MXC Software Logo  
 MXC Software provides low cost software to protect your digital assets.  
HomeSolutions/ProductsDeployment/InstallationAbout CryptographyUser ManualTutorialFAQ
  Getting Started
  Login and Logout
  Managing Keys And Certificates
  Working With Certificate Authorities (CAs)
  Exchanging Certificates/Public Keys
  Signing and Encrypting Your Files and Folders
  Signing and Encrypting Your Emails
  Countersignatures
  Working With Archives
  Managing Your Online Account
  Using the Personal Information Editor
  Wiping Files and Cleaning Disk Free Space
  Other Microsoft Outlook Support
  Using Security Tokens
  Changing Options
  Changing Pass Phrase
 

Managing Keys And Certificates

In this section we will describe how to use iSafeguard™ Certificate Manager to manage your keys and certificates as well as using the Certificate Viewer to examine the contents of X.509 certificates and set certificate trust.

If you are not familiar with keys and certificates you may go back to read Introduction to Cryptography section.

iSafeguard™ Certificate Manager

A screen shot of iSafeguard™ Certificate Manager is shown below. There are four tabs in iSafeguard™ Certificate Manager:

  • Personal tab that shows all your personal certificates (end entity certificates with private keys)
  • Other People tab that shows all other people's certificates (end entity certificates without private keys)
  • Intermediate Certificate Authorities that lists all intermediate CA certificates and
  • Root Certificate Authorities that lists all root CA certificates

iSafeguard™ Certificate Manager supports context menu, i.e. you can right click your mouse button to select a command instead of using the buttons. An example of the context menus is shown below.

To start iSafeguard™ Certificate Manager:

  1. Login if you are not currently logged in;
  2. Locate the golden lock icon on the taskbar;
  3. Right click your mouse button on the lock;
  4. Select Certificate Manager from the popup menu.

The following screen shot shows you where the taskbar icon locates and the content of the popup menu.

The following table summarizes the functions of iSafeguard™ Certificate Manager.

Operation Description
Create Create a new self-signed certificate, enroll into a PKI or renew the select certificate. Please refer to section Tutorial: Creating A New Certificate for more information.
Import Import a certificate from a cer or xcc file, or import a certificate and the associated private key from a xck file. You use this function to add other people's certificates to your profile or restore your backup xck file. You may also use drag and drop to import cer, xcc and xck files.
Export Export a certificate to a cer file, xcc file or export a certificate plus the related private key to a xck file. Export your certificate to give it to other people; Or export your certificate along with the private key to a file as backup. You may also use drag and drop to export your certificate.
Remove Remove a certificate and the private key, if existing, from your profile. When you no longer use some certificate, you can just get rid of it.
Open View the contents of a certificate and set certificate trust for self-signed certificates. You may use it to examine the detail information about a certificate, such as issuer, expiration date, etc.

Note: When you export your certificate along with your private key, your private key are encrypted with a session key derived from your login name and a pass phrase you provide. Therefore you must enter the same login name and pass phrase to decrypt the certificate and private key when you import them back to your profile.

To create a new certificate (and key pair):

  1. Start iSafeguard™ Certificate Manager;
  2. Click the Create... button; the Certificate Generation Wizard starts;
  3. Follow the instruction to create a new certificate (and a key pair).

To import a certificate:

  1. Start iSafeguard™ Certificate Manager;
  2. Click the Import... button; the certificate import wizard shows;
  3. Follow the wizard to import the certificate.

Or alternatively you can drag a certificate/key file from Windows Explorer to the Certificate Manager. Then following the wizard to import the certificate.

If you receive a certificate from someone in email you can select the base64 text and then drag and drop the selected text to iSafeguard™ Certificate Manager. Or simply use the hotkey feature (Ctrl+Shift+P).

To export a certificate:

  1. Start iSafeguard™ Certificate Manager;
  2. Select the certificate you want to export;
  3. Click the Export... button; the certificate export wizard shows;
  4. Follow the wizard to export the certificate.

Or alternatively you can drag a certificate from iSafeguard™ Certificate Manager and drop it to your email program (or other applications). However when using drag and drop you can only export the standard X.509 certificate. You can neither export your private key nor extended certificate properties using drag and drop.

