DecryptNaBox V2

DecryptNaBox Business Value

Secure eMail Decryption Solution for the Enterprise

Is encrypted email causing complications for your compliance efforts?

Zeva has a secure, flexible solution called DecryptNaBox that:

  • Automates end-to-end process to dramatically reduce effort.
  • Supports high volume of email messages from many email users.
  • Secures the handling of user private keys and complies with FIPS140-2 Level 3.
  • Separates handling of user private keys from the decryption process.
  • Supports smart card encryption key systems, such as U.S. Government PIV cards.
  • Plugs into eDiscovery and technology platforms to provide data decryption as a service.
  • Is based on Zeva's patent-pending technology.

How is DecryptNaBox commonly used by Zeva customers?

To decrypt a high volume of encrypted email messages to:

  • Support internal investigations.
  • Facilitate full content search against entire email store.
  • Support of legal discovery requests.
  • Facilitate network perimeter content inspection of encrypted email.

What are the benefits?

  • Increased efficiency and lower costs.
  • Reduced time and effort to process encrypted material.
  • Increased security in handling of user private keys.
  • Support for smart card based encryption techniques.

Summary Product Description

Many companies and governmental agencies secure electronic mail communications using encryption technology. The requirement to ensure these communications are secure and private through encryption presents challenges in meeting the equally important need to ensure that data is preserved and available for inspection to comply with legal, regulatory, litigation, and security requirements.

The traditional method of dealing with encrypted content is to manually isolate the encrypted content and then use a standalone tool to decrypt that content. This manual method of decryption is only efficient for very small volumes of email messages, and often results in significant delays in an organization's ability to complete the inspection and search of electronic data sources. Without this decryption step, the encrypted content of email messages is ignored.

The traditional method also requires that the user's private key, the most sensitive digital identity of the user, is known to the person performing the decryption. With the introduction of the U.S. Government Homeland Security Presidential Directive 12 (HSPD-12) in 2004, and the implementation of the Personal Identity Verification (PIV) technology which stores digital certificates in smart card devices, the industry has seen a rapid increase in smart card adoption. This dramatically increases the complexity of supporting decryption operations. While escorting a soft copy of a private key through the decryption process supports use of current commercially available decryption tools, escorting a smart card protected private key represents a huge challenge.

DecryptNaBox provides an secure, automated process for the decryption of encrypted email content, and is capable of handling large volumes of email messages from many users (or all users) in an organization. DecryptNaBox is flexible, and can be configured to perform the decryption of encrypted content either at the time of email transmission (sent and/or received), or using the "at rest" contents of selected mailboxes.

To accomplish the efficient decryption of large volumes of messages, DecryptNaBox securely communicates with an issuing Certificate Authority (CA) to retrieve the required cryptographic keys. DecryptNaBox is the only commercially available data decryption product to accomplish the automated retrieval, and secure handling, of encryption keys. Using the retrieved keys, DecryptNaBox decrypts the encrypted messages. DecryptNaBox is designed to protect the private keys of users through a series of configuration and security features that are based on Zeva's patent-pending design. The method of key retrieval segregates the decryption service from the key handling functions. With this approach, DecryptNaBox is fully compliant with U.S. Government security mandates, including FIPS 140-2 level 3.

DecryptNaBox is engineered to support many scenarios. The solution consists of several components that integrate well to address any customer decryption need. This flexibility is achieved by the modular design of DecryptNaBox and the logical separation of the "Front-End" and "Back-End" components of the solution. The Front-End service provides data input, data decryption, data output, and user interface. The Back-End service provides secure retrieval and handling of encryption keys and compliance with certificate policies. In addition, DecryptNaBox uses different kind of Adaptors to add flexibility to the solution. This flexibility is summarizing in the diagram below.

DecryptNaBox Design

DecryptNaBox high level architecture

DecryptNaBox can integrate with many Public Key Infrastructure systems by using Certificate Authorities (CA) adaptors. Such adaptors enable DecryptNaBox to communicate securely with Certificate Authorities to escrow decryption keys as needed. DecryptNaBox also supports the use of Hardware Security Modules (HSM) technology to ensure the protection of the escrowed keys. DecryptNaBox currently is available with the following CA and HSM adaptors:

  • Microsoft CA adaptor
  • Entrust CA adaptor
  • Verizon CA adaptor
  • SafeNet Luna HSM adaptor
  • Thales nChiper HSM adaptor

Other backend adaptors can be made available based on customer requirements.

DecryptNaBox interacts with client technologies through input and output adaptors. DecryptNaBox comes with the following input/output adaptors:

  • Personal Storage Table (PST) adaptor
  • Exchange Web Service Adaptor
  • Cryptographic Application Programming Interface (CAPI) interceptor adaptor
  • eDiscovery platform pluggable interfaces such as Autonomy and Clearwell

Other backend adaptors can be made available based on customer requirements.


DecryptNaBox is offered with a simple, yet flexible, pricing model. The core service of DecryptNaBox has a base price, and the adaptors for Certificate Authorities, HSM devices, and client technologies are available via an "ala carte" pricing model.

For more information contact us