page. 3. Under the **Select PFX File** section, click on the **Choose File** button. 4. Browse to the location of the PFX file, select the file and click the **Open** button (**Figure 8**). **Figure 8** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681683343.png) 5. The name of the PFX file you chose will appear next to the **Choose File** button (**Figure 9**). **Figure 9** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681693427.png) 6. Under the **PFX file password** field, enter the password to the PFX file (**Figure 10**). **Figure 10** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681700633.png) 7. Under the **Add to Certificate Trust List** field, select **Yes** to add the certificate to the system Certificate Trust List. **Selecting Yes is always recommended** unless you have a specific reason not to trust the certificate you are importing. In that case, select No (**Figure 10**). **Figure 10** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681707879.png) 8. Click the **Import Certificate** button (**Figure 11**). **Figure 11** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681716057.png) 9. After a succesful import, click on the **Back to Internal Recipients Encryption** button on the bottom of the page (**Figure 12**). **Figure 12** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681724264.png) 10. Back at the **Internal Recipients Encryption** page, under the Internal Repients listing on the S/MIME Cert(s) section of the recipient you just imported a certificate, you will note the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681735000.png)icon which will now be enabled and clickable indicating that there are certificates present (**Figure 13**). **Figure 13** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681747069.png) ### Download or Send PFX File **Hermes SEG will allow you to download or send to the Internal Recipient the password protected PFX file containing the certificate and private key.** 1. At the **Internal Recipients Encryption** page, under the **S/MIME Cert(s)** section, click on the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681756705.png)icon of the recipient you want to download or send the PFX file. You will be re-directed to the **View Recipient S/MIME Certificates** page (**Figure 14**). **Figure 14** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681772173.png) **Download PFX File** **NEVER share PFX File passwords via unsecured means such as unencrypted email, SMS text etc.** 1. Click on the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681783491.png)icon of the certificate you wish to download. Your browser will immediately start downloading the PFX file. 2. If you wish to view the PFX password, click on the[ ](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681796269.png)icon. You will be re-directed to the **Send Recipient PFX Certificate File & Password** page, where you will be able to view the PFX file password under the **PFX Certificate File Password** field (**Figure 15**). **Figure 15** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681810036.png) **Send PFX File** **NEVER share PFX File passwords via unsecured means such as unencrypted email, SMS text etc.** **Hermes SEG will send the PFX file ONLY to the recipient email address that the certiciate was generated/imported for.** 1. Click on the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681817414.png)icon of the certificate you wish to send. 2. You will be re-directed to the **Send Recipient PFX Certificate File & Password** page. 3. Click on the **Send Certificate** button (**Figure 16**). **Figure 16** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681830409.png) 4. If necessary, provide the password to the PFX file to the recipient via secured means. ### Generate Internal Recipient PGP Keyring **Do not attempt to generate a PGP Keyring for an Internal Recipient unless you have already enabled PGP encryption on that recipient.** 1. Under the **PGP Keyring(s)** section of the Internal Recipient you wish to generate a PGP Keyring, click on the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681840135.png)icon. 2. You will be re-directed to the **Add Recipient PGP Keyring** page. 3. Under the **Recipient Real Name** section, enter the recipient's First and Last Name. 4. Under the **PGP Keyring Size**, select the size of the keyring. The default setting of 4096-bits is recommended. 5. Under the **Auto-Generate PGP Secret Key Password** field, select **Yes** to have the systtem automatically generate a password for the Secret Key or select **No** if you wish to specify your own password. It's recommended that you allow the system to generate a Secret Key password. 6. If you selected No in the **Auto-Generate PGP Seccret Key password**, enter the password you wish to use under the **PGP Secret Key Password** and enter the same password under the **Verify PGP Secret Key Password** field below the first one. 7. Click on the **Create Keyring** button (**Figure 17**). Please note that clicking the **Create Keyring** button will not change the button status and the system may appear unresponsive. Please wait until the keyring get created and the system re-directs you back to the **Internal Recipients Encryption** page. **Figure 17** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681853742.png) 10. The system will generate the keyring and automatically redirect you back to the **Internal Recipients Encryption** page. 11. Under the Internal Repients listing on the **PGP Keyring(s)** section of the recipient you just generated a keystore, you will note the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681862499.png)icon which will now be enabled and clickable indicating that there are keyrings present (**Figure 18**). **Figure 18** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681875758.png) ### Import Internal Recipient PGP Keyring **Do not attempt to import a PGP Keyring for an Internal Recipient unless you have already enabled PGP encryption on that recipient.