Basics deprecated

com.openexchange.guard.dns.allowUnsignedSRVRecords

OX Guard performs a SRV lookup on a recipient's domain in order to query the related key server. This option controls whether or not OX Guard trusts unsigned SRV DNS records. If set to "false", OX Guard will discard unsigned DNS SRV records. Other DNS requests than SRV are not affected.

com.openexchange.guard.apiUserAgent

Defines the API user agent.

com.openexchange.guard.aesKeyLength

Specify key length for symmetric AES encryption. Note: AES Key length of 256 is preferred, but not supported on all systems. May need to have the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files installed.

com.openexchange.guard.attachHelpFile

Option to attach help files to outgoing PGP emails. The help files will not be displayed in PGP enabled email clients, rather they will only be displayed for clients that don't have PGP, and will explain to them that this is a PGP email and that they should log onto the UI to read the email

com.openexchange.guard.authLifeTime

Maximum lifetime of an OX Guard user session. Deletion of expired authentication tokens is scheduled once a day (see [[com.openexchange.guard.cronHour]]). Can contain units of measurement: D(=days) W(=weeks) H(=hours) M(=minutes).

com.openexchange.guard.backendSSL

Per default the connection between the Guard backend and the configured Open-Xchange REST API host is unencrypted. You can optionally encrypt the whole communication between those two components by using SSL. Please note: Enabling SSL might decrease performance and/or create more system load due to additional encoding of the HTTP streams.

com.openexchange.guard.badMinuteLock

Defines how long (minutes) someone will be locked out after entering a wrong password several times attempts.

com.openexchange.guard.badPasswordCount

Defines how many times a person can attempt to unlock an encrypted item before being locked out.

com.openexchange.guard.connectionTimeout

The timeout for all HTTP(S) connections in ms

com.openexchange.guard.cronHour

At what hour of the day should the Guard service execute the internal maintenance cron jobs? Possible values are: 0 - 23

com.openexchange.guard.databasePassword

The password for the databases

com.openexchange.guard.databaseUsername

The username to access the OX Backend and Guard database. This user needs to have select, create, lock, insert, update privileges. Guard database user also should have alter (for updates), drop, index.

com.openexchange.guard.dbSchemaBaseName

Specifies the base name for the Guard databases. On initialisation Guard will create a database with the baseName, then additional Guest shards with the name baseName_#.

com.openexchange.guard.defaultLanguage

The default language to use.

com.openexchange.guard.defaultAdvanced

Specify whether or not users should be treated as default users by default.

com.openexchange.guard.demo

This is for development- and testing-environments only. WARNING: If this property is set to "true", various Guard functions can be accessed without authentication needed! Make sure this is set to "false" for a productive setup.

com.openexchange.guard.exposedKeyDurationInHours

Guard's Support-API allows to expose deleted, but backed-up keys for download. This property specifies the amount of hours how long a deleted key will be marked as "exposed" (downloadable), or 0 for disabling automatic reset of exposed keys. Note: Resetting is scheduled once a day (see [[com.openexchange.guard.cronHour]]).

com.openexchange.guard.externalEmailURL

When Guard sends an encrypted eMail to members, they may not be using the webmail UI to read the email. If [[com.openexchange.guard.attachHelpFile]] is set to true, a help file is attached, and a link will be provided to log into their webmail to read the encrypted item. This setting is used to point to a generic log in for the webmail system. Sent to multiple recipients, so not customised to the individual recipient. OK domain:port. HTTPS will always be added

com.openexchange.guard.externalReaderPath

When Guard sends an eMail to external recipients those recipients will be able to access the encrypted content by opening a link in that eMail. The description and the link of that eMail are not encrypted and always readable by the recipient. The link points to the Guard reader for external recipients, a servlet to decrypt and display the encrypted eMail content. Specify which domain and path should be used The Https link will be created dynamically by Guard. This value will be used as the default unless over-written by cascade value 'com.openexchange.guard.externalReaderURL'. This property is deprecated in 2.10.0 and may be removed in further releases.

com.openexchange.guard.failForMissingMDC

If the PGP message does not have MDC tags attached, either 1) message is rejected or 2) a warning message is displayed to the user and the email is converted to plaintext. False displays the message. Setting to true will result in emails being rejected if the MDC data doesn't exist.

com.openexchange.guard.fileUploadDirectory

The directory used for buffering uploaded data. If empty: falls back to use "java.io.tmpdir" NOTE: Guard does only buffer non sensitive or encrypted data to disk.

com.openexchange.guard.fileUploadBufferThreshhold

The threshold in bytes at which uploaded data will be buffered to disk. NOTE: Guard does only buffer non sensitive or encrypted data to disk.

