SLD - PGP Trial Service for Encryption of Exam Papers in Preparation

Status of Document: This document describes the trial PGP service to enable selected users to distribute exam papers electronically during the preparation stage.


OUCS is offering a trial service for PGP encryption of exam papers during the preparation stage after agreement with the Proctors. Pilot departments have been identified who will test out, using live exam papers, a central PGP service. The trial will run during Michelmas Term 2008.

Summary of OUCS's Responsibilities

OUCS will run the central PGP Universal Server for the purpose of 'key management'. This will be hosted on a single server with no back-up at present for the purposes of the trial. Users will not have access to their local keyring via the PGP Desktop client software, though the keys will be stored in a file on the user's machine. Users must report the loss of any private keys to their IT Support Staff. OUCS will also hold and Additional Decryption Key (ADK) to which all communications will be encrypted. This could then be used to decrypt any documents in the event of a user losing their own key.

As this is a trial service, no serviceability targets or hours of service are stated. Similarly, training and support can only be limited to begin with. The service will be offered on a best efforts basis only, but cannot be guaranteed.

Summary of User's Responsibilities

  • Users must encrypt any email where inserting or attaching an exam paper in preparation. Invoking the encrption will be the responsibility of the user.
  • Encryption will be invoked by the use of a predetermined keyword in the subject line of the email, and the user's passphrase.
  • When encryption is invoked by the user, the email will either be sent encrypted to all recipients or rejected.
  • Messages will always be encrypted to a user's own key and the Additional Decryption Key (ADK).
  • Users should not store unencrypted copies of such emails on remote servers.
    • Where email is copied to the 'sent-mail' folder, and that folder is stored remotely, users must delete and purge the message from the their sent-mail folder.
    • Users should only use official University email accounts when sending or receiving exam papers in preparation. Exam papers must not be sent to or from the email address outside the domain.
  • Users will need to enter their passphrase in order to decrypt messages.
  • Users must not disclose their passphrase to anyone, under any circumstances.
  • In the event of passphrases being written down or stored on electronic media, this should be done in an approved secure manner, such that only the user has access to the passphrase.
  • Passphrases will be stored by PGP Desktop only for the current session. They will be destroyed at the end of the session.
  • Users are responsible for ensuring their Operating System and any other software is fully patched, for running up to date Antivirus software, and for maintaining safe browsing habits.
  • Users must report any security incident involving their machine to their local ITSS.
  • Users are responsible for providing keys and/or decrypting material at the request of law enforcement under the Regulation of Investigatory Powers Act (RIPA). However the University may also be required by law to decrypt such content by use of the ADK.

Known Risks

The following risks have been identified so far, but are considered acceptable to the University for the purposes of this trial project.

  • No formal risk assessment has been carried out for this project and so this list is not conclusive.
  • There is no formal policy on the use of encryption.
  • No protection is provided to exam papers whilst stored on machines (networked or standalone).
  • Since PGP does not currently proxy messages stored in remote folders, any messages stored in such folders (e.g. the 'sent-mail' folder) will be sent over a network to the server without PGP protection. Furthermore those messages will be stored on the server in plaintext. It should be recognised that deleting these messages will not serve the purpose of making sure they are shredded.
  • Users forgetting their passphrase will be unable to encrypt or decrypt messages and will have to go through the process of generating a new keypair.
  • PGP Universal server is hosted on a single machine with no back-up server. A break in the service to that server would mean that users' access to email services would be interrupted until a repair could be effected or their email clients reconfigured. Encryption and decryption would continue to be unavailable until the Universal server was back online.
  • No guarantees are offered by OUCS on the level of support, or speed of response, to support requests for PGP Universal Server, due to lack of resources.
  • No legal advice has been sought on the use of cryptographic controls in the making, storage and transmission of public examinsation papers.