FAOPGP CLS Introduction
Overview
A critical feature of any cryptography system is usability – in this case the ability to easily set up and perform cryptographic functions without the user being present.
FAOPGP CLS is a server based product that enables an administrator to rapidly setup the necessary actions to enable users to seamlessly send encrypted information to others, to receive information securely, and to securely delete files that are beyond their retention period. All the users have to do is to leave the files they want secured on a specific network drive and FAOPGP CLS takes care of the rest. Tasks can be scheduled to run at certain times of the day or week when network traffic is less busy, and full auditing ensures all actions are tracked and accounted for.
Unlike other products, FAOPGP CLS is unique because it has an easy to use GUI that creates all the command line parameters for you. It can upload and download files to and from remote servers using FTP, or it can send secured files by email if you prefer.
FAOPGP CLS has been designed to work with any SMTP service and is completely self-contained. It is not open to virus or worm threats that normal e-mail security solutions are vulnerable to. It resists attack from blended threats and cannot be used to mount attacks on other mail recipients.
Users (or administrators) may generate their own identities (keys) using either the PGP or X.509 standards, or can import digital identities from one of the public PKI providers if they prefer, and use those. Both forms of identity are automatically recognized.
Developers can also use this product to integrate cryptographic functions into their applications as long as their application can call a DOS shell or produce suitable script files.
File Encryption
FAOPGP CLS ensures the confidentiality of your files by using encryption. Encryption scrambles the file contents so that they are no longer readable in their original format. Only those users that have the correct keys can decrypt and view the original files.
Files are encrypted using the US approved algorithm AES at its strongest setting (256 bit). Information on the AES algorithm can be found on the ArticSoft web site. NOTE : For PGP 5.x and 6.x recipients the encryption algorithm used is TDES.
FAOPGP CLS is much more secure than password mechanisms as the key needed to decrypt your files never leaves your PC. If someone wants to encrypt files for you then you supply them with a key that can only be used for this purpose (this key can be generated in FAOPGP CLS or obtained from a Certificate Authority). Decryption of files can only take place on your computer as only you posess the correct key for this purpose. More information on file encryption can be found on our web site.
Digital Signatures
You may want to digitally sign information for two reasons. Firstly to check whether a file has been tampered with. When you sign a file FAOPGP creates and attaches to the file a unique value that is based on the contents of the file. When FAOPGP CLS is asked to check that a file has not changed it calculates the value of the contents and compares it to the original calculated value. If as little as 1 bit of data in that file changes then the calculations do not match and you are warned that the file has been altered.
Secondly, recipients of signed files may want to check who signed the files. FAOPGP CLS checks the signature received against a list of trusted authorities that vouch for the identity of the signature's owner.
Secure File Deletion
Normally files are not removed completely from a disk when you delete them. It is possible for others to read them using various utilities that are widely available.
If you want to be certain that this cannot happen, you can use FAOPGP CLS's Secure Delete facility. This writes data over the unprotected file multiple times (complying with the US DOD standard 5220.22-M) and then removes the file, making recovery of the file impossible. In fact FAOPGP CLS's Secure Delete facility writes over your files 15 times (6 times more than that required for US DOD compliance). In addition, FAOPGP CLS uses extra protection mechanisms to ensure dedicated file recovery utilities - for example, File Scavenger - cannot recover your files.
Secure E-mail
FAOPGP CLS lets you send secure message attachments regardless of the e-mail client you or your recipients are using. You can protect and send emails in one simple process - FAOPGP CLS attaches protected file(s) to your email messages and fills the email address(es) in using the certificates of the people you have encrypted files for.
Space Saving compression
FAOPGP CLS automatically compresses every file before protecting it enabling you to store and send even smaller secured files. Multiple files/folders can also be stored in a single archive (.zip file). FAOPGP CLS uses similar compression ratios to WinZip - a FAOPGP CLS to WinZip comparison chart can be found on our web site. (Note: some files cannot be compressed any further, for example, .pdf, .gif, .jpg, .mpg).
Secure Archives
Multiple files can be encrypted to a secure archive (zip file). Zip files can be opened by any application that supports this file type and the contents decrypted by any OpenPGP compatible application.
Scheduler
You can schedule when scripts and command line parameters will be executed - at a certain date / time, on a daily basis, every hour or x minutes or when the system is idle.
Script & Command Editors
FAOPGP's editors let you create command line parameters and scripts (multiple command line parameters) all from one simple user interface. There is no need to remember command line parameters or what action they perform. Scripts can be saved to a batch file for processing at a later time / date.
Audit Log
FAOPGP CLS lets you store a permanent record of the actions you have performed in a log file. The date and time parameters were executed, what parameters were specified, what files/folders were selected and whether the actions were successfully executed and when this was completed is all written to the log file. The log file can be emailed each time it is created or appended to or only when errors occur during processing.
FTP Client
You can retrieve files from a web server and upload files to a web server. This ensures the complete automation of protecting files and uploading them to a web server and retrieving protected files for processing off-line. The FTP features of FAOPGP CLS can be used regardless of whether you want to encrypt/decrypt files.
Key Manager
FAOPGP CLS's integrated key manager lets you import, export and generate OpenPGP and PKI compatible certificates and keys.
Generation of x.509 and OpenPGP compliant 2048-4096 bit RSA certificates/keys and OpenPGP compliant DH/DSS 2048-4096/1024 bit keys. Import of x.509 certificates/keys from any Certificate Authority (CA) and the import of OpenPGP keys and keyrings (PGP v5 and above). Export of x.509 and OpenPGP keys.Key management facilities include backup and restore of your keystore, key deletion and keystore password change. Its unique Trusted Authorities list automatically recognizes keys signed by all the common Certificate Authorities so there is no need to import root certificates.
Simple to use
Create your command line scripts and parameters with ease using FAOPGP CLS's Editors. Pick a date and time when they will run or if they are to be executed straight away. Auditing, secure file deletion, archiving, protection and unprotection of files can all be simply chosen from the same dialog. Yours and other people's keys can be easily added to the system using key manager. There is no need to worry about what encryption algorithm you should use or validation of root certificates.
FAOPGP CLS Reader
ArticSoft provide free reader software so you can send information to others without them having to purchase FAOPGP CLS. The free reader software is available for download from the ArticSoft web site - www.articsoft.com. It supports the generation, import, export, backup and restore of keys, and decryption and verification of FAOPGP CLS protected files.
ArticSoft does not support self-decrypting exe files as this is a weaker mechanism that is open to password attacks.
Full OpenPGP compatiblity
Files protected by FAOPGP CLS can be read by any OpenPGP compliant product including PGP v5.x+ and GnuPGP 1.2.3+. FAOPGP CLS can also read files sent by any OpenPGP compliant product including PGP v5.x+.
Information on PKI, Signatures & Certificates
FAOPGP CLS is fully PKI-enabled and lets you generate your own keys and certificates or you can import them from all the major Certificate Authorities (CAs). For more information on PKI please read 'An Introduction to PKI' available from the ArticSoft web site. Information on Signatures and Certificates is also available from our web site.