The person I have sent encrypted files to cannot decrypt them
The most common reason for this is that you have generated a key for them in your keystore and sent them this key with the encrypted files. You cannot generate keys on behalf of others because when you export a key, only the public part of the key (used for encryption and signature verification) is exported. The private part of the key (used for decryption and signing) never leaves your keystore.
In order to encrypt files for other people, they must generate a key on their computer using their copy of FAOPGP CLS (or FAOPGP CLS Reader) and send it to you. You then import their key into Key Manager and it will become available in the 'Encrypt For' drop-down list box. Select their key, the files to be encrypted in FAOPGP CLS, and press the 'Protect' button. They will now be able to decrypt the files you send them.
When decrypting files I get a java.io.IOException error message
This occurs because you have transferred a file of type PGP in ASCII format. If either party has set their FTP software to transfer binary files in ASCII format the binary (PGP) files will be altered since only 7 of the 8 bits are interpreted. This causes the files to be corrupted and hence you are not able to decrypt them. To avoid this problem either encrypt files in .ASC format or make sure that the sender and receiver both set their transfer modes to binary.
I have lost the password to my keystore - how can I gain access to FAOPGP CLS ?
FAOPGP CLS uses a file called 'cls.kspgp' as the keystore. When FAOPGP CLS loads it looks for a file of that name. If one is not found then FAOPGP CLS will create a new file of that name with an empty keystore inside it.
If you selected the 'Default' keystore location option during installation of FAOPGP CLS then the 'cls.kspgp' file is held in the following folder on Windows NT, 2000 and XP PCs:
c:\documents and settings\"windows computer user name"\.articsoft\cls\cls.kspgp
where "windows computer user name" is your local computer user name
and on Windows 95/98/ME c:\windows\.articsoft\cls\cls.kspgp
If you cannot readily see the file use the Windows Explorer search facility to locate it. Please note that you will find a file called 'cls.kspgp' in program files\articsoft\FileAssurity OpenPGP CLS\bin, but this file MUST NOT be altered or deleted.
If you do not have any files protected by FAOPGP CLS then you can delete the 'cls.kspgp' file and next time you load FAOPGP CLS a new empty keystore will be generated.
If you do have files protected by FAOPGP CLS then it is wisest to rename the 'cls.kspgp' file rather than deleting it. That way, if you remember your password to the keystore in the future, you can always use the keystore backup and recovery feature to restore it, and hence gain access to your protected files.
If you generated a key in FAOPGP CLS and used that to protect files you will have no way of recovering the files without the keystore. If you imported a key from a Certificate Authority (CA) and used that to protect files then you should be safe deleting 'cls.kspgp' as long as you still have the key available. You will have to re-import keys you have got from other people so that you can securely communicate with them.
NOTE : Even if you have de-installed FAOPGP CLS the keystore will remain on your disk as it does not get removed during deinstallation. You must delete or rename the keystore following the instructions above if you have forgotten your password and want to continue using FAOPGP CLS.
I have imported a key for protection purposes but it is not shown in the 'Encrypt For' pull-down list box even though it is displayed in the 'Sign As' pull-down list box
FAOPGP CLS uses the AES algorithm for protection at its fullest strength of 256 bits. If the RSA key you have imported is 512 bits in length (or less) it is not long enough to secure the AES protection key, and therefore it cannot be used to protect files. RSA 512 bit keys can be used for signing files so they will appear in the 'Sign As' box. If your personal imported key is not long enough you should use FAOPGP CLS's key generation facilities to generate a stronger personal protection key.
PGP v5 error message on decryption - "Information was not found"
If a file has only been signed, the output must be ASCII (.asc) to be recognized and verified by PGP 5.5.3i and PGP 5.0i. Otherwise this error message will be displayed: "No PGP information was found".
I have imported someone else's key to protect files for them but it is not shown in the 'Encrypt For' pull-down list box even though I can see it in my keystore
FAOPGP CLS uses the AES algorithm for protection at its fullest strength of 256 bits. If the RSA key you have imported is 512 bits in length (or less) it is not long enough to secure the AES protection key and therefore it cannot be used to protect files. You should ask the person to send you a new key at least 1024 bits in length. They can use FAOPGP free Reader software to generate a key for this purpose that is 2048-4096 bits in length.
