Message Integrity
A common question we hear from customers is “How do I know that messages in the Vault have not been altered?”
Concerns that stored messages could be altered to change their original meaning are quite legitimate. Preemptive Consulting has taken special measures to design the Preemptive Email Vault so that stored messages cannot be “invisibly” altered, and the integrity of any given message can be proven with government endorsed methods.
How we protect the integrity of your email with Digital Signatures
When the Preemptive Email Vault receives an email message it is stored in a relational database. Part of this processing digitally signs the email and then stores the signature with the message in the database. The digital signature can be though of as a “tamper-proof seal” that proves the integrity of the stored email message.
The digital signature can be used to prove that the email message that is stored in the database has not been altered. The digital signing process uses a password-protected, cryptographically strong, government endorsed algorithm that makes signature forgery impossible.
The underlying digital signature keys are randomly generated at the time that the Preemptive Email Vault is installed. This means that the integrity of your email is protected even in the unlikely event that the security of another organization is somehow compromised.
How secure is a Digital Signature?The Preemptive Email Vault uses DSA signatures (with a modulus of 1024 bits) that are built on top of SHA-1 message digests.
The US Department of Commerce/National Institute of Standards and Technology (NIST) endorses DSA Signatures in their FIPS 186-2 standard (available at http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf).
The Australian Defence Signals Directorate (DSD) has determined that DSA is a Cryptographic Algorithm acceptable for Australian Government use (see http://www.dsd.gov.au/_lib/pdf_doc/acsi33/acsi33_u.pdf).
The bottom line is that the Preemptive Email Vault uses proven and secure algorithms to assure the integrity of your email.
See a movie showing how to check a message's integrity (970KB).