Using FileAssurity

Administering FileAssurity for Groups of Users

 You can deploy FileAssurity without users having to create or import keys into their keystore. An administer can set up all the user keystores and collect all the user public keys at a central location so that all users can locate the keys they need quickly and easily. Following this process also ensures you can perform key recovery (if ever a user forgets the password to their keystore, or it is damaged or corrupted) if you or they need to recover files protected just for them.

The quickest way is for one person to generate the keystores for all the users as described below:  

1    In FileAssurity select 'Key Management' from the Security menu;

2    Select the æbackup keystoreÆ icon Backup Keystore and store your own keystore in a secure location;

3    In Key Manager delete any keys in the æMy keysÆ and æOther peopleÆs keysÆ tab that you do not want other people to have access to;
4    Select the 'change password' icon Change Password and change the keystore password to an initial password for the new person;

5    Select the 'generate key' icon (or alternatively import a key from a Certicate Authority - if you import a key, go to step 8);

6    Fill in the identity of the person whose key you want to generate, together with their name, address, and e-mail address;

7    Press the Generate button;

8    Export the key that you have just generated to a file using the 'Export Key File' icon .  This exports the public part of the key.  You can store this .cer file in a folder on a server so other people have access to it so that they can find it easily if they wish to communicate securely with this person. The simplest method is to make the name of the file the name of the user;

9    Once the key is generated or imported select the æbackup keystoreÆ icon and store this keystore in a secure location.  Perhaps you will give the keystore the same name as the person it is for.  You may put it onto a floppy disk if you are going to hand it to the user.  If you send it by e-mail you should send the password separately or give them a call and tell them what it is.  Make sure it is at least 8 characters long;

10   Tell the user to change their keystore password to a new one that only they know;

11   Repeat the process (from step 3) for additional users.

This may seem like a few steps but actually itÆs very quick.  Key Manager remembers everything except the name and e-mail address so if everyone is in the same place thereÆs not much to fill in.  If you still think itÆs difficult have a go at getting a key from one of the big providers like VeriSign, Thawte, GlobalSign.  ArticSoft is quick, easy, and gives you much stronger cryptography than the public providers at no additional cost.