To remove a certificate:

  1. Start iSafeguard™ Certificate Manager;
  2. Select the certificate you want to remove;
  3. Click the Remove button and then confirm the operation.

To renew a certificate:

  1. Start iSafeguard™ Certificate Manager;
  2. Right click the mouse button on the certificate you want to renew;
  3. Select Renew selected certificate... from the popup menu;
  4. Follow the wizard to renew the selected certificate.

To email a certificate:

  1. Start iSafeguard™ Certificate Manager;
  2. Right click the mouse button on the certificate you want to email;
  3. Select Email selected certificate... from the popup menu.

Certificate Viewer

You may use the Certificate Viewer to examine the content of a X.509 V3 digital certificate and set trust for self-signed certificates as shown in the following figures. The first screen shot shows the General tab that highlights the general information about the certificate.

The second screen shot shows the Detail tab with the public key selected - the public key is displayed in the lower portion of the viewer.

The above examples show a self-signed certificate with private key. Now let's take a look at the viewer when viewing a self-signed certificate without private key. From the screen shots you can see that there is new tab called Certificate Signers. This tab lists all the signers of the certificate.

In the above example there is one signer Alice Smith. If you have verified her certificate's thumbprint you may choose to trust the certificates with her digital signatures.

To better understand a X.509 certificate, open the certificate with the certificate viewer and click on different fields to examine its details.

Note: The certificate viewer shows different tabs based on the certificate type.

Finding the Thumbprint of A Certificate

To find a certificate's thumbprint

  1. Start iSafeguard™ Certificate Manager;
  2. Import the certificate you want to verify if you have not done so;
  3. Select the certificate you want to verify in iSafeguard™ Certificate Manager;
  4. Click the View button; or simply double-click on the certificate to bring up the certificate viewer;
  5. Click the Details tab and then select the Thumbprint field;
  6. The lower portion of the viewer shows the thumbprint.

The string display in the lower window is your certificate's thumbprint that is a 40 digit hex number. You use this number (thumbprint) to verify the genuineness of a certificate. The thumbprint will never fool you.

Setting Trust for Self-signed Certificate

To set trust of a self-singed certificate

  1. Start iSafeguard™ Certificate Manager;
  2. Select the certificate you want to set trust in iSafeguard™ Certificate Manager;
  3. Click the View button; or simply double-click on the certificate to bring up the certificate viewer;
  4. Click the General tab and then click the Set Trust... button to bring up the Self-signed Certificate Trust Setting dialog box;
  5. Choose how you want to trust the certificate and then click OK.

A screen shot of the certificate trust setting dialog box is shown in the figure below.

In this example you may choose to trust the certificate directly after having verified the thumbprint, or trust its signers, or not trust it at all.

Extended Certificate Properties

An extended certificate property is attached the certificate but not part of the certificate itself. iSafeguard™ uses extended certificate to store extra information, such as the certificate owner's instant messenger ID. A screen shot is shown in the following figure.

iSafeguard™ uses the instant messenger IDs to find the certificates to sign and encrypt a session key when you start a secure instant message session.

Drag and Drop Supports

To import a .cer, .xcc or .xck file using drag and drop

  1. Start iSafeguard™ Certificate Manager
  2. Locate the file in Windows Explorer
  3. Drag the file from Windows Explorer and drop it to iSafeguard™ Certificate Manager window
  4. Follow the wizard

To import a certificate, extended certificate or private key that is base-64 encoded text directly from your email program

  1. Start iSafeguard™ Certificate Manager
  2. Select the base-64 encoded text in your email program
  3. Drag the selected text to iSafeguard™ Certificate Manager window
  4. Follow the wizard

To export a certificate from iSafeguard™ Certificate Manager directly to your email program as base-64 encoded text

  1. Start iSafeguard™ Certificate Manager
  2. Select a certificate from iSafeguard™ Certificate Manager drag it to your email program

However you can only export standard certificate when you drag and drop a certificate to an application that supports drag and drop. Neither extended properties (including certificate signers) nor private keys can be exported this way.


Trademarks Copyright ?2001-2007 MXC Software. All rights reserved.