com.openexchange.guard.fromEmail

com.openexchange.guard.guestCaching

Enables local caching for Guest users/data.

com.openexchange.guard.guestCleanedAfterDaysOfInactivity

Guest email accounts that aren't used after this number of days are cleaned. The mail items are removed, and guest scheduled for removal.

com.openexchange.guard.guestSMTPPassword

Specifies the SMTP server's password which is used for sending guest-emails.

com.openexchange.guard.guestSMTPPort

Specifies the SMTP server's port which is used for sending guest-emails.

com.openexchange.guard.guestSMTPServer

Specifies the SMTP server information for replies of external recipients. Those recipients are able to decrypt, display and reply to eMails they receive via the guest interface. The SMTP server is also used for sending password reset e-mails

com.openexchange.guard.guestSMTPUsername

Specifies the SMTP username.

com.openexchange.guard.guestSMTPMailFrom

Specifies email address to use in MAIL FROM

com.openexchange.guard.keyCacheCheckInterval

This property specifies the interval in seconds to check the RSA cache and re-populate if less than [[com.openexchange.guard.rsaCacheCount]]. Only applies if [[com.openexchange.guard.rsaCache]] is enabled.

com.openexchange.guard.keyValidDays

PGP Keys can have an expiration date. Set the number of days the keys will be valid for. The user will have to create new keys after this date. Set to 0 for no expiration date.

com.openexchange.guard.mailIdDomain

Outgoing e-mails all get assigned a mailID. This is usually in a format of a random ID followed by a domain. If empty, this domain will be the AppSuite domain from [[com.openexchange.guard.externalEmailURL]] Other domain can be configured here

com.openexchange.guard.mailResolverUrl

Mail resolver URL. Guard needs to be able to lookup an email address against the list of OX users. By default, it will try to do this against the OX backend. If there is a custom mail resolver, set it here. The email address will be appended to the end of the URL. More details here: [[http://oxpedia.org/wiki/index.php?title=AppSuite:GuardMailResolver]]

com.openexchange.guard.mailResolverUrl.basicAuthUsername

Specifies the username for the basic HTTP authentication used for accessing the mail resolver. If no username is specified here, [[com.openexchange.guard.restApiUsername]] will be used as fallback (default). More details here: [[http://oxpedia.org/wiki/index.php?title=AppSuite:GuardMailResolver]]

com.openexchange.guard.mailResolverUrl.basicAuthPassword

Specifies the password for the basic HTTP authentication used for accessing the mail resolver. If no password is specified here, [[com.openexchange.guard.restApiPassword]] will be used as fallback (default) More details here: [[http://oxpedia.org/wiki/index.php?title=AppSuite:GuardMailResolver]]

com.openexchange.guard.maxHttpConnections

Max number of connections to same URL (route).

com.openexchange.guard.maxTotalConnections

Max number of connections from Guard to backends.

com.openexchange.guard.minPasswordLength

Minimum password length for Guard PGP keys.

com.openexchange.guard.newPassLength

Length of the randomly generated passwords when a user resets password.

com.openexchange.guard.newGuestsRequirePassword

When creating a new Guest, option to send them a first password in a seperate email, or let them assign password on first login.

com.openexchange.guard.noDeletePrivate

If the user should not be able to delete the private keys, only retract, select true here. Can also set configuration cascade value 'com.openexchange.capability.guard-nodeleteprivate=true'. If either is true, then the user won't be able to delete his/her keys

com.openexchange.guard.noDeleteRecovery

Option to deny users the ability to delete the password recovery. There will be no way to retrieve the password if the recovery is deleted and the user forgets their password. Users, though, may want to delete the recovery for security reasons. Can also set configuration cascade value 'com.openexchange.capability.guard-nodeleterecovery=true'. If either is true, then the user will not be able to delete their password recovery

com.openexchange.guard.noRecovery

Enables or disables password recovery. If password recovery is disabled, then there will be no way to recover passwords. This will increase the security of the system, but will result in complete data loss if password is lost. Can also set configuration cascade value 'com.openexchange.capability.guard-norecovery=true'. If either is true, then no recovery will be available.

com.openexchange.guard.oxBackendIdleTime

HTTP connections to the backend are kept open for faster response. This is the timeout setting that will close idle connections.

com.openexchange.guard.oxBackendPath

URL used to communicated directly with the OX backend.

com.openexchange.guard.oxBackendPort

Port for communicating with the OX Backend/REST API.

com.openexchange.guard.oxGuardDatabaseHostname

Specify the hostname / IP address of the Guard database.

com.openexchange.guard.oxGuardDatabaseInitConnectionTimeout

Defines the connection timeout used for init connections to the guard database.

