When I turned off Learn Mode, the real fun began, and I set about testing each of the delivery methods provided by the program. In an ideal world, everyone would have a key pair and everyone would be able to encrypt email. But we do not live in an ideal world, and PGP Universal takes this into account by providing delivery methods for messages destined for users without any kind of encryption on hand.
The first of these is WebMessenger, described in Part 1. (Figure 2)
Figure 2: A WebMessenger invitation
I tested both methods of sending WebMessenger mail: with implicit trust; and with requiring the authorization of the sender. I sent emails from a user (Alice) on my "Arpstorm" test network to a user (Bob) on my other test network, "Foobar" using both methods, and both worked well. The inclusion of sender authorization (in which the sender of the email gives the recipient a code to enter into the WebMessenger login, in the event that the email is intercepted or sniffed) was a nice touch.
Figure 3: The WebMessenger interface
(Click image for more detail)
The next delivery method I looked at was PGP Satellite. Satellite is a program available to external users that allows them to send and receive encrypted mail from their desktop systems without having to go through WebMessenger. It interacts with an installation of PGP Universal to create a key pair for the external user and allow him or her to utilize the public keys of anyone in the Universal domain.
As with everything in PGP Universal, downloads of Satellite (Figure 4) can be controlled through policy settings. A user can be offered to download Satellite through the use of 'smart trailers', which are footers appended to outgoing email messages explaining that they were potentially encrypted with PGP Universal. Satellite may also be downloaded through the preferences menu in WebMessenger.
Figure 4: PGP Universal Satellite download page
(Click image for more detail)
Satellite was downloaded from the PGP Universal server onto my external test host quickly and painlessly. An ActiveX control embedded in the site auto-detected the operating system that we were running and downloaded the appropriate Satellite version. When I tested a Satellite download without ActiveX enabled, I was still able to download the application through links on the page.
Satellite installed itself with only a minimum of input from me required to generate the key, and before long the machine was set up to send and receive mail from a PGP Universal domain. Satellite runs as a background process, without even a system tray icon to flag that it is running. But the machine's ability to send and receive encrypted mail confirmed that it was that it was there and running.
PGP Universal (as well as the PGP Desktop component) sends encrypted email as .pgp attachments to the message (Figure 5), which are then decrypted (Figure 6) by Universal, Satellite, Desktop, or any other OpenPGP program that contains the recipient's private key.
Figure 5: How an encrypted email looks to someone without the key
This could pose a problem with organizations that scrub all unknown attachments from email messages as a way of stopping viruses. So appropriate email filtering policies will need to be tweaked to accommodate .pgp attachments before PGP Universal is fully deployed.