WonderCrypt

Q: What is the use of my Public Key?
A: Used by others to verify your signature and also to encrypt mail or file that only you can decrypt. Your public key gets created automatically when you create your private key. This key should be known to public so you distribute it freely and others can verify a mail or file signed by you. Others also encrypt mail or file that they send to you so that only you can read that mail or file.

Q: How do I create my private key and public key pair?
A: There are two methods that you can use to create this pair.

1- Use WonderCrypt to create your private and public key pair. WonderCrypt will also create a Certificate Signing Request
that you can send to a Certificate Authority so that you can get your public key signed.

2- Log on to a Certificate Authority website to get a digital certificate. In this case the browser e.g. Internet Explorer will create a private key and public key pair, the browser will automatically submit your public key to the Certificate Authority for signing. You will receive back the signed public key that you will get installed in the browser automatically. Browser based private keys are not secure (see Microsoft Advisory on this). You should extract this private key and store it in your iKey to use with WonderCrypt. WonderCrypt provides easy to use button based interface for this.

Q: Is Public Key of everybody the same?
A: No. When you create your private key a matching public key also gets created.
Everybody has a different public key. To prove to others that a public key is yours, you get your public key signed by a Certificate Authority.

Q: Who is a Certificate Authority?
A: Certificate Authority is a party that is trusted by the public to verify the public keys of others. It signs a certificate with its private key that attests to the validity of a subject’s public key. The issuer field of such signed certificates carry the name of the Certificate Authority.

Q: Where do I find my public key?
A: Depending upon how you created your key pair i.e. whether using WonderCrypt or using
browser the public key can be located as follows:

1- If you created your key pair using WonderCrypt's "Create New Private Key and Public Key with CSR” option then you can find your public key in the sub-folder “Certificates”. Public key certificate files also called Digital Certificate have “.cer” extension.

2- If you created your key pair using browser: Internet Explorer: Then you will have to export your public key from the browser using the browser’s “Tools”, “Internet Options”, “Content”, then “Certificates” option. Here you will select your certificate then click “Export” and then select “No, do not export the private key”. In select for format you will select “Base -64 encoded X.509 (.CER)” option. The public key file will be exported with a name and location that you will be asked
to select.Netscape: Then you will have to export your public key from the browser using the browser’s “Communicator”, “Tools”, “Security Info”, and “Certificates : Yours”. You will have to select your public key and click “Export”. Next enter the passwords as required and save the public key to a file with a name and location that you will be asked to select.

Q: I have created my private key and public key. How do I distribute my public key to others?
A: There are several methods to distribute a public key.

1- Send it to others by email.

2- If you are an organisation, you can create an address book that contains public keys of all users and distribute the address book itself so that individual users need not distribute individually. WonderCrypt provides an easy to use export / import interface for this task.

3- Whenever you send a signed mail or file to anyone, your public key automatically gets attached to your signed document. The recipient thus receives your public key and can install it to use it. When the recipient verifies sender’s digital signature and the sender’s public key is not found in the recipient’s Trusted Public Key Store, WonderCrypt provides option to the recipient to save sender’s public key that he can install later to use it.

4- Post it to an LDAP (directory) server. Anyone should be able to download your public key from this LDAP server. WonderCrypt provides easy to use button based interface to post and retrieve public keys from an LDAP server. However, you must have LDAP server’s administrator’s approval to do this. The administrator will give you the host:port address as well as user id and password for storing public key. No password is required for retrieving public keys from LDAP server.

5- Some organizations distribute required public keys on floppy or cd.

Q: I now have the public key of another person, how do I use it with WonderCrypt?
A: To use other’s public key to encrypt mail for them you will have to first install it in your trusted public key store. To do so use “Key Manager” in WonderCrypt interface and then click “Import Public Key of Others” button. You will be asked to select the public key file that you want
installed in your public key store and a short name i.e. alias for the person whose public key you want to install. Now you can use this other person’s public key to encrypt mail so that only he or she can decrypt the mail.

Q: Can I install a new Certificate Authority public key?
A: Yes. To install a Certificate Authority’s public key use “Import Public Key of a Certifying Authority”. Do not use this option to import the public key of others even though they may be signed by a certificate authority. This option is to be exclusively used for installing the Public Key of a Certificate
Authority.

Q: How do I know if another person’s public key is signed by a Certificate Authority?
A: When you will display a public key certificate two important fields are visible. One is Subject and the other is Issuer. Subject is the detailed name information of the person to whom this public key belongs, and the Issuer is the detailed name information of the entity that signed the public key. Also if a public key is signed by a Certificate Authority and that Certificate Authority’s public key is already installed in WonderCrypt then during display of such public key certificate you will not see the cross sign on the picture of the certificate that is displayed on the top of the certificate.

1. If you are a token (USB Token or Smart Card) user, when you will create your private key it will be stored in the token.

2. If you are not using tokens then when you will create your private key it wll be stored in a sub-folder named after the selected User Identity, in the application folder.

4. Your Public Key is in three places. A copy of it is stored alongwith your private key. Second copy is saved as a ".cer" file in the "Certificates" sub-folder of the application. Third copy is installed in the address book from where you can export to a file.

5. Never share the password of your token or your private key.

6. Distribute your public key to all your contacts. Even if others (non-intended) find your public key it is of no use to them.

3. If you are not using tokens, then if you wish you can create a copy of your private key either on a floppy, CD or pen drive etc. and delete from the hard disk. If you do so, then for sign-in use the guest option and select the location wherever you have the copy of your private key.












		© 2003 Wonder Software Technologies Private Limted. All rights reserved.
Privacy Statement	Site Map