com.openexchange.guard.oxGuardDatabaseRead

Optional read-only IP/name for the OX Guard database that might be used in Master-Slave setups.

com.openexchange.guard.oxGuardShardDatabase

Specify the hostname / IP address of Guard guest shards. This is for the database shards used when sending to Guest users. Defines where the NEXT shard will go when created. Stores the Guest keys.

com.openexchange.guard.oxGuardShardDatabaseInitConnectionTimeout

Defines the connection timeout used for init connections to the shard database

com.openexchange.guard.oxGuardShardRead

Optional read-only IP/name for Guest database shards that might be used in Master-Slave setups.

com.openexchange.guard.passwordFromAddress

Specifies the sender e-mail address for the password reset e-mail.

com.openexchange.guard.passwordFromName

Specifies the display name for the password reset e-mail.

com.openexchange.guard.pgpCacheDays

PGP Key's fetched from remote servers are stored in a cache for a set period of time before the remote servers are queried again. Set the time in days for the cache here.

com.openexchange.guard.maxRemoteKeySize

Max allowed size for remote keys found using HKP or WKS. Defaults to 150000 bytes

com.openexchange.guard.pinEnabled

Enables or disables PIN based 2FA authentication for guest emails. The sender assigns a randomly generated PIN to the new Guest account, and must convey this number to the recipient however they choose (phone, sms, etc). PIN is required for the recipient to open any encrypted items or change password. Note: The capability com.openexchange.capability.guard-pin=true should be assigned to any user/context that you want the pin functionality enabled. Available in guard-api.properties file.

com.openexchange.guard.productName

For customizing the product name, you can redefine the name here. This name will be used like "Guided tour for Name" or "Name Security Settings"

com.openexchange.guard.upgrader.version

Defines the version of the 'Upgrader'

com.openexchange.guard.remoteKeyLookupTimeout

Total amount of time that Guard should search for remote keys before giving up in ms

com.openexchange.guard.restApiHostname

Specify the hostname of the Open-Xchange REST API server. The REST API is a service on the Open-Xchange backend. Use localhost in case that the Guard service is deployed on the same system as the Open-Xchange backend. In case that the REST API is deployed on a separate system ensure that Guard can connect, see clustering documentation for Guard for more details.

com.openexchange.guard.restApiPassword

Specify the authentication password for the basic HTTP authentication

com.openexchange.guard.restApiUsername

Specify the authentication username for the basic HTTP authentication

com.openexchange.guard.rsaCache

This property controlls if RSA keys are pre-generated in the background, encrypted, and stored for future user keys. RSA key generation is the most time consuming function and the RSA cache significantly improves new user creation time.

com.openexchange.guard.rsaCacheCount

Number of RSA keys to pre-generate if [[com.openexchange.guard.rsaCache]] is enabled.

com.openexchange.guard.rsaCertainty

Bit certainty for RSA key generation. Higher numbers assure the number is in fact prime but time consuming. Lower is much faster. May need to be lower if not using cache

com.openexchange.guard.rsaKeyLength

Specify encryption strength and length of OX Guard genereated PGP keys.

com.openexchange.guard.secureReply

Specifies if a replay to an encrypted E-Mail must also be encrypted.

com.openexchange.guard.shardSize

Guest users data are placed in databases oxguard_x. After set number of users, another database shard is created

com.openexchange.guard.useStartTLS

Use TLS when delivering to the SMTP server when available.

com.openexchange.guard.templateID

Defines the template identifier.

com.openexchange.guard.templatesDirectory

Specifies the path for the templates.

com.openexchange.guard.keySources.trustThreshold

A threshold value to define which key sources are trusted. Every key source with a trust value equals or higher than this value is considered to be marked as "trusted". The trustlevel can give a hint to the client/enduser if a fetched recipient's key could be trustable.

com.openexchange.guard.keySources.trustLevelGuard

The trust level for keys created by OX Guard.

com.openexchange.guard.keySources.trustLevelGuardUserUploaded

The trust level for keys uploaded by a user.

com.openexchange.guard.keySources.trustLevelGuardUserShared

The trust level for keys uploaded by a user and shared among users in the same context.

com.openexchange.guard.baseDomain

Specify the base domain for generated links, such as used in support. Used with uiWebPath to construct URL links. Example https://baseDomain/uiWebPath/link

com.openexchange.guard.masterKeyIndex

Specify the master key index to use for newly created keys. This key is used to encrypt database entries for the user. The master keys must already exist

com.openexchange.guard.masterKeyPath

Specify the path for the oxguardpass files. Default location is /opt/open-xchange/guard

com.openexchange.guard.storage.file.fileStorageType

Needs to be set in order to specify the filestorage type. Possible values are "file,s3,sproxyd".