FAQ
If you have any question regarding how the software works or related we love to
hear from you. Send your questions to
help@mxcsoft.com.
Why should I use encryption?
Well, you don't have to. Actually encryption adds extra inconvenience. For example,
if you want to open an encrypted file you have to decrypt it first. Once done you
have to encrypt it again. To read an encrypted email, you have to hit a hot key
to decrypt the encrypted message.
But remember there are so many prying eyes trying to find out your secrets, some
may be just curiosity, some may really want to steal your sensitive information
for their benefits. Without the protection (inconvenience) you are vulnerable.
iSafeguard™ simplifies the user interaction without compromising security.
You can, for example, open your encrypted file with one context menu selection;
or encrypt your email message with a single hot key. Actually once you get used
to using encryption software you will feel much better and be glad that you use
one.
What is difference between a login name and certificate common
name?
The iSafeguard™ login name is the name that you use to login to the system.
The combination of your login name and login pass phrase is used to decrypt your
private key stored in the your profile.
The name in a certificate is the name that shows in the certificate manager and
your recipients will see that name too when you sign a message.
What is the encryption algorithm used in Personal
Information Editor?
168 bit 3DES and RSA.
Remember that you must choose a RSA key length at least 2048 to get the full security
3DES provided. If you choose a 1024 RSA key length, for example, you won't be able
to get the full security 3DES provides. The security is only as strong as the weakest
chain.
What is two-factor security?
Two-factor security says to access something protected you need to have
- Something you have, and
- Something you know.
It is probably one of the best security models.
iSafeguard™ follows this model. To decrypt a file or access something encrypted
you must
- Have your profile (something you have), and
- Know your pass phrase (something you know).
I am not asked to enter a pass phrase when opening
a PIE file. Why?
The Personal Information Editor uses RSA and 3DES. That is why every time you run
the editor you are required to log in. Your login name and pass phrase are required
to access your profile. When loading a PIE file the private key of your choice is
used. When saving a PIE file corresponding public key is used.
Therefore you only need to remember one pass phrase instead of a pass phrase for
every PIE file, which makes your life a little bit easier.
Where is my profile stored?
By default your profile is stored in your "My Documents" directory but you can move
it somewhere else. To find the location of your profile login to iSafeguard™
and start the Options dialog box from the taskbar menu. On the first tab you will
find your profile path.
How does signing and encrypting in iSafeguard™
work?
iSafeguard™ uses RSA PKCS #7 Cryptographic Message Syntax (CMS) Standard published
by RSA Laboratories, a division of RSA Data Security, Inc. Details on this specification
are available on their Web site http://www.rsa.com.
When encrypting data a session key is generated to encrypt the data. And then
the intended recipients' public keys are used to encrypt the session key. Finally
the encrypted session key and the encrypted message are sent to the recipients.
When decrypting one of the recipients' private key is used to decrypt the session
key. And then the session key is used to decrypt the message.
When signing the message is digested to generate a hash value using SHA1 or MD5,
then the hash value is encrypted with signer's private key to generate a digital
signature.
When signing and encrypting the message is first signed with the signer's private
key and then encrypted with recipients' public keys.
There are two key lengths, 2048 and 128, I
am confused.
If RSA were fast enough you would have one key length instead of two. RSA is rarely
used to encrypt a message because it is much slower than 3DES and RC2. Therefore
a 3DES or RC2 session key is used to encrypt a message and a RSA is used to encrypt
the session key that is much shorter than the message. Refer to
FAQ: How does signing and encrypting in iSafeguard™ work? for more
information.
The 2048 key length is the RSA key pair length and the 128 key length is the
session key length. If 3DES is used the session key length is 168 bits.
When I hit hot keys nothing happens. Why?
First check to make sure you are logged in. If you are not the hot keys will not
work since you need to access your private keys and certificates. To find out if
you are logged in try to find the golden lock icon on the task bar (see figure below).
If you can't find the lock you are not logged in.
Next make sure you click once in the window that contains the content you want sign
and encrypt or decrypt and verify. This makes that window have the input focus.
Remember that hot keys work with the window that has the input focus.
What is the man-in-the-middle attack?
It is possible someone might intercept your certificate (public key) and replace
it with his own - this is the so-called man-in-the-middle-attack. In this way the
attacker could intercept any encrypted email intended for you, decrypt it using
his own private key, then encrypt it again with your real certificate and send it
on to you as if nothing had ever happened.
Therefore it is very important to verify the certificates you received from your
friends by checking the thumbprints of the certificates with your friends. Once
the thumbprints of the certificates you received are verified you are sure your
communications are secure.
How can I secure my profile?
To secure your profile you must choose a good pass phrase that is hard to guess.
And optionally do the following
- Rename your profile to something like WinEtc.dll and move it to your Windows system
directory where thousands of DLLs locate. This makes it harder to find your profile.
- A better way to protect your private keys is to use Smartcard/Security Token. In
most case the private keys stored in a Smartcard/Security Token cannot be exported.
This effectively avoids any one from stealing your private keys.
Can encrypted emails carry virus?
Yes it can, just like regular emails can.
However a signed and/or encrypted email before decryption is nothing more than text.
When you receive such an email it is safe to open it with your email program.
But if you view the content with iSafeguard™ mini-viewer the viewer will decrypt
and display the content. This could run the malicious code if there is any in the
email.
It is strongly recommended that you do the following:
- Insisting your correspondents to sign all emails sent to you; since signing an email
must be done manually - this eliminate the possibility of some malicious code fake
a digital signature.
- Checking the crypto properties of the email. Checking crypto properties is safe
even if there is malicious code in the email content.
- Making sure the email's signer is trusted by validating the signer's certificate.
And don't automatically trust the sender's identity shown in your email program
it could be fake or used. But the signer's digital signature will never fool you.
- If you trust the signer you may then use the mini-viewer to display the content.
Otherwise delete it from your inbox.
Why can't I decrypt encrypted emails I received?
When you receive an encrypted email message you can read it with hot key (Ctrl+Shift+R).
A viewer is launched and the decrypted message is shown. You can't decrypt the message
because we believe the original message should be kept encrypted.
I encrypted some data with one of my certificates
stored on my computer. However I can't decrypt the data and get error "Invalid type
specified." What is going on?
You can import the certficate from your computer to your profile, then you will
be able to decrypt the data. The reason for this failure is that the key pair is
stored in MS Base CSP which does not support stronger encryption algorithms like
3DES.
How can I delete a certificate and the related
keypair from my computer?
Use iSafeguard™ Certificate Manager. Make sure you turn on option Allow using
certificates on my computer so the certificates on your computer shows in
iSafeguard™ Certificate Manager.
|