A new version of the CipherMail Email Encryption Gateway is available
Virtual Appliance downloads:
Distribution packages downloads:
* CertStore command line tool can now export certificates and keys
* PGP commons line tool can now export public and secret keys
* The back-end now supports a Mail attribute named
remote-delivery.smtp.relay-host. It can be used to deliver email to
a different relay host or local port based on content.
* SetRecipients mailet added. This can be used to change the recipients
of an email.
* Post smime and pgp processor is now only called when a message was/is
s/mime or PGP. This can be used to add specific behavior when a
message is S/MIME or PGP (for example redirect to
* Systemd fetchmail.service unit file added.
* Matcher added which can match on a user configurable list of
senders/recipients. This also works for
Exchange journaling messages by looking inside the journal [PRO/ENT].
* Intellicard Certificate Request handler added [PRO/ENT].
* Export database to XML [PRO/ENT].
* Cipher suites for HTTPClient are no longer set. The Cipher suites
config resulted in a bug after a Java update.
The Java bug was only triggered in old versions of CipherMail that
used a link to sunjce_provider.jar in
* SleepTimeOnError added to SMSGatewayImpl background thread. The thread
will sleep for 30 sec (default) if there was an exception in the
background thread not caused by a transport. This is done to prevent
filling up the logs if there is a problem with the database.
* SMIME command line tool refactored. Now uses long option names.
* System property ciphermail.crypto.cms.mustProduceEncodableUnwrappedKey
added. This sets the mustProduceEncodableUnwrappedKey BC property.
This is needed for supporting Utimaco HSMs.
* MySQL/MariaDB SQL config minor change. varchar columns with size 128
increased to 255.The alias field was too short to fit a sha512
thumbprint and some prefix used by a cert request handler
This resulted in an field too small error when trying to set the key
alias (this was only an issue with the prof/ent. edition)
* Postgres 10 does not allow the JDBC URL to end with /. The last /
has been removed from the URL.
* Postgres JDB driver updated to support Postgres 10.
* Most required/depends removed from RPM and DEB conf files. It is
impossible to support different RH/CentOS, Ubuntu. releases with
one RPM or DEB because packages are renamed/removed.
* The back-end front-end SOAP layer now uses Basic Authentication mode
instead of WS security to work around a recently introduced Java bug
* The CipherMail Virtual Appliance is now using CentOS 7 instead of
Ubuntu and uses MariaDB instead of Postgres. This means that
back-ups of previous CipherMail Virtual Appliance cannot be
directly imported because the database type is changed. Users
with a support contract can contact Us for help with migrating the
database to the new version. Note: this only impacts users using the
Virtual Appliance who wish to upgrade to the new CentOS based
* HSM module now supports RSAES-OAEP encryption scheme (requirement
for the German edi(a)energy standard) [PRO/ENT].
* License check only checked if license was valid at startup [PRO/ENT].
* Selected Certificate Request Handler is now session persistent so
the selection is remembered while session is active.
* Jetty upgraded to release 9.4. This requires java 8 or up [PRO/ENT].
Upgrade guide can be downloaded from:
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.