SekChek's Public Key Encryption
What is Public Key Encryption?
Public Key Encryption (PKI) is an encryption technique that uses a pair of keys to encrypt and decrypt data. A key pair consists of a Public key and a Private key that are created to work together.
The Public key is typically distributed at large and the Private key is held only by a single party. When data is encrypted with the Public key, the data can only be decrypted by the holder of the corresponding Private key.
One of the main differences between Public Key Encryption techniques and traditional, Symmetric Encryption techniques is that Public Key Encryption does not require a secret key (password) to be exchanged between the encrypting and decrypting parties.
SekChek Uses X.509 Digital Certificates
SekChek stores its Public key in an industry-standard X.509 digital certificate. This means that certificates shipped with the SekChek Client software are fully compatible with Microsoft's security interfaces and certificate management wizards. X.509 certificates also integrate seamlessly with products such as Internet Explorer and Microsoft Outlook.
Why should I use SekChek's Public Key Encryption Features?
SekChek's public key encryption features provide several advantages over symmetric encryption techniques:
Your data is more secure. This is because SekChek uses robust, industry-standard encryption algorithms, such as RSA and 3-DES.
You do not have to transmit a secret password to us. This saves you valuable time. It also reduces the turnaround time for your SekChek reports because we do not have to contact you for the password that was used to encrypt your Scan file. Another benefit is that it eliminates the need to re-encrypt a file or rerun the Scan program if the encryption password was mistyped or has been forgotten.
The really good news is that the process is almost totally transparent. All you need do, to ensure public key encryption is used for all your Scan files, is to enable (click-on) the 'Public Key Encryption' checkbox in the Client software ('Options' screen).
The Client software is also used to encrypt your Scan files from Windows and Netware systems to SekChek’s public key.
Although we recommend that you use SekChek's Public Key Encryption (high security) features, these features are optional. If you choose not to use SekChek's Public Key Encryption, SekChek will encrypt your Scan files with a modified proprietary encryption algorithm that does not require a password.
How do I enable the Public Key Encryption features?
1. Go to Options | User Preferences
2. Select (check) the ‘Use Public Key Encryption’ checkbox
How are SekChek's Reports encrypted?
Regardless of which encryption technique you select when encrypting the Scan file, your SekChek report will always be encrypted using an industry-standard password-based (symmetric) encryption algorithm.
The password required to decrypt your report must be the same as the password you entered when encrypting the Scan file.
SekChek's Certificate
To ensure the authenticity of the Certificate, please check that it has the following properties:
Name SekChek Information Protection Services CC
Serial Number 5c c0 4c b3 82 16 1d 39 7a 85 a3 9d ac 0c fb 91
Thumbprint (sha1) 13 3a 91 ef ed 3b 2a 04 65 06 51 9f db 40 e5 15 06 2f e7 7a
If the Certificate's Serial Number or Thumbprint are different to the above values, please cancel the installation and contact SekChek for assistance.
Refer to our CPS (Certification Practice Statement) for details of controls over SekChek's private keys or write to us for more information regarding Public Key encryption.