Configuration
Before you start encrypting and decrypting messages using
FileCrypt, you must configure some basic settings: You need to select
or create your public and secret key rings, choose the applications
in which you will use FileCrypt, set some preferences, ...
To configure FileCrypt, choose Settings in the FileCrypt menu. The
Settings dialog appears. It
has three panels which can be selected by clicking on the
corresponding tabs.
KEY RING
The Key Ring panel gives you
access to the key management features in FileCrypt.
SELECTING THE PUBLIC AND SECRET KEY
RINGS
Click on Select. In the open dialog that appears, select your
public key ring. If you want to create new empty public and secret
key rings, click on the New button. This brings up a dialog in which
you locate the folder into which the key rings will be created and
enter the name of the public key ring, which should have a ".pub"
suffix. A new secret key ring with the same name as the public key
ring, but with the ".sec" suffix will be automatically created next
to the public key ring file.
NOTE: If the
public key ring is named "pubring.pgp" and a secret key ring named
"secring.pgp" is located in the same folder, the latter will be
automatically selected as FileCrypt's secret key ring. If there is no
secret key ring in the same folder as the public key ring you
selected or if the key rings have different names, you will be asked
to locate the secret key ring you want to use.
All the keys in both public and secret key rings appear in the key
list in the Settings dialog.
You may want to store your secret key ring or both your public and
secret key rings on a diskette or another removable media. If you do
this, FileCrypt will request you insert the media whenever you
request an operation for which it requires the key ring.
NOTE: If you
do not have the media handy, you can abort the operation and make the
dialog requesting the insertion of the media go away by hitting the
"Command-." key combination.
KEY INFORMATION
Each line in the key list represents a key
and contains the following information for each key.
Owner Trust
The key icons at the left allow you to
distinguish secret keys from public keys. A key directed to the left
corresponds to a secret key, whereas a key pointing to the right
corresponds to a public key .
An icon representing a broken key indicates the key has been
revoked.
The color of the key icon reflects the trust value for the key. The
trust for a key reflects how much confidence you have in the owner of
the key to sign other public keys. Following are the different
possible colors and their values:
|
 Blue:
|
Ultimate trust. This color is automatically assigned
to secret keys and cannot be changed, because secret keys
can only be created by yourself and it is assumed that
you trust yourself to sign public keys. This color only
applies to secret keys.
|
|
 Green:
|
Trust complete. You always trust the key owner to sign
public keys.
|
|
 Yellow:
|
Marginal trust. You usually trust the key owner to
sign public keys.
|
|
 Red:
|
No trust. You do not trust the key owner to sign
public keys.
|
|
 White
|
Unknown. You do not know whether you can trust the key
owner to sign public keys.
|
When you click on a public key's icon, a menu pops up:
This menu allows you to:
Key Validity
A colored diamond appears next to each
key icon. The color of the diamond reflects the key's validity (also
called legitimacy or legit in PGP™). A key's validity is
calculated from the trust values of the key's signatures. It gives
you an indication whether a key is valid for the user who claims to
be its owner or not.
IMPORTANT:
Only the trust values of keys signed by a valid key in your key ring
are taken into account to calculate key validity.
- Green: The key can be considered as valid because it is
signed by a key owner with complete trust or by two key owners
with marginal trust.
- Yellow: The key is marginally valid because it is
signed by only one key owner with marginal trust.
- Red: The key is neither signed by a key owner with
complete trust nor by two key owners with marginal trust and can
thus not be validated.
User ID
Each key has a User ID which is a string that should clearly and
uniquely identify the key's owner. Typically, it is a combination of
the owner's full name and his e-mail address in angle brackets, as
in
Highware, Inc. <info@highware.com>.
Key Size/ID
In the right column of the list, you will see each key's size
and ID. The ID uniquely identifies a key.
When you click on the Key Size/ID of a key, a pop-up window
appears which shows you the following information for the key:
KEY MANAGEMENT
Selecting the key which will be used when
signing messages
Select the secret key you want to use when signing messages and click
on Default Key. It defines the selected key as the default key, which
appears in bold in the key list.
