Novell GroupWise System Security

(Last modified: 07Oct1999)

This document (2954214) is provided subject to the disclaimer at the end of this document.


Novell GroupWise System Security

This document provides information on GroupWise security and
encryption. System security is based on the Network Operating
System, GroupWise encryption and compression, encrypted
communication between the GroupWise Client and Agents, and
encrypted communication between the workstation and the network.
If desired, message security can be enhanced further through the
use of security certificates which allow digital signatures and
additional encryption.

1. Network Operation System

     GroupWise system security begins at the network server.
     Access to the GroupWise 4.x and 5.x Message Stores is
     controlled by the network administrator through the Network
     Operating System and is therefore is as secure as the NOS
     it is running on. GroupWise 5.x leverages the strength of
     Novell Directory Services to authenticate users to the

     File system access to the Message Store varies according to
     the version of GroupWise being used and the client access
     method desired.

     a. In Client/Server mode, available in GroupWise 5.0 and
         later, users do not need any file system rights to the
         Message Store.

     b. In Direct Access mode, used in GroupWise 5.2 and
          earlier, file system rights are necessary for some
          areas of the GroupWise Post Office. A store-and-
          forward messaging system such as GroupWise requires a
          set of directories on the network file server for
          storing and queuing messages. Storage directories,
          referred to as the Message Store, contain the message
          and user databases, attachment files and may contain
          Document Libraries. Queue directories contain message
          files in transit. Details on assigning file system
          access rights are found in the GroupWise
          Administration Guides available online at


           i. GroupWise 4.1, 5.0, 5.1 and 5.2 Standard
                Configuration - Requires "read," "write,"
                "create," "modify" and "file scan" rights to the
                Message Store and queue directories in the Post

           ii. GroupWise 4.1, 5.0, 5.1 and 5.2 Server Always
                Configuration - Requires "read" and "file scan"
                rights to the Message Store and "read," "write,"
                "create" and "erase" rights to the queue
                directories in the Post Office.

                Whenever a message is sent within the GroupWise
                system, the following actions must take place in
                the storage directories to record and deliver
                that message:
                (1) The message is placed in sender's message
                (2) The pointer to message is placed in
                     sender's user database
                (3) The message is placed in recipient's
                     message database
                (4) The pointer to message is placed in
                     recipient's user database.

                The difference between the two possible
                GroupWise configurations, Standard and Server
                Always, is simply which application performs the
                above actions. The sender's client application
                can perform all the actions listed above under
                the Standard configuration, while only the
                GroupWise Post Office Agent (OFS/POA) can
                perform these actions under the Server Always

                The Standard configuration provides optimal
                performance in GroupWise 4.1 but requires that
                all users have the "create" and "modify" network
                access rights to the Message Store in addition
                to the "read" right. With the Server Always
                configuration, users need only the "read"
                network access right to the Message Store
                because all database modification and file
                creation is done by the Post Office Agent
                (OFS/POA). However, performance will obviously
                not be as good as under the Standard
                configuration because one application (the Post
                Office Agent) is doing much of the work normally
                done by multiple applications (the client
                applications run by end users).

                Both configurations protect the databases from
                accidental or intentional deletion. Users do not
                need the "delete" right to the Message Store.
                Please note that the Message Store databases are
                much more susceptible to damage in the Standard
                configuration than in Server Always.

2. GroupWise Encryption and Compression

     To maintain the integrity of the GroupWise security system,
     this document obviously will not include detailed specifics
     of the encryption and decryption methods used. The intent
     is to describe the encryption/decryption process at an
     appropriate level of detail to ensure your confidence in
     the security system.

     GroupWise 4.1 uses proprietary, single-key (symmetric)non-
     linear encryption schemes, which have been approved by the
     U.S. Department of Commerce, to safeguard all sensitive
     information in storage or in transit within the messaging
     system. GroupWise 5.x builds on this foundation with
     enhancements made to encryption of attachment data and adds
     data compression. The encryption key used varies depending
     on the component being encrypted and the GroupWise Agent or
     process performing the encryption.

     A user's encryption key is randomly generated when the user
     is defined. The key is generated in such a way that the
     same key cannot be duplicated by redefining the user with
     the same information in a different system. This prevents a
     malicious user from copying the Message Store and then
     attempting to create a mirror system by redefining the
     users to recreate their encryption keys.

     It is also important to note that information is encrypted
     in such a way that one piece of information is encrypted
     differently from the next, even when using the same
     encryption key. This encryption method makes it nearly
     impossible to try to establish an encryption pattern by
     inspecting files before and after they are encrypted. It
     also serves as a strong deterrent because each piece of
     information is a completely separate decryption project.

     The GroupWise directory and Message Store, as well as other
     databases used by some GroupWise Gateways are encrypted.
     Listed below are the four basic database types used and a
     brief description of each:

       | Database | Description |
       | Domain | Contains user directory and system |
       | Database | configuration information |
       | Post Office | Contains user directory |
       | Database | |
       | Message | Contains all messages (sent and |
       | Database | received) for users at a specific |
       | | Post Office |
       | User | Contains all information for a |
       | Database | specific user, including the user's |
       | | password, preference settings, |
       | | pointers to messages, folder |
       | | structure, and personal calendar |
       | | items |

3. Encrypted Communication Between the GroupWise Client and

      In addition to the Directory and Message Store, message
      files are encrypted whenever they are in transit or stored
      separately outside of the Message Store. All communication
      between the GroupWise Client and the file system in the
      case of Direct Access, or the Post Office Agent in the
      case of Client/Server, is encrypted before it leaves the
      Client and is transmitted to the network. This applies
      also to the GroupWise Remote Client whether it is
      communicating with a GroupWise Agent or the Async Gateway.

4. Encrypted Communication Between the Workstation and the

     With NetWare 5 and the NetWare 5 Client, several levels of
     encryption can be implemented between the workstation and
     the server independent of GroupWise.

5. Security Certificates

     With the GroupWise 5.5 Enhancement Pack Client and later,
     you can use security certificates that allow digital
     signatures and provide additional encryption. GroupWise is
     compatible with the S/MIME version 2 specification. The
     security service providers that GroupWise supports have
     common encryption algorithms such as RC2 and RC4. When
     digitally signing an item, GroupWise hashes the item into a
     message digest using the standard algorithm SHA-1. The
     message digest is distributed with the item being sent.


This combination of authentication, encryption, and write access
technology allows the system administrator to make the messaging
system as secure as possible.

As security, public key/private key encryption, and
authentication standards continue to evolve, GroupWise supports
methods for secure access of data and information that most
completely meet the needs of our customers. To that end, Novell
is committed to standards organization work surrounding these
security topics just as it is in all other applicable
standards-based discussions.


Document Title: Novell GroupWise System Security
Document ID: 2954214
Creation Date: 07Oct1999
Modified Date: 07Oct1999
Revision: 1
Novell Product Class:Groupware


The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.