Administration

KeyStore Logon & Security


Logging on to the keystore

Before you can begin protecting, unprotecting or securely deleting files, using the command scriptor or managing keys you must logon to FAOPGP CLS.  NOTE : You must be logged onto the keystore in order for FAOPGP CLS to execute command line parameters and script files.

Window Explorer Logon

When you start the script editor by selecting FileAssurity OpenPGP CLS from the Windows Start menu the following dialog is displayed :

ArticSoft Keystore Logon

Enter password
Enter the keystore password and then press

As soon as you press , and the password is accepted, all the keys will be made available to FAOPGP CLS. You can run scripts and execute command line parameters, use the Script Editor and manage the keys.

If you press Cancel button the keystore will not be opened and you will be unable to use any of FAOPGP CLS's facilities.

The last logon date and time is always displayed for security reasons - so you know if someone has been trying to gain access to the keystore and protected files whilst you have been away from the computer.

NOTE: Passwords are individual to keystores so in multi-user systems one user cannot use the keystore of another even if they gain access through the file system. If you try to logon with a different name to the one used when the keystore was created, you will not be able to access the keystore.  If the system is shared amongst users the simplest solution is to install FAOPGP CLS in a folder that is accessible to all users.


See also Automatically logging on to CLS to run Script files



Changing the keystore password
You change the keystore password using Key Manager by pressing the Change Password icon.

The following dialog is displayed:

Change Password dialog

Once you have entered the current keystore password (Enter current password) and the new password (Enter new password and Confirm new password), the Set Password button button is activated.  Pressing this button updates the keystore password.  If you decide not to change the keystore password at this time then press Cancel button.

NOTE: 'Password' is not acceptable to FAOPGP CLS as a valid password because it is seen as insecure.  If you do choose 'password', the next time you logon to the keystore, you will be prompted to change it.   Guidelines on choosing a password.



Protecting the keystore
Whilst you remain logged on to the keystore, if you leave the computer unattended you should activate Windows secure screen saver (or similar security measures) to prevent other people from using the system.

The most secure approach is to log off from the keystore. To do this close the script editor.

IMPORTANT NOTE : If you have any scripts scheduled to run then you must be logged onto FAOPGP CLS in order for the scripts to be executed. If this is the case, you should check the 'Auto Login' checkbox on the Command Editor. This encrypts your keystore login password and passes it over to the script at run time. This way the keystore remains protected at all times since it is only used by CLS to access keys in the keystore at the time of script execution.  Since the keystore password stored in the script file is encrypted no one can use it to logon to your keystore under a manual logon.



Backing up the keystore

You should backup the keystore on a regular basis because it contains all the access and trusted keys and may be difficult to replace. To backup the keystore select the Backup keystore icon in Key Manager. You will be prompted for a filename and location where you want to store the keystore. On selection of the 'Save' button the keystore is securely backed up.

You should backup the keystore to a floppy disk, network drive, or similar device, each time changes are made to it, and then store the backup in a safe place.  You should keep a separate record of the password for the keystore you have backed up.

NOTE : The keystore can also be backed up automatically as a command line option - see Backing up the Keystore automatically


Restoring the keystore
 To restore the keystore select the Restore keystore icon in Key Manager. You will be prompted for the location and filename of the keystore backup. On selecting the keystore backup file and clicking on 'Open' you will be prompted to confirm that you know the password for this keystore before it is restored. On selection of the 'Yes' button the keystore will be restored from backup. You will have to logon to the restored keystore before you can use it.

IMPORTANT NOTE: You must make sure that you have remembered the password for the keystore before you restore it. Once you have selected the 'Yes' button the old keystore is overwritten and cannot be recovered.



Sharing keystores between PCs

If you have more than one PC (a laptop and a desktop PC for example) you can use FAOPGP CLS's keystore backup and restore facility to quickly and easily share keystores between the two PCs. Just backup a keystore on one PC and restore it to the other. Remember to always backup and restore the most up-to-date keystore.