Embedded Linux
Solutions

FAQ -- IDseal Secure Email Get Started Guide

  1. System Requirements
  2. Sending and Receiving Plain-text Email
  3. Obtaining the IDseal Cryptographic Engine (ICE)
  4. Installing and starting the ICE
  5. Usage of cryptographic keys
  6. Creating your own Cryptographic Key
  7. Importing Keys to the ICE
  8. Other Key Related Operations
  9. Sending Secure Emails
  10. Receiving Secure Emails
  11. Exchange Public Keys with Other People

System Requirements

Before getting started, please ensure that your computer system satisfies the following requirements:

  • Windows 98se, ME, 2000 or XP. (Linux support will be coming soon.)
  • An installed web browser (Internet Explorer, Netscape, Opera).
  • An IDseal secure email account.
  • An IDseal Cryptographic Engine (ICE).
If you choose to install the ICE on a USB removable disk, you need
  • A USB removable disk.
  • An available USB port on your computer.
See What is the difference between installing the ICE on a hard disk versus on a USB removable disk?

After you have subscribed to the IDseal secure email, you will receive an email at the email address that you provided on the subscription form (not an IDseal.com email address unless you are renewing your existing service). A registration code is included in the email that you will receive. Please follow the instruction in the message to set up your IDseal username and password.

Back to Topics

Sending and Receiving Plain-text Email

Before started using secure email, we recommend that you become familiarize with sending and receiving plain-text emails with your idseal secure email account. For the time being, please ignore the secure email related buttons such as "manage key", "decrypt and verify file", "decrypt and verify" and "add to keyring". Also do not check the check boxes "encrypt" or "verify" in the compose email page for now.

The procedure of doing so is very similar to those you use for normal web based email services. Try sending and receiving a few email messages between the IDseal secure email account and your other email accounts to get a feel of what it is like. You can also try out the addres book, creating folders, moving emails between your folders, etc.

Note that the encrypted communications channel between your web browser and the IDseal email servers is always available. That means you are always automatically protected from your ISP and your corporate firewall admin person, even if you are only sending plain-text email. You can communicate in this way with any person at any email address.

Back to Topics

Obtaining the IDseal Cryptographic Engine (ICE)

Before you can use the secure email capabilities, you first need to download the IDseal Cryptographic Engine (ICE). To download the ICE, you first need to login at the IDseal web site. This means that you need to have an IDseal account. If you do not have an account and want to establish one, you can go to the subscription page and sign up for an account.

After you have logged into your IDseal account, click the "Download" button on the top of the page, select the version of ICE for the platform that you are running on, and save the file on your computer. At this moment, ICE is available for Windows(98/ME/NT/2000/XP). Linux support will be available very soon.

Back to Topics

Installing and starting the ICE

On Windows (98/ME/NE/2000/XP), double-click the downloaded file. It will start the installer to install the ICE to the folder "C:\Program Files\IDseal". It also creates an entry in your start menu and a Windows shortcut on your desktop. This installation puts the ICE on your hard disk, and you can run your ICE from there. The ICE contains cryptographic and communications software, as well as handles key management functions. To use the ICE on your hard disk, double click the ICE icon on your desktop. You will see a dos window open up, and the ICE is now ready and is listening to commands from your web browser. It is very important to keep this window and ICE running when you want to send/receive encrypted messages and perform key management function. Do not hit "Control-C" or click "x" to close the window. The window will display messages to tell you what ICE is doing when the ICE is communicating with your browser and the IDseal email server. If you do not want the ICE to clutter up your Desktop, yuou can click the box labelled "_" to minimize this DOS window. For those users who only wants to run the ICE from their hard disk, you can jump ahead to the next section Usage of cryptographic keys.

If you ordered the USB removable disk and have not received it yet, you can run your ICE from your hard disk for the time being. After you have received your USB disk, you can plug it to your computer and install the ICE on it using the following procedure. First connect the USB disk to the USB port on your computer. For some computers where the USB port is located at the back of the casing, you can use the extension cable that comes with the ICE to makes connecting and removing the ICE easier.

