CIT-18 Home http://www.c-jump.com/CIT18/CIT18syllabus.htm

Digital IDs and Encryption Mechanisms

1. Digital Certificate Basics
2. How do I obtain a certificate?
3. Digital ID Status
4. More about digital ID Status
5. Key Protection and Maintenance
6. Email encryption rules and setup
7. To receive an encrypted message
8. To set up your email client to use your digital ID
9. To digitally sign message
10. To encrypt message
11. Email sender
12. Email recipient
13. Encrypting File System, EFS
14. File Encryption Utility, cipher.exe
15. PGP Desktop Application
16. PGP Licensing
17. Further reading

1. Digital Certificate Basics

• Digital certificate contains

  1. your digital id

  2. set of your personal private and public encryption keys.

   

2. How do I obtain a certificate?

• When you are part of an organization, the administrator can provide one for you

• For personal use, obtain one yourself from

  • Certificate Authority (organization that offers digital IDs)

  • PGP Desktop Email uses PGP Global Directory at keyserver.pgp.com

• Note: The bit length of your keys may vary depending on the algorithm for generating the key used by the certification authority:

  • 40/64/128-bit RC2

  • 56-bit DES

  • 168-bit 3DES

   

3. Digital ID Status

• Certification authorities keep track of certificates.

• Digital IDs can be revoked due to:

  • loss by the owner

  • time expiration

  • other reasons for termination.

• To view the validity status of a digital ID while reading an digitally signed email, click the File menu, Properties, then Security tab.

   

4. More about digital ID Status

• Just like a file, a digital ID can get corrupted, lost, tempered with, etc.

• Digital IDs are time-sensitive and may expire after a period of time.

• To verify digital ID status, browser or email client can contact the certificate authority...
   (a) via internet, or (b) certificate server may be present directly on the LAN...
   (c) requesting information about the digital ID in question...
   (d) Certification authority sends back digital ID status, whether it has been revoked, etc.

• Security warning is generated by the browser or email client.

• The warning contains problem details.

• The user can decide whether to view the content or cancel.

   

5. Key Protection and Maintenance

• Private keys that must be stored on your computer are only as secure as your computer.

• Private keys installed on a computer are never

  • transmitted with your email, or

  • sent back to the certification authority for verification.

• Once issued, the preservation of your private keys is your responsibility (including the backup.)

   

6. Email encryption rules and setup

1. Your email client and server software must support S/MIME protocol,
   Secure/Multipurpose Internet Mail Extensions.

2. Both sender and receiver should have copies of each other's digital IDs.

3. When you receive a digitally signed email message, email client automatically remembers sender's digital ID in your "Contacts" or "Address Book" folder.

4. Alternatively, digital IDs can be manually imported into the list of contacts.

    

7. To receive an encrypted message

1. Both parties should send each other digitally signed email messages.

2. Both parties should be able to encrypt/decrypt each other's messages without a problem.

3. All parties become participants in a secured email loop.

    

8. To set up your email client to use your digital ID

• Click the Tools menu, then Options.

• Click Security (or Secure Mail) tab, click Digital IDs (or Certificates.)

• Click Import and follow the instructions...

   

9. To digitally sign message

• click Tools, then Digitally Sign.

• The message will be sent with your digital ID.

   

10. To encrypt message

• click Tools, then Encrypt.

• The message will be sent in encrypted format.

   

11. Email sender

• Email sender can

  • digitally sign the message

  • encrypt the message to protect its content

   

12. Email recipient

• Email recipient can

  • verify who sent email

  • verify that email was not altered in transition

  • decrypt the message

   

13. Encrypting File System, EFS

• EFS is a Feature of Windows that uses strong encryption for files and folders.

• Designed for simple use:

  1. Check box in the file or folder properties sets the encryption on/off.

  2. The user controls who may have access to encrypted files.

  3. File is decrypted when authorized user opens it.

  4. File automatically is encrypted when closed by the user.

• Unfortunately, EFS is not fully supported on Windows Vista Starter/Home Basic/Home Premium...

  • ...so we need to seek an alternative solution, such as PGP Desktop Application from www.pgp.com

   

14. File Encryption Utility, cipher.exe

• cipher.exe is a part of Windows Vista, but requires EFS to support encryption.

• cipher.exe is a command-line tool that you can use to manage encrypted on Encrypting File System (EFS).

• You can encrypt/decrypt files by running cipher.exe at the command prompt.

• cipher.exe also provides basic means for key and certificate maintenance, such as certificate backup.

   

15. PGP Desktop Application

1. Go to www.pgp.com

2. Select PGP Trial Software Download in a ZIP file.

3. Download link is sent to you by email.

4. Download Trial version ZIP file.

5. Unzip and run the installer.

6. Enter your user name, email, etc.

   • NOTE: You have to provide an address where you work or live; according to US government regulations and export control policies the locations where PGP products can be downloaded are restricted, since they are considered munitions quality.

    

16. PGP Licensing

• Licensing: for free personal use select "use without license" option.

• Every key pair that PGP generates must have

  • user name associated with it

  • valid email account

  • secure passphrase to gain access to your keys

   

17. Further reading

• PGP Desktop 9.9 for Windows Quick Start Guide (900 KB PDF)

• PGP Quick Start screenshots

• PGP Desktop 9.9 for Windows User's Guide (6.5 MB PDF)

• An Introduction to Cryptography (1.2 MB PDF)

• PGP Glossary