FileAssurity - Using FileAssurity - Key Manager

Using FileAssurity

Self-Signed Keys

Signature keys may have been obtained from a Public Certification Authority (CA) or have been generated for you by FileAssurity. If FileAssurity generates them they are called self-signed keys because you are stating who you are - it has not been checked by anyone else.

When FileAssurity detects files signed with a self-signed key, it will tell you the key has not been validated by a CA and should not be trusted automatically. The files have been signed, but with a key and certificate that donÆt link back to any of the trusted authorities in your keystore.

It is up to you whether you wish to trust that the key sent to you is from the person you think it is. However, it is recommended you verify the sender by some other means to confirm this.

If you were actually handed a floppy disk by someone you know you can reasonably believe them, even if when you read the key with Key Manager the name is not immediately obvious (people don't always put their actual names in their email addresses either). When importing the key you can change the name to one that's meaningful to you anyway. If someone sends you a key by email or you are considering importing it because it's been used to sign files you have received you can check details relating to the key by pressing the Advanced Key Info button. Ask them to tell you (or send) the thumbprint for the key (it is unique) and check this against the thumbprint in the Advanced Key details. That way you can be sure who the key belongs to.

Once you have added a self-signed key to your keystore, any further files signed with it are transparently validated in accordance with the same rules used for CAs.

If you have signed files with a self-signed key you will need to distribute it to others so that they can verify the files have been sent from you.

Trusted Keys

If you have imported your signing key from one of the publicly recognized CAs it will be automatically verified by FileAssurity. This is because the CAs are recognized as Trusted Authorities by FileAssurity.

You do not have to export/send these keys to others. Recipients can add these keys to their keystores if they wish.