  • Driver installation for Windows 2000, XP, ME -- For these platforms, a driver will be automatically installed for you the first time you plug your ICE into the USB port. Just sit back and wait for the driver installation to complete. After the installation procdure is completed, you will see a new disk showing up under "My Computer". When you want to remove the USB disk (e.g. after an email session), click on the "Unplug or Eject Hardware" icon on your window task bar, then click "Stop USB Mass Storage Device". When you see a pop-up window with the message "The 'USB Mass Storage Device' can now be safely removed from the systrem.", then you can remove the USB removable disk from your computer.
  • Driver installation for Windows 98 SE -- Insert the driver floppy disk into your computer, double click "Setup", and then follow the screen instructions to install the driver. After the driver is installed, remove the floppy disk. Then plug the ICE into the USB port of your computer and you will see a new disk showing up under "My Computer".

To install the ICE onto the USB removable disk, simply copy the folder "C:\Program Files\IDseal" to the USB disk. The ICE is now installed and you can run the ICE from the USB disk. Depending on what hardware was connected to your Windows computer at the time you plug in your USB disk, Windows can associate the USB disk with different disk drive designators (e.g. D:, E:, F:, ...) every time. As a result we do not recommend to associate a start menu item with the ICE on your USB disk. To avoid future confusion, we recommend that you remove the IDseal engine on your desktop. (You can drag the shortcut to the trash can.) To start the ICE on the USB disk, double-click the following in sequence: "My Computer", "Removable disk" (the one that corresponds to the USB disk), "IDseal", "IDseal.exe".

Back to Topics

Usage of cryptographic keys

When you start using the ICE and the IDseal secure email service, the ICE stores your cryptographic keys on "keyring" files in the sub-folder "keys" in the folder tha contains the ICE. Hence it is a good idea to backup the IDsealEng folder from time to time since it contains all the cryptographic keys that you will be using.

For users who uses the USB disk, note that the procedure of copying the folder "C:\Program Files\IDseal" to the USB disk also copies the cryptographic keys used by IDseal. After this point, it is best to use the ICE on the USB disk exclusively and not use the ICE on the hard disk any more. The reason is that when using the ICE, the user may add or delete keys to the keyrings. If the user sometimes uses the ICE on the hard disk and sometimes uses the ICE on the USB disk, it is possible that the cryptographic keyrings in the two places can be "out of sync", i.e. that the cryptographic keys on the hard disk and on the USB disk are different. If you keep using the copy of ICE on your USB disk, you will never have the "out of sync" problem.

Back to Topics

Creating your own Cryptographic Key

If you have never used secure email before, or you do not have a PGP-compatible key pair, you must create a new public/secret key pair for yourself. If you already have an existing PGP-compatible key pair that you want to use with IDseal, please skip to the next question Import Keys to the ICE.

To create a new key pair, logged into your IDseal secure email account, and check that the ICE is running on your computer. Click "Manage Key" and you will see a new window opening up with a number of buttons corresponding to various cryptographic functions. If instead you see a window reporting that the page cannot be opened, that most likely means your ICE is not running. Please start you ICE according to the information in Preparing and Starting the IDseal Cryptographic Engine (ICE).

Click "Create Key" and you will see a form in your Window. Enter the email address, which should be your idseal email address (yourusername@idseal.com), and a pass phase that will be used for protecting your secret key. Although it is not required, it is generally a good idea to enter a name in the "Name" textbox. When these are done, click "Create".

Clicking the "Create" button will invoke the ICE to create a new key pair (public/secret key) for you. Generating a new cryptographic key pair is a complicated operation that requires significant computation. It can take a minute or two. Please wait until it is done. When it is done, the new key will be stored in a key ring, which is a specially designed file for storing keys.

Back to Topics

Importing Keys to the ICE

There are generally two reasons that you will want to import keys.

  1. You might have an existing PGP-compatible key pair that you want to use with your IDseal secure email account. In that case, you will wnat to import you existing key into the keyring associated with ICE, and then add an association of that key with your IDseal email address.
  2. You need to have the public key of the people to whom you want to send secure email. Hence you will want to import the public keys of those people into your keyring associated with the ICE.

