Djigzo – Innovative Open Source Email Encryption

A few weeks back I wrote an article named ‘How Can We Keep Email Safe In The Cloud?.’ After I published the article I was contacted by a guy named Martijn Brinkers. Martijn told me that he’s working on a similar project to what I discussed in my theoretical article. The product he was referring to is named Djigzo.

After looking into the product I was surprised why I had never heard about the project before. It’s very innovative and also fairly easy to deploy. I was impressed by the product and reached out to Martijn to ask him a few questions about Djigzo.

What is Djigzo?
Djigzo is an open source email encryption server that fully complies with S/MIME standards. Email that is encrypted and/or digitally signed by Djigzo can be read in Outlook, Thunderbird and other mail clients, provided the user has the proper email certificates installed. Djigzo is compatible with any existing CA server (like EJBCA or Microsoft CA) and with certificates from external sources (like Verisign or Comodo) . Alternatively, Djigzo contains a basic Certificate Authority module (CA server) that allows you to create certificates for internal and external users. Certificates can be sent to external recipients in a password protected format. The password can be automatically generated and sent via a Text message. Installation of the certificate in their mail client is straightforward. This allows you to setup your own private PKI with your customers.

We have found that most people find S/MIME encryption cumbersome, despite the fact that products like Djigzo do make it fairly easy to use. To accommodate those people, we have included a PDF encryption module in Djigzo. You can configure Djigzo to automatically convert outgoing email to a PDF file and encrypt it using standard PDF encryption techniques. The receiver needs a password to decrypt, which you can provide them by email – which is not secure – or by phone – which is cumbersome – or by using the built-in short text service in Djigzo. A password can automatically be generated or can be manually set. By using a separate channel for sending passwords, PDF encryption is almost as secure as full S/MIME encryption (provided that the password is long enough to withstand a brute force attack).

How does it work?
Djigzo functions as an SMTP email server and is therefore compatible with any existing email infrastructure. It can easily be placed before or after existing email servers. The Djigzo Web Administrator GUI allows you to setup the MTA part like you would setup any other email server. Djigzo is typically installed as a “store and forward” server.

You can setup multiple policies for internal and external recipients. Policies are based on a hierarchical policy model. If a specific policy is not set for a specific level that level will inherit the policy from a higher level policy. You can setup policies for domains and individual sender/recipients.

How a message will be handled by Djigzo depends on the sender and recipient policies. For example, you can specify that encryption must be enabled when the subject contains a specific keyword. More and more companies are starting to digitally sign all their outgoing email. You can setup Djigzo in such a way that all outgoing email will be digitally signed. The Djigzo administration guide contains a detailed flow diagram that explains how email is handled.

When did you start working on Djigzo?
Work on Djigzo was started at the beginning of October of 2007.

How many developers are involved in the project?
There is one full-time developer (me) and one part time developer. Development is actually not the most time consuming part. Thoroughly testing Djigzo in production takes at least a similar amount of time. That’s where our users help us out.

Can you make a guess on how many companies using Djigzo?
Since it’s first release (8 Feb. 2009) it has been downloaded a couple of hundred times. However, I do not have any numbers on how many of the downloads are actually in use. My experience is that most companies are not always open about what kind of encryption technology they use.

From a user’s point of view, how does Djigzo work? Once it is configured, will the end-user even know about it?
Whether an end-user will notice anything depends on the setup. For example, if the administrator setups an S/MIME tunnel between multiple Djigzo instances (for example between your company and other companies you are doing business with) the end-user won’t see any difference. The email is transparently encrypted and decrypted. If the administrator specifies that a keyword (for example ‘secure’) should trigger the encryption end-users must add the the keyword to the subject of their message.

Let’s say I’m an end-user and is sending an email to a user for the very first time, can Djigzo figure out if the email should be encrypted or not (and how does it acquire the public key)?
A typical setup would be to tell the existing email server to relay the email through Djigzo. Some clients however use different setups because they would like to scan (like virus and spam filtering) outgoing email differently from incoming email. For example a content scanner can be used to force encryption when the message contains specific content like a social security number (see image below).

If you want to encrypt on the desktop but still allow you message to be virus scanned you can use the following setup:

Djigzo supports two different encryption methods: PDF and S/MIME. S/MIME sounds very logical, but PDF is a strange method. Why did you add this?
The problem with S/MIME (or PGP for that matter) is that the recipient requires a S/MIME capable email client (most email clients support S/MIME) and they need to have a certificate with private key. Although installing a certificate with private key is not hard, even less so when you use Djigzo’s built-in CA functionality, it may still be too cumbersome for some recipients. When you only need to exchange secure email once or a few times over a longer period installing a certificate might be too much a hassle. The PDF standard allows you to encrypt a PDF with a password. Files can also be added to the PDF and are encrypted as well. Because most recipients already have a PDF reader installed they do not need to install or configure any software. When Djigzo PDF encrypts a message it converts the email message to a PDF and adds all the attachments. The PDF is then encrypted and attached to a new basic message (based on a template). This basic message does not contain any information other than a general note that the message contains an encrypted PDF. A new PDF password can be generated for each new message. The PDF password can be automatically sent to the recipient by an SMS Text message. Or, you can setup a ‘static’ password. You will then need to give the recipient this password in a secure manner (ie not by email). Our experience is that PDF encryption is so easy from an end-users perspective that the end-user requires no additional learning.

How does Djigzo work with existing encryption methods, such as PGP and GnuPG?
Djigzo currently does not have support for PGP. PGP encrypted or signed messages are transparently handled by Djigzo.

Many companies are moving from on-site server architecture to cloud based/hosted solutions. Can a company use Djigzo with, let’s say, Google Apps?
Yes that’s possible. This however requires that all email for your domain(s) need to be received by your Djigzo server. The Djigzo server can be setup that it will S/MIME encrypt all email before forwarding it to the cloud based email provider. If you use Gmail you can install an S/MIME add-in for Firefox that allows you to open and send S/MIME encrypted email. Now all your email on Gmail will be encrypted.

As far as hardware requirements goes, if you want to run Djigzo for an SMB with 25-50 employees, what would you need?
That server requirements depend on the number of messages per second and the size of the messages. Djigzo has been designed for large scale setups and has been tested with over 40000 certificates. SMB size companies typically require a light weight server. Another option would be to run Djigzo as a Virtual Appliance on VMware (server or ESX).

If one Djigzo connects to another Djigzo server, does it automatically provide end-to-end encryption?
Not automatically. The easiest way to secure your email between Djigzo servers is to setup an S/MIME tunnel. With an S/MIME tunnel all email sent to a specific domain will be encrypted with a server certificate. This is really easy to setup.