Interested in a personalized demonstration? Book a Meeting
Certificate and Key Management with Echoworx
Built on AWS KMS and leveraging tamper-resistant hardware security modules (FIPS 140-3 Level 3), Echoworx provides enterprise-grade features for creating, rotating, and automating email encryption keys and certificates—all from a single platform.
Automated S/MIME Certificate Encryption
Streamline your S/MIME encryption process with Echoworx by automatically retrieving valid certificates for recipients and enabling effortless migration.
Key Features
- Import all your employees’ certificates and keypairs for a smooth migration.
- Automatically generate new keys as needed, ensuring a fully automated process.
- Recipients can upload their x509 certificates directly via the Echoworx web portal.
- Generate self-signed S/MIME credentials through the web portal for instant use.
- Perform external lookups in LDAP directories to automatically locate recipient certificates.
- Digitally sign messages using keys uploaded or generated for the sender address, with enterprise-level fallback keys available.
- Seamless DigiCert and SwissSign integration provides trusted S/MIME credentials on-demand, with keys securely stored in Echoworx.
Additional Benefits
- Decrypt inbound S/MIME messages when private keys are managed in the Echoworx platform.
- Add branded footers and headers to inbound decrypted messages for a polished communication experience.
- Support S/MIME signed-only messages and certificate harvesting via x-header tagging.
- Simplify certificate management with the Echoworx Portal—no need for separate invitation emails or unbranded pages.
- Recipients don’t need to change their behavior—encryption works seamlessly in the background.
Technical Notes
- Certificates and keys are securely stored and managed within Echoworx, for enhanced security.
- Powered by AWS KMS and leveraging tamper-resistant hardware security modules (FIPS 140-3 Level 3), aligning with encryption standards like AES-256.
Cloud-Based PGP Encryption
Streamline your PGP encryption process by decommissioning in-house servers and automating key management, all within a secure, cloud-based solution tailored to your organization.
Key Features
- Automatically retrieve and use valid PGP certificates for recipients via external lookup in LDAP directories.
- Enable recipients to upload their PGP public keys directly for instant use.
- Digitally sign messages with keys uploaded or generated for the sender address, with fallback to enterprise-level domain keys.
- Auto-generate PGP public/private key pairs on-the-fly for senders when needed, ensuring a smooth, automated workflow.
- Attach sender public keys to outgoing PGP-encrypted emails for easy recipient access.
Additional Benefits
- Fully support PGP migration to the cloud, consolidating all certificate-based email activities into one secure platform.
- Decrypt inbound PGP messages when private keys are hosted within the Echoworx platform.
- Import existing PGP keys for a seamless migration process.
- Automatically generate new keys as required, streamlining encryption without manual intervention.
- Enhance the user experience with a simplified process for uploading PGP certificates—no need for separate invitations or unbranded pages.
- Include branded footers and headers on inbound decrypted messages for a professional touch.
Technical Notes
- Configure your gateway with additional rules to route messages to Echoworx for decryption and certificate extraction.
- All keys and certificates are securely managed within Echoworx, powered by AWS KMS, ensuring robust protection.
Manage Your Own Encryption Keys
Take control with Echoworx’s MYOK feature, powered by AWS KMS. Stay compliant, secure, and maintain full governance over your keys.
Key Features
- Full Key Control: Retain complete ownership of your encryption keys, ensuring they stay under your corporate governance.
- Streamlined Management: Simplify key creation, rotation, and automation without disrupting operations.
- Robust Security: Protect your cryptographic keys with tamper-resistant, FIPS 140-3 Level 3–validated hardware security modules (HSMs).
- Custom Encryption Strategies: Leverage customer-managed keys (CMKs) for tailored encryption solutions.
- Scalable Performance: Ensure seamless encryption and decryption at scale with low-latency performance.
- Compliance Ready: Meet regulatory requirements such as GDPR, HIPAA, and PCI DSS while maintaining data residency.
Additional Benefits
- Keys are created, managed, and deleted entirely within AWS KMS, ensuring they never leave the service unencrypted.
- Built on advanced encryption standards like AES-256 for uncompromising security.
- AWS KMS relies on a fleet of FIPS 140-3 Security Level 3-validated HSMs to safeguard key material.
- Supports seamless integration with your existing governance framework to ensure compliance and security.
Technical Notes
- Echoworx’s MYOK feature is powered by AWS KMS, combining scalability, advanced encryption protocols, and adherence to global compliance standards. This ensures your data remains secure and your encryption strategy stays firmly in your hands.
DigiCert and SwissSign Integration
Combining DigiCert’s API and SwissSign’s robust Swiss-level security with Echoworx’s email encryption service, S/MIME credentials are automatically generated—no pre-existing private keys required.
Key Features
- Automated S/MIME Credential Management: Quickly onboard users with instant S/MIME credential generation through DigiCert or SwissSign. Eliminate manual steps and delays, even for employees without pre-existing private keys.
- Seamless Email Security: All outbound encrypted emails and notifications are automatically signed with trusted S/MIME credentials tied to your corporate email domain, ensuring secure communication.
- Swiss-Level Security Standards: Meet the highest cybersecurity requirements in the DACH region with SwissSign certificates. SwissSign root key material is securely stored in Swiss banks, with operations hosted in Swiss data centers for unmatched reliability.
- Error-Free Deployment: Simplify certificate setup with automated processes that reduce errors, even in organizations with frequent onboarding and offboarding.
Additional Benefits
- Automated Certificate Management: Streamline S/MIME certificate renewals and updates with automated processes. Reduce manual effort, minimize errors, and eliminate risks of certificate expiration.
- Regulatory Compliance Made Easy: Meet industry standards like GDPR, PCI-DSS, FERPA, HIPAA, and more. Ensure your emails align with internal security policies, protecting your organization, employees, and customers.
Technical Notes
- Domain Ownership Validation: Certificates can only be issued for email domains you own and pre-validate with DigiCert or SwissSign. External domains like Gmail or Outlook are not supported for trusted credentials.
Security Assurance & Certification Programs
