FAQ -- IDseal Operational Questions

General

1. What are the major steps that I need to take so that I can start using the IDseal secure email service?
2. I am inside a corporate firewall. How do I use the IDseal service?

Key management

1. How do I generate a key pair?
2. What are the available key management functions?
3. How do I backup my key pair?
4. How do I send my public key to people?
5. How do I put the public keys of other people in my keyring?

1. How do I send plain-text (unencrypted and unsigned) email?
2. How do I send secure (encrypted and/or signed) email?
3. How do I send an email attachment?
4. Do the secure options (encrypt, sign) for the email body necessarily identical to those for attachments?
5. Why do I want to leave the file uploading procedure to the very end, just before sending the message?

1. How do I receive plain text email?
2. How do I receive secure email?
3. How do I download an attachment file?
4. When I click the link to download an attachment, the browser displays the file instead of opening a dialog box for me to save the file. How do I fix it?
5. How do I decrypt and/or verify the digital signature of a downloaded attachment file?

What are the major steps that I need to take so that I can start using the IDseal secure email service?

The IDseal secure email service is designed to be very easy to use. The major steps to get started are

• Subscribe the IDseal service and set up a login username and password.
• Login to your IDseal account, and download the IDseal Cryptographic Engine (ICE).
• Install the ICE.
• If you are inside a firewall and need to use a proxy, configure the proxy setting of your web browser and the ICE.
• If you alreay have a PGP-compatible key pair, import your key into the ICE. If you are a new user to secure email and do not have an existing PGO-compatible key pair, create a new secret-public key pair using the ICE.
• Send and receive email messages.
• Exchange public keys with people whom you want to communicate with securely.

I am inside a corporate firewall How do I use the IDseal service?

If you are inside a firewall and you need to access the Internet through a proxy server, you need to set up two things.

First, you need to set up your web browser to use the proxy. Probably you have already done this since you are using the Internet. Next, you need to set up your IDseal Cryptographic Engine to use the proxy. To do this, you start the ICE, login to the IDseal service, and then click "User Preference". Check "Use a Proxy Server", and enter the hostname (or ip address) and the port of your proxy server. Finally click "Save".

How do I generate a key pair?

First make sure that the IDseal Cryptographic Engine is running. Click "Key Management", then click "Create key". Enter the apropriate information and click "Create". A new public/secret key pair will be generated.

What are the available key management functions?

The following are key management functions that are available on the IDseal engine:

• Create Key -- generate a new public/secret key pair
• Delete Key -- delete key from the keyring
• Import Key -- import new key from a text file to the keyring
• Export key -- export selected key from the keyring into a text file
• Send Key -- send selected key from keyring by email
• Sign Key -- sign a public key that you receive from others
• Add email address -- add (associate) an additional email address to a secret/public key pair
• Delete email address -- delete an email address from a secret/public key pair
• Change Pass Phase -- change the pass phase that protects a secret key

How do I backup my key pair?

First make sure that the IDseal Cryptographic Engine is running. Click "Key Management". Select your own public/private key pair, then click "Export key". Read the next screen, and click "Export All Keys". When the save file dialog comes up, select to save the key pair in a removable media such as a floppy disk or a removable USB disk. When the keys are stored, remove the media and put it is a very safe place such as a safe deposit box in a bank. You should also write down your pass phrase and store it with your keys in the safe deposit box.

The purposes of storing your backup key and the pass phrase in a very safe place are two fold. First, you want to make sure that in the case where you need to access the backup, you can get to it. Second, you want to make sure that no one eles but you will be able to access the backup copy.

Since most magnetic media degrades over time, it is probably a good idea to save a hard copy too. The exported key pair file is a plain text file. You can open it with a text editor and print its content. Then you can store the hardcopy in the same place you store your electronic copy.

How do I send my public key to people?

Login to your IDseal account and start ICE. Click "Key Management", check your own kwn, and click "Send Key". A page will show up with your public key in it. You type the email addresses of the people whom you want to send your public key, and edit the "Subject" line as you desire. Finally click "Send" and your public key will be sent by emailto the recipients.

Another method to send your key is to first export your public key into a file. To do this, click "Key Management", check your own key, and click "Export Key". Now make sure that you click "Export WITHOUT Secret Key" so that only the public key is exported. When you are prompted, choose a file to save your public key in. Now you can send the file as an attachment file in an email to the people you desire.

How do I put the public keys of other people in my keyring?

