FAQ -- IDseal Operational Questions
General
- What are the major steps that I need to take
so that I can start using the IDseal secure email service?
- I am inside a corporate firewall.
How do I use the IDseal service?
Key management
- How do I generate a key pair?
- What are the available key management functions?
- How do I backup my key pair?
- How do I send my public key to people?
- How do I put the public keys of
other people in my keyring?
Send email
- How do I send plain-text
(unencrypted and unsigned) email?
- How do I send secure (encrypted
and/or signed) email?
- How do I send an email attachment?
- Do the secure options (encrypt, sign)
for the email body necessarily identical to those for attachments?
- Why do I want to leave the file
uploading procedure to the very end, just before sending the message?
Receive email
- How do I receive plain text email?
- How do I receive secure email?
- How do I download
an attachment file?
- When I click the link to download
an attachment, the browser displays the file instead of opening
a dialog box for me to save the file. How do I fix it?
- How do I decrypt and/or verify
the digital signature of a downloaded attachment file?
General
What are the major steps that I need to take
so that I can start using the IDseal secure email service?
The IDseal secure email service is designed
to be very easy to use. The major steps to get started are
- Subscribe the IDseal service and set up a login username and password.
- Login to your IDseal account, and download
the IDseal Cryptographic Engine (ICE).
- Install the ICE.
- If you are inside a firewall and need to use a proxy,
configure the proxy setting of your web browser and
the ICE.
- If you alreay have a PGP-compatible key pair, import your key
into the ICE. If you are a new user to secure email and do not
have an existing PGO-compatible key pair,
create a new secret-public key pair using the ICE.
- Send and receive email messages.
- Exchange public keys with people whom you want to communicate with securely.
These steps are discussed in detail in
the Get Started Guide.
I am inside a corporate firewall
How do I use the IDseal service?
If you are inside a firewall and you need to access
the Internet through a proxy server, you need to set up
two things.
First, you need to set up your web browser to use the proxy.
Probably you have already done this since you are using the Internet.
Next, you need to set up your IDseal Cryptographic Engine
to use the proxy. To do this, you start the ICE,
login to the IDseal service, and then click "User Preference".
Check "Use a Proxy Server", and enter the hostname
(or ip address) and the port of your proxy server.
Finally click "Save".
Key management
How do I generate a key pair?
First make sure that the IDseal
Cryptographic Engine is running.
Click "Key Management", then click "Create key".
Enter the apropriate information and click "Create".
A new public/secret key pair will be generated.
What are the available key management functions?
The following are key management functions that are
available on the IDseal engine:
- Create Key -- generate a new public/secret key pair
- Delete Key -- delete key from the keyring
- Import Key -- import new key from a text file to the keyring
- Export key -- export selected key from the keyring into a text file
- Send Key -- send selected key from keyring by email
- Sign Key -- sign a public key that you receive from others
- Add email address -- add (associate) an additional email address to a secret/public key pair
- Delete email address -- delete an email address from a secret/public key pair
- Change Pass Phase -- change the pass phase that protects a secret key
How do I backup my key pair?
First make sure that the IDseal
Cryptographic Engine is running.
Click "Key Management".
Select your own public/private key pair,
then click "Export key".
Read the next screen, and click "Export All Keys".
When the save file dialog comes up,
select to save the key pair in a removable media such as
a floppy disk or a removable USB disk.
When the keys are stored, remove the media
and put it is a very safe place such as a safe deposit box in a bank.
You should also write down your pass phrase
and store it with your keys
in the safe deposit box.
The purposes of storing your backup key and the pass phrase
in a very safe place are two fold.
First, you want to make sure that in the case where
you need to access the backup, you can get to it.
Second, you want to make sure that no one eles but you
will be able to access the backup copy.
Since most magnetic media degrades over time,
it is probably a good idea to save a hard copy too.
The exported key pair file is a plain text file.
You can open it with a text editor and print its content.
Then you can store the hardcopy in the same place
you store your electronic copy.
How do I send my public key to people?
Login to your IDseal account and start ICE.
Click "Key Management", check your own kwn, and click "Send Key".
A page will show up with your public key in it.
You type the email addresses of the people whom
you want to send your public key,
and edit the "Subject" line as you desire.
Finally click "Send" and your public key
will be sent by emailto the recipients.
Another method to send your key is to first
export your public key into a file.
To do this, click "Key Management",
check your own key, and click "Export Key".
Now make sure that you click "Export WITHOUT Secret Key"
so that only the public key is exported.
When you are prompted, choose a file to save your public key in.
Now you can send the file as an attachment file in an email
to the people you desire.
How do I put the public keys of
other people in my keyring?