In order to import a PGP-compatible key, you must have the key stored in a file in ASCII format. Then you log into your IDesal secure email account, and make sure that the ICE is running on your computer. Click "Manage Key", and then click "Import Key". Click "Browser" to select the file that contains the PGP-compatible key. Finally, click "Import". When the key is imported, you will see that they key appears in the list of keys. If you imported your own public/secret key pair which you created elsewhere, you will want to add your IDseal email address to your key pair. To do so, click "Add email address", check your key pair and enter your IDseal email address, then click "Add Email Address to Above Key" on the form.

Back to Topics

Other Key Related Operations

When you are logged into your IDseal secure email account, and have the ICE running on your computer, you can click "Manage Keys" to pop-up a window with a selection of the following key related operations:

  • Create Key -- Create a new public/secret key pair and put it in the key ring
  • Delete Key -- Delete a key from the key ring
  • Import Key -- Import a key from an ASCII (text) file to the key ring
  • Export Key -- Export a key from the key ring to an ASCII (text) file
  • Add Email Address -- Associate an email address to a public/secret key pair in the key ring
  • Delete Email Address -- Remove an email address from a public/secret key pair
  • Change Pass Phrase -- Change the passphrase that protects your secret key

It is important to note that each key is associated with either one email address or multiple email addresses. When you send an encrypted email message, the software will obtain a list of recepients from the "To", "Cc" and "Bcc" fields. Then the ICE will encrypt the message using the keys that match the email addresses in the list of recipients.

Back to Topics

Sending Secure Emails

To send a secure email, log into your IDseal secure email account and check that the ICE is running on your computer. Click "Compose email" and type the recipients and the email message as usual. The only additional step that you need to do is to check the "encrypt" and/or the "sign" checkboxes as you desired. After this step, you simply click "Send" and your email will be processed by the ICE before it is sent out. Since the email is encrypted by the ICE running on your computer (if you choose to encrypt), you are guaranteed that the message is secured before it leaves your computer.

If you choose to include attachment files in your email, you will need to upload your attachment files before sending your email. To do this, click "Edit Attachment" and select the attachment files to be uploaded and included in your email. Just make sure that you check "encrypt" and/or "sign" as appropriate on the file upload page. When you are done uploading attachment files, click "ok" on the upload attachment page, and then click "send" on the email compose page.

Note that the secure options (encrypt, sign) for the attachment files do not neceassarily have to be identical to those of your main text. For example, you can send an email where the main text is encrypted, whereas an attachment file is signed, and another one is sent in plain-text format.

There is an important note regarding the sending of attachment files in a secure email message. We strongly suggest that when sending a secure email message with file attachment, you leave the file uploading procedure near the very end. That is, it is best to compose the entire message, enter all the recipients of the email, then upload the attachment files, and click "Send". Let us consider an example in the next paragraph.

Suppose Alice decides to send Bob an encrypted message that also contains an attachment file. Alice goes to the email compose page, enters Bob's email address in the "To" box, and then starts to type the text of the email message. Before Alice completes this step, she clicks "Edit Attachment" to upload an attachment file. Alice selects a file, checks the "encrypt" box, and then clicks "upload" to upload the file. The ICE now encrypts the attachment file using Alice's and Bob's public keys, and uploads the encrypted file to the server. When the uploading is completed, Alice clicks "Done" and return to the email compose page to continue compose her message. When this procedure is completed, Alice now wants to send a copy of the email to Charlie. So Alice enters Charlie's email address in the "Cc" box, checks "encrypt" to encrypt the message, and then clicks "Send". Now the ICE encrypts the main text of the email using the public keys of Alice, Bob and Charlie, then the ICE sends the encrypted message to the IDseal server. The IDseal server combines the encrypted main text and the encrypted attachment file into an email, and sends the email to Bob and Charlie.

Now Bob receives the email and he can decrypt both the main text and the attachment file. Charlie, on the other hand, can decrypt the main text but is not able to decrypt the attachment file. So what is the problem?