** 1. Under the **PGP Keystore(s)** section of the Internal Recipient you wish to import a keystore, click on the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681888101.png)icon. 2. You will be re-directed to the **Import Recipient PGP Key** page. 3. Under the **PGP Key Type** field, select whether you will be importing a **Public** or a **Private** Key type. If you select a **Private** PGP Key Type, the **Private PGP Key Password** field below will become enabled. 4. If you selected a **Private** PGP Key Type above, enter the private key password in the **Private PGP Key Password** field. 5. Under the **Select PGP Key File** section, click on the **Choose File** button. 6. Browse to the location of the PGP key file, select the file and click the **Open** button (**Figure 19**). **Figure 19** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681901975.png) 5. The name of the PGP Key file you chose will appear next to the **Choose File** button (**Figure 20**). **Figure 20** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681911068.png) 6. Click the **Import Key** button (**Figure 21**). **Figure 21** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681917473.png) 9. After a succesful import, click on the **Back to Internal Recipients Encryption** button on the bottom of the page (**Figure 12**). **Figure 22** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681924310.png) 10. Back at the **Internal Recipients Encryption** page, under the Internal Repients listing on the **PGP Keyring(s)** section of the recipient you just imported a certificate, you will note the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681931865.png)icon which will now be enabled and clickable indicating that there are keystores present (**Figure 23**). **Figure 23** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681944363.png) ### Delete Key, Download Public Key, Download Private Key, View Private Key Password and Publish Public Key 1. At the **Internal Recipients Encryption** page, under the **PGP Keystore(s)** section, click on the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681952987.png)icon of the recipient. You will be re-directed to the **View Recipient PGP Keyrings** page (**Figure 24**). **Figure 24** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681965377.png) **Delete Key** 1. Click on the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681973148.png)icon of the key you wish to delete. You will be re-directed to the **Delete Recipient PGP Key** page (**Figure 25**). **Figure 25** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681986666.png) 2. Click the **Delete** Key button. Please note that if you are deleting the **Master** Key, the system will automatically delete both the Master and any associated Sub Keys. If you are deleting a **Sub** Key, the system will only delete the Sub Key you selected to delete. If you wish to cancel, click on the **Back to Recipient PGP Keyrings** button. 3. Clicking the **Delete** button will delete the key and re-direct you back to the **Internal Recipients Encryption** page (**Figure 26**). **Figure 26** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609681996852.png) **Download Public Key or Private Key** Downloading the Public and Private Keys is useful for importing those keys in 3rd party PGP applications such as Enigma, Kleopatra etc. 1. Click on the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609682007409.png)icon under the **Download Public** or the **Download Private** column of the key you wish to download. Your browser will automatically begin downloading the key you clicked in **ASCII armor** format. **View Private Key Password** **This feature is useful in determining the Private Key password that the system automatically generates when generating a PGP Keyring. NEVER share Private Key passwords via unsecured means such as unencrypted email, SMS text etc.** 1. Click on the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609682021264.png)icon under the **View Password** column of the key you wish to view the private key password. 2. You will be re-directed to the **View Recipient PGP Private Key** **Password** page (**Figure 27**). **Figure 27** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609682140278.png) **Publish Public PGP Key** This feature is helpful with publishing recipient Public PGP Keys to Public PGP Key Servers. Public PGP Key Servers act as central repositories for public keys in order to assist in PGP cryptography.Please note that if no PGP Key Servers are defined under **Encryption --> PGP Key Servers** the icons under the Publish Key column of every key will be disabled[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609682188837.png).
1. Click on the[](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609682219443.png)icon under the **Publish Key** column of the key you wish to publish. 2. You will be re-directed to the **Publish Recipient PGP Public Key** page (**Figure 28**). **Figure 28** [](https://docs.deeztek.com/uploads/images/gallery/2021-01/image-1609682314479.png) 3. By default all the configured Public PGP Key Servers are selected. If desired, uncheck any key servers from the list that you do not wish to publish the public key and click the **Publish Key** button. 4. When finished, click, on the **Back to Recipient PGP Keyrings** button on the bottom of the page.