We assume that you receive the public key of other people
either as a text file, or as text inside an email.
For the case that you received a text file,
you cal import the file into your keyring.
To do so, click "Key Management" and click "Import Key".
Select the file that you wnat to import and click "Import".
If you receive a public key as in-line text in an email,
you need to save the text into a file.
To this end, you can open a text editor and then
cut and paste the text into a file.
Make sure that when you save the file, you save it
as plain text.
After this step, you can import the file using "Import Key"
as described in the previous paragraph.
Send email
How do I send plain text (unencrypted and unsigned) email?
Click the "Compose" button, then compose your message.
If there are attachments to be send,
then upload the attachments.
After that, you just click "Send" and the email will be sent.
Since you want to send plain-text email, please make sure
that the boxes "Encrypt" and "Sign" are not checked.
How do I send secure (encrypted and/or signed) email?
First make sure that the IDseal
Cryptographic Engine is running.
You also need to have the PGP-compatible public keys
of each email recipient in your keyring.
Then, we do the following steps in order:
- Enter the recipients' (to, cc, bcc) email addresses,
the subject and the message.
- Make sure that you (the sender) have already generated
a public-secret PGP-compatible key pair.
- Check either "Encrypt" or "Sign" or both.
- If you want to include attachments, click the
"Edit attachment" button and then select
the encryption option as appropriate.
We suggest that you upload the attachments as
your final step before sending the email.
If you change (add/delete) the recipients after uploading,
you will need to delete the document and upload again.
Otherwise, some recipients may not be able to decrypt the message.
How do I send an email attachment?
In order to include an attachment file,
we first need to upload the file to the IDseal servers.
To do so, click "Edit attachment" on the email compose page,
then click "Browse" to select the attachment file to be uploaded.
We can choose to send the attachment file either in
plain text, encrypted, signed, or both encrypted and signed.
The selection is done using the check boxes "encrypt" and "sign".
After we have made the selection, then click "Upload file"
to upload the attachment file.
When all the attachment files for an intended message
have been uploaded, click "Done".
Note that attachment files are handled one email message
at a time. That is, all the uploaded files are to be sent
in the same email message. If we want to send attachment
files in a second message,
we must first send the first message, then
upload the attachments for the second message.
Do the secure options (encrypt, sign)
for the email body necessarily identical to those for attachments?
No, they do not have to be. For example, we can send an email
where the main body text is signed but not encrypted,
whereas the attachment files in the email are both encrypted and signed.
To do this, all we need to do is to select the appropriate
options on the email compose page and on the upload attachment page.
As a matter of fact, different attachment files in
the same email message do not have to have the same secure options.
Why do I want to leave the file
uploading procedure to the very end, just before sending the message?
Suppose you want to send an encrypted email to a list
of recipients. When you upload the file and choose to encrypt it,
the ICE will retrieve the public keys of all the recepients,
and encrypt the file before uploading it to the server.
If later the user wants to insert additional recipients to the email,
then the added users will not be able to decrypt the file
that was uploaded before,
because the file was not encrypted using the public keys of the
additional users.
The only way to fix this is to delete the attachment,
and then upload it again.
Therefore, we want to upload the attachment files
after all the recipients of the email have been decided.
Hence the best way is to do the uploading at the very end,
just before sending the email message.
Receive Email
How do I receive plain text email?
Click "Get New Mail" to display a list of the emails received.
Then you can click on the appropriate email message to
display the content.
How do I receive secure email?
First make sure that the IDseal
Cryptographic Engine is running.
Click "Get New Mail" to display a list of all the emails received,
and click on the message that you want to read.
If the email is encrypted and/or signed,
click "decrypt and verify".
To decrypt an email, you will need to type in the
pass phase that protects your private key.
After you have entered the correct pass phase,
the email will be decrypted and displayed.
How do I download an attachment file?
On the email message display page, click on the link
corresponding to an attachment file.
A "save file" dialog box will pop up for you to
choose the location of the file to be saved.
When I click the link to
download an attachment,
the browser displays the file instead of opening
a dialog box for me to save the file. How do I fix it?
This problem is the result of
a confirmed bug in Internet Explorer version 5.5.
To fix this, you need to install Internet Explorer Service Pack 1
or higher, which can be obtained from the Microsoft web site.
How do I decrypt and/or verify
the digital signature of a downloaded attachment file?
Click the "decrypt & verify file" button in the navigation bar,
a window will pop-up that will prompt theuser to select
a file to be procesed.
After the user has selected a file and click "Decrypt File",
the user will be prompted to enter the pass phrase
that protects the secret key.
When the correct pass phrase is entered, the ICE
will decrypt the file and saves the result.
|