We assume that you receive the public key of other people either as a text file, or as text inside an email.

For the case that you received a text file, you cal import the file into your keyring. To do so, click "Key Management" and click "Import Key". Select the file that you wnat to import and click "Import".

If you receive a public key as in-line text in an email, you need to save the text into a file. To this end, you can open a text editor and then cut and paste the text into a file. Make sure that when you save the file, you save it as plain text. After this step, you can import the file using "Import Key" as described in the previous paragraph.

How do I send plain text (unencrypted and unsigned) email?

Click the "Compose" button, then compose your message. If there are attachments to be send, then upload the attachments. After that, you just click "Send" and the email will be sent. Since you want to send plain-text email, please make sure that the boxes "Encrypt" and "Sign" are not checked.

How do I send secure (encrypted and/or signed) email?

First make sure that the IDseal Cryptographic Engine is running. You also need to have the PGP-compatible public keys of each email recipient in your keyring. Then, we do the following steps in order:

1. Enter the recipients' (to, cc, bcc) email addresses, the subject and the message.
2. Make sure that you (the sender) have already generated a public-secret PGP-compatible key pair.
3. Check either "Encrypt" or "Sign" or both.
4. If you want to include attachments, click the "Edit attachment" button and then select the encryption option as appropriate. We suggest that you upload the attachments as your final step before sending the email. If you change (add/delete) the recipients after uploading, you will need to delete the document and upload again. Otherwise, some recipients may not be able to decrypt the message.

How do I send an email attachment?

In order to include an attachment file, we first need to upload the file to the IDseal servers. To do so, click "Edit attachment" on the email compose page, then click "Browse" to select the attachment file to be uploaded. We can choose to send the attachment file either in plain text, encrypted, signed, or both encrypted and signed. The selection is done using the check boxes "encrypt" and "sign". After we have made the selection, then click "Upload file" to upload the attachment file. When all the attachment files for an intended message have been uploaded, click "Done". Note that attachment files are handled one email message at a time. That is, all the uploaded files are to be sent in the same email message. If we want to send attachment files in a second message, we must first send the first message, then upload the attachments for the second message.

Do the secure options (encrypt, sign) for the email body necessarily identical to those for attachments?

No, they do not have to be. For example, we can send an email where the main body text is signed but not encrypted, whereas the attachment files in the email are both encrypted and signed. To do this, all we need to do is to select the appropriate options on the email compose page and on the upload attachment page.

As a matter of fact, different attachment files in the same email message do not have to have the same secure options.

Why do I want to leave the file uploading procedure to the very end, just before sending the message?

Suppose you want to send an encrypted email to a list of recipients. When you upload the file and choose to encrypt it, the ICE will retrieve the public keys of all the recepients, and encrypt the file before uploading it to the server. If later the user wants to insert additional recipients to the email, then the added users will not be able to decrypt the file that was uploaded before, because the file was not encrypted using the public keys of the additional users. The only way to fix this is to delete the attachment, and then upload it again. Therefore, we want to upload the attachment files after all the recipients of the email have been decided. Hence the best way is to do the uploading at the very end, just before sending the email message.

How do I receive plain text email?

Click "Get New Mail" to display a list of the emails received. Then you can click on the appropriate email message to display the content.

How do I receive secure email?

First make sure that the IDseal Cryptographic Engine is running. Click "Get New Mail" to display a list of all the emails received, and click on the message that you want to read. If the email is encrypted and/or signed, click "decrypt and verify". To decrypt an email, you will need to type in the pass phase that protects your private key. After you have entered the correct pass phase, the email will be decrypted and displayed.

How do I download an attachment file?

On the email message display page, click on the link corresponding to an attachment file. A "save file" dialog box will pop up for you to choose the location of the file to be saved.

When I click the link to download an attachment, the browser displays the file instead of opening a dialog box for me to save the file. How do I fix it?

This problem is the result of a confirmed bug in Internet Explorer version 5.5. To fix this, you need to install Internet Explorer Service Pack 1 or higher, which can be obtained from the Microsoft web site.

How do I decrypt and/or verify the digital signature of a downloaded attachment file?

Click the "decrypt & verify file" button in the navigation bar, a window will pop-up that will prompt theuser to select a file to be procesed. After the user has selected a file and click "Decrypt File", the user will be prompted to enter the pass phrase that protects the secret key. When the correct pass phrase is entered, the ICE will decrypt the file and saves the result.