Creating a new key pair
Click on New Key. The key creation dialog appears. Type the
User ID for the key (your name followed by your email address in
angle brackets), then type and confirm the passphrase you want to use
with this secret key. When you create a secret key, the corresponding
public key is automatically created and signed by the corresponding
secret key.
Changing a secret key's
passphrase
To change a secret key's passphrase, double-click the secret
key in the key list. The passphrase
modification dialog appears. Enter your current passphrase, the
new passphrase and its confirmation in the corresponding boxes, then
click OK.
Deleting keys
Select the keys (or the User ID) you want to delete and click
on Delete. A dialog appears asking you to confirm if you want to
delete the keys. Click on OK if you want to delete the selected keys
or Cancel if you wish to keep the keys after all.
Importing
keys
Click on Import. In the dialog that appears, locate and select
the key ring you want to import.
A dialog will inform you that the selection contains
one or more keys. Click Cancel if you decide not to import the key
ring after all, or OK to import the key ring.
When you import a key ring, the public keys in the selected key
ring are added to your currently selected public key ring while the
secret keys are added to your secret key ring. If a key you import
already exists in your key ring, information (UserIDs and
certificates) contained in the key you import and which is not
present in the existing key will be added to the existing key.
NOTE: You can
also import a key if it has been sent to you in ASCII format in a
message. See Using FileCrypt in
Applications.
Exporting keys
Select the keys you want to export and click on Export. In the
dialog that appears, locate the folder where you want to create the
file which will contain the keys you selected and enter the name for
the file. Check the "ASCII format" option if you want to be able to
include the keys in a text message, or leave it unchecked if you want
to save the keys in a key ring file. Click on Save.
Certifying a key
To certify a key, click on a secret key's key icon and drag it
to the public key you want to certify.
OPTIONS
Show all User IDs
Check "Show all User IDs" if you want to list the keys with
all their related User IDs, if any.
APPLICATIONS
The FileCrypt settings hold a list of applications in which
the FileCrypt menu will be available. This means that FileCrypt will
only be active in the applications in which you will need to use it.
To access this list, click on the Applications tab in the Settings
dialog.
The Applications panel appears
NOTE: The
list of applications is limited to 32 entries. By default, the list
contains the most frequently used applications in which FileCrypt
proves to be useful.
ADDING AN APPLICATION TO THE
LIST
To add an application to the list, click on Add. A dialog
appears. Locate and select the application you want to add to the
list, then click on OK.
REMOVING AN APPLICATION FROM THE
LIST
To remove an application from the list, select it in the list and
click on Remove. FileCrypt will no longer be available in that
application.
NOTE: You
cannot remove the Finder from the list. Removing all applications and
the Finder would result in the inavailability of the FileCrypt menu,
and the impossibility to change the FileCrypt settings.
PREFERENCES
FileCrypt allows you to set preferences for encryption and
decryption.
To access the Preferences panel,
click on the Preferences tab in the Settings dialog.
ENCRYPTION
Encrypt to self
When this box is checked, your own public key is added to the
list of keys you select when encrypting a message. This means you can
always decrypt the messages you encrypt. For FileCrypt, your public
key is the public key corresponding to the secret key you selected as
the default key in the Key Ring panel.
NOTE: If you
do not check this option and try to encrypt a message without
including your public key, an alert will warn you that you will not
be able to decrypt the message once it is encrypted. You can then
choose to encrypt the message anyway, or to cancel the operation to
add your public key before you encrypt the message.
Keep text in clear in documents which are
signed only
This option sets a default value when signing a message from
within an application. You can, however, change it for each message
upon signing. When this box is checked, the text you sign from within
an application will be readable. If you leave this box unchecked, the
signed text will be scrambled.
Wrap before signing clear text after
X
characters
Most email applications wrap lines or add carriage return
characters after each line in a message when sending the message.
This can modify the message after you have signed it.
Consequently, when the signed message is verified, it will appear as
having been altered during the transmission. To avoid this, check
this box. Before signing a message, FileCrypt will limit the line
length in your message to the number of characters you defined.
Use ASCII format when encrypting
documents in the Finder
Check the "Use ASCII format when encrypting documents in the
Finder" to output the result of the encryption in the standard ASCII
character set instead of a binary file.
Next Section: Using FileCrypt
