Encryption & advanced electronic signature
This chapter contains information about the configuration and the functions of i-effect's *CRYPT module. This chapter is divided into different sections "Signing/verification of PDFs", "Encryption/Description of Files", and "Qualified Signing of Files".
Enter 12 in i-effect's main menu to reach the Signature and Encryption tasks. This option displays a menu in which all *CRYPT module tasks are summarized. These functions can be run from this menu.
Here are a few key terms:
| Keystore | A keystore is a protected database which contains keys and certificates. Access to the keystore is gained by a password, which must be determined by the user at the creation of a new keystore. A password, which is in use, can only be changed, if it has been entered for authentication already. |
| Key | A key is a character string of bits, which is used in cryptography. A key makes encryption, decryption, and other mathematical operations possible. |
| Private/Public Key Pair | A public/private key pair is a mathematical combination of two character strings, which are called "private key" and "public key". The public key is the member of the key pair that typically is accessible to all partners, who are involved in encrypted communication. The private key is the sensitive part of the key pair and should only be accessible to its owner. Data, which has been encrypted with a public key, can only be decrypted with the corresponding private key. The reverse is also true. Data that has been encrypted with a public key cannot be decrypted with the same public key. |
| Private Key | In an asymmetric cryptosystem the private key is a key which is only known to its owner. In a symmetric cryptosystem trusted communication partners also know the private key. |
| Public Key | In cryptosystems a public key is one that can be known by all and is used to encrypt messages, which are intended for the owner of the corresponding private key. |
| Symmetrical cryptosystem | A symmetrical cryptosystem is a cryptosystem, which, unlike an asymmetrical cryptosystem, uses the same key for encryption and decryption. |
| Asymmetrical cryptosystemtem | An asymmetrical cryptosystem is a system that, unlike a symmetrical cryptosystem, uses different keys for encryption and decryption. These are called the public and private keys. |
| Certificate | In an asymmetrical cryptosystem the certificate is proof that a public key belongs to a particular person, institution, or machine. The authenticity, confidentiality, and integrity of data can then be guaranteed. A certificate contains information about the name of its owner, the owner's public key, a serial number, the validity, and the name of the Certificate Authority. This data is usually signed with the private key of the Certificate Authority and can be verified with the public key of the Certificate Authority. Certificates for keys that are no longer secure can be blocked over a Certificate Revocation List. |
| Certification Chain | A certification chain is a list of certificates from the user's certificate to the root certificate of a CA (Certificate Authority). The certification chain can be tested to see if the certificate came from a specific Certificate Authority, which then verifies the user's identity. |
| Certificate Authority (CA) | A Certificate Authority is an organization that issues certificates. A digital certificate is the electronic equivalent of an ID, and is used to assign a specific public key to a person or organization. The Certificate Authority certifies the assigning of keys by signing them with their own digital signature. The certificate contains "keys" and other information that is used to authenticate as well as to encrypt and decrypt sensitive or confidential documents, which are transmitted over the internet or other networks. Extra information that the CA can add to the certificate are lifespan, references to blocked lists, etc. |
i-effect's Standard Keystore
After installation is complete, i-effect's standard keystore can be found in the directory /i-effect/<version>/crypt under the name certificates. P.12 (VERSION is the version of i-effect that is currently installed, e.g. v1r4m0)
It is recommended that the password be changed before the initial use of the
keystore. The tool "i-effectKeyManager" can be used for this purpose. The tool is in the directory /i-effect/<version>/CRYPT/tools/i-effectKeyManager.jar.
All functions for importation and exportation of keys, certificates, and additional
functions of the keystore are found in the "i-effectKeyManager".
The use of the i-effectKeyManager is described in chapter 12 "Additional Graphical Applications".
Basic Functions of the *CRYPT Module
The basic configuration of *CRYPT can be found in chapter 10 "Administration in i-effect". The sub point "Additional Parameters for the *CRYPT Module" explains the basic settings for *CRYPT.