Echoworx Blog

PGP & S/MIME Is Evolving: What Enterprises Need to Know

Encryption Features    | May 22, 2025
Professional black woman smiling and using a mobile phone. Business woman checking her messages while working from her desk.

Certificate-based encryption plays a critical role in ensuring secure communication, particularly for enterprises in regions with strict regulatory standards such as the DACH region.

Echoworx’s latest release introduces updates to its S/MIME and PGP encryption capabilities, aligning with best practice recommendations from The German Federal Office for Information Security (BSI). These enhancements are designed to improve workflows, strengthen security, and ensure compliance with global standards, while reducing the administrative demands of managing encryption at scale.

This article outlines the key updates, their practical implications, and how they address common challenges in certificate-based encryption.

Updates in S/MIME: Streamlining Certificate Management

Managing S/MIME certificates can be complex and time-consuming for large enterprises with intricate email infrastructures. The following updates aim to minimize inefficiencies:

  • CA Integration: Now, enterprises can automatically generate S/MIME certificates on demand from a trusted Certificate Authority. This replaces manual workflows for outbound message signing, reducing admin time and ensuring constant certificate availability.
  • Global LDAP Directory Publishing: Public X.509 certificates are now published to the Echoworx Global LDAP Directory. This feature simplifies certificate discovery and management, reducing delays in secure communications caused by time-consuming searches.
  • Improved Credential Logic: Auto-generated S/MIME credentials now use the SENDER MIME header to improve functionality for group mailboxes and forwarded messages. This update ensures smoother workflows in more complex email setups.
  • Retry Mechanisms for Certificates: Temporary service outages no longer disrupt encryption workflows. The system now automatically retries certificate requests, ensuring consistent operations.
  • Enhanced Security Controls: Uploaded or generated S/MIME private keys are restricted to their mapped profile domains. This additional layer of security protects sensitive communications from unauthorized access.
Overview of Echoworx S/MIME Process

S/MIME mail flow using Echoworx Email Encryption.

Updates in PGP: Easing Key Management

PGP encryption remains a widely used method for secure communication, but managing keys can be challenging. The following updates aim to address these issues:

  • Signed-Only Messages: Messages can now be digitally signed with PGP without requiring encryption, offering a flexible solution for scenarios where verification of authenticity is necessary but confidentiality is not.
  • Key Harvesting: Encryption-valid public keys from inbound PGP messages are now saved for future use. This feature is paired with audit reporting to improve key management efficiency.
  • Domain-Restricted Keys: Uploaded or generated PGP private keys are restricted to their mapped profile domains, enhancing control over sensitive information.
  • Expanded Directory Searches: The search functionality now includes additional third-party public LDAP directories, making it easier to locate and use PGP keys when needed.

User-Centric Improvements to Enhance Security

Inefficiencies in communication workflows can disrupt operations and create challenges when scaled. To address this, Echoworx has introduced several updates aimed at improving usability and security:

  • Sender Verification: Messages routed to Echoworx for encryption now undergo DKIM and SPF verification, reducing the risk of phishing attacks and improving email authenticity.
  • Retry Mechanisms and Expanded Directory Searches: These features are now integrated into both S/MIME and PGP workflows, ensuring seamless operations even during disruptions.

These updates aim to make certificate-based encryption more reliable and easier to manage, allowing enterprises to focus on their core operations without interruptions.

S/MIME: An integration that finally makes X.509 user-friendly!

Certificate-based encryption is essential for secure enterprise communication, but managing it at scale can be resource-intensive. The latest updates to S/MIME and PGP workflows from Echoworx aim to address these challenges by improving efficiency, enhancing security, and simplifying administration.

If encryption management has been a pain point for your organization, these changes offer practical solutions that align with both operational needs and regulatory requirements.

For more information, contact us to explore how these updates can improve your workflows.

READ MORE:Encryption Features

Subscribe to the Echoworx Blog

This field is for validation purposes and should be left unchanged.