The problem is that Alice uploaded the attachment file before she decided to send a copy of the message to Charlie. As a result, the ICE did not use Charlie's public key when encrypting the attachment file and hence Charlie would not be able to decrypt the attachment. If Alice had noticed this problem before she clicked the "Send" button to send the email, she would need to delete the uploaded attachment file, and the re-upload it. If she uploaded it after she has typed Charlie's email address in the "Cc" box, then ICE would also used Charlie's public key when encrypting the attachment file. Actually the ICE will use all the email address typed in the "To", "Cc" and "Bcc" boxes when encrypting the attachment. This is why it is important to leave the attachment uploade step at the very end just before sending the email.

Back to Topics

Receiving Secure Emails

When someone sends an IDseal secure email user an email message, it is delivered to the intended IDseal mailbox the same way regardless of whether the email is in plain text, is encrypted, contains just the main email text, contains an attachment, etc. When a user logs into the IDseal email account and click on the title of a message, the corresponding message is displayed. If the message is in plain-text, then of course the user will be able to read the text immediately. If the message is encrypted, the user will see the encrypted text enclosed by a header as shown in the following. 

-----BEGIN PGP MESSAGE-----
Version: IDsealPG v1.0 (Windows)
Comment: Please visit https://www.idseal.com and http://www.idzap.com

hQIOA8Rqi0q968a5EAf9HZXQ4jPwCRL2Z1fzJ/4fBJjjN+FZ0HX5RsV0Ov+Z8xR9
ekXEQWYcQQoNHcAWC4I+avRl50gzF01Ugf3YyXPQBeGpVirnzWB5eaD9VUn8IIf7
....
....
jQo2cTEj6HOoC0DkaPCJ6lacvPfOrYjGn57zJk4uwSjnVw0X9LTaDnwDJ+hlN7te
fV1aR2Oy9XYPj2HPVabFIOXnj0bSqQ==
=UBvv
-----END PGP MESSAGE-----
It is obviously necessary to decrypt the message before this will make any sense to the email recipient. To decrypt the message, first make sure that the ICE is running. The user will click the "decrypt and verify" button on the navigation bar, then the email will be routed to the ICE. In order to decrypt this message, the ICE will prompt the user to enter the pass phrase that protects his/her secret key. When the correct pass phrase is entered, the ICE will decrypt the message and displays the plain text message in the browser. And in case the email was also digitally signed, the digital signature will be verified for the authenticity of the message.

Note that there is a time-out mechanism built into the ICE. If the user performs multiple decryption procedures within the time-out period, the user will only need to enter the pass phrase once.

If the message contains an attachment file, the user can link on the link to download the attachment. The download procedure is the same whether the attachment file is encrypted, signed, both encrypted and signed, or in plain text. If a file is in plain text, the filename should be identical to the name of the file on the sender's computer. If the file is enctyped, signed, or both encrypted and signed, then an additional file extension ".asc" will be attached to the file. For example, if the original file is "agenda.doc", it will become "agenda.doc.asc". When an encrypted and/or signed file is downloaded, it is necessary to perform decryption and/or signature verification. To this end, the user can click "decrypt & verify file" in the navigation bar. It will pop-up a window, which will prompt the user to select a file to be processed, and to enter the pass phrase that protects the secret key. When the correct pass phrase is entered, the ICE will proceed to decrypt the file and/or verifies its signature.

Back to Topics

Exchange Public Keys with Other People

In order to communicate with secure email with another person, you need to exchange public keys. The procedures are given in How do I send my public key to other people? and How do I put the public keys of other people in my keyring?

Back to Topics

IDseal Secure Email Users | IDsecure Subscribers | Subscribe IDseal / IDsecure | Free anonymous surfing | Free Registration
Home | Services | Privacy Statement | Site policy | FAQ | Books | Links | Contact

Copyright of pages retrieved through IDzap resides with the originator of those pages.
IDzap LLC owns the copyright of the IDzap created portion.
Copyright © 1999, 2002, IDzap, LLC. All rights reserved.