Closed or private key this is a secret part of key pair, access to which has only its owner. This key is intended for data decryption.
Public key it is public (opened) part of key pair, access to which could have someone user. This key is intended for data encryption. It is a component part of a certificate.
Certificate it is a part of public (not secret) information, which is contain the information about user and public key. Certificate spreads between users for data encryption.
It is necessary for easily searching of yours certificate with public key by other users for files encryption intended for you.
Program CryptoFiles supports international cryptographic algorithms - RSA (key length 1024 – 2048 bit), AES (key length 256 bit) and standardized in Ukraine – DSTU 4145-2002 (based on the elliptic curves with a key length 163 – 509 bit), GOST 28147-89 (key length 256 bit).
1. Key pair (private and public key) generates inside of hardware device and private key is never entering into computer’s memory.
2. It is required a PIN-code for using a private key. It is impossible to pick up a pin-code into the hardware devices as after certain amount of incorrectly entered PIN-code (usually from 5 till 10 times), hardware device blocks and all key data in it is destroyed.
3. The microcircuit used into the hardware devices to store a private key, it is made by special technology and nowadays to brake open and get the keys are neither the most powerful intelligence agencies, nor the most advanced research institutes, nor the most cunning hackers.
It is necessary “to create a key” for data encryptionрт / decryption and you can let to encrypt the files, which will accessible only for you.
During creation of encrypted file, it is necessary to choose the certificates of those users CryptoFiles that can decrypt the file.
It is available a function Import / Export recipients list in CryptoFile settings.
Private key can store into file depository «DefaultSwToken.atk» or into hardware carrier of key information «SecureToken 337», «CryptoCard 337».
1) File’s key DefaultSwToken.atk into OS Windows is in the catalogue: \ storage \ sdcard \ Avtor_ltd \
2) File’s key DefaultSwToken.atk into OS Android is in the catalogue: \ storage \ sdcard \ Avtor_ltd \
3) Hardware carrier of key information is automatically installed into OS and application CryptoFiles finds a private key.
The software depository can store an unlimited number of private keys.
The number of key pair (private key and certificate) depends on the cryptographic algorithm and key length. The maximum number of key pairs can be from 6 till 90.
It is not possible to recover the private key as in case of loss / damage of software depository (file) with keys as in case of lock hardware tokens.
Each mail of user's email address can correspond to only one certificate in the cloud storage. If the user wants to save a few certificates in the cloud storage (for example, from different devices) each certificate must have a unique email address. During generating of a new key pair and after registration of certificate (by entering confirmation code which came on the email marked in the certificate), the certificate will be available in the cloud, and it can be found on the email marked in the certificate.
If you can’t open an encrypted file or read encrypted mail, so the subscriber does not marked your certificate before the file encryption (he didn’t choose you out of the list of recipients) or he didn’t use a valid certificate. Make sure that your valid certificate is available in the cloud storage of the certificates and the user updated contact list on own device (cloud or key lighted by green colour). These processes are occurred automatically during using of cloud storage of the certificates provided by program and connecting to the Internet.
If the user has changed the private key and certificate, you must obtain a valid certificate to exchange encrypted files and messages. Certificate renewal in the contact list is occurred automatically during using cloud storage of the certificates provided by the program, and during Internet connection.