I can't access encrypted information that I think I have a key for
Make sure the correct decryption key is actually in your keystore. Contact the person who sent you the encrypted file to make sure they have used the correct key.I can't verify a signature on a file
The most likely reason for this is that the file was signed with a key that had been self-generated by the user and had not been issued by a Certificate/Trusted Authority (CA). Check that you have the sender's signature key in your keystore. If you do not then you will be told that the signature is not trusted.
I tried to import a key pair but was told that there are no importable keys, but I could import it with Internet Explorer. Why won’t it import ?
If you try to import a key pair that is not self-signed (see ‘what are self-signed keys’) FAOPGP CLS expects the key pair to have a chain of keys all the way back to the public authority that issued the key pair. If the authority is not already in the recognized list FAOPGP CLS will not import the keys because the public authority is not generally accepted.
This happens when someone is running a private scheme where they do not link their keys to any of the public authorities. You can solve this problem in one of two ways. Either you can ask the private authority to send you their root public key, import it into FAOPGP CLS and then complete the key import. Otherwise you can import the key into Internet Explorer and then export it as a .p7b file, import it into FAOPGP CLS, and then import the individual's key again. (Please note that Internet Explorer does not ‘trust’ this root authority either, but will allow you to import the keys.)
When I go to add keys to Key Manager, the only option I have is to Cancel
If the keys you have selected are invalid for any reason, you will not be able to import them into Key Manager. FAOPGP CLS automatically checks keys as it opens them to ensure that invalid keys are never added to the keystore. A message will be displayed on the Key Import dialog informing you of the reason – for example, ‘Cannot add keys, key chain invalid’. The reason may be as simple as that the key already exists in your keystore or that it's expiry date has been reached. The only option is
. A new tab has appeared in my keystore called 'Failed' in which some keys are listed. Why has this occurred ?
Every time you log on to your keystore, FAOPGP CLS checks that all of the keys in the keystore are still valid. If FAOPGP CLS finds any keys that are no longer valid it will relocate them under the 'Failed' tab. You will no longer be able to use these keys to protect files. You may or may not want to delete these keys depending on whether you have files protected using these keys. It is still possible to read files protected with keys that were valid when the files were first protected - the key is shown as invalid but you can check from the date fields that it was valid when it was originally used.
I changed my password to 'Password'. The next time I logged onto my keystore I was requested to change it again
FAOPGP CLS does not let you keep a password of 'Password' as it is seen as insecure. You will be forced to change it to a new one the next time you logon to your keystore.
It takes up to 10 minutes before FAOPGP CLS loads once I have entered the logon password
or the splashscreen displays and the program just hangs
or FAOPGP CLS runs really slowly on my PC
The most common reason for this is that you have a roaming profile and the 'cls.kspgp' file (your keystore) has been copied to the network. FAOPGP CLS looks for 'cls.kspgp' using the username as a modifier and there may be contention between looking at the local keystore and trying to use the one on the network. This can happen whenever 'faopen.kspgp' is being updated. The network searching for the 'cls.kspgp' file can cause FAOPGP CLS to grind to a halt. If Windows attempts to open the both the local and network versions of the file then FAOPGP CLS will hang.
The solution is either to disable your roaming profile or disconnect from the network when using FAOPGP CLS.
When I logon to FAOPGP CLS I get the message "Invalid Keystore"
Your keystore has somehow become corrupted. This could be due to someone tampering with the keystore or another program attempting to modify it. You will need to delete the keystore in order to continue using FAOPGP CLS.
If you selected the 'Default' keystore location option during installation of FAOPGP CLS then your keystore is the file called 'cls.kspgp' and is held in the following folder on Windows NT, 2000 and XP PCs:
c:\documents and settings\"windows computer user name"\.articsoft\cls\cls.kspgp
where "windows computer user name" is your local computer user name
and on Windows 95/98/ME c:\windows\.articsoft\cls\cls.kspgp
If you cannot readily see the file use the Windows Explorer search facility to locate it.
PLEASE NOTE: You will find a file called 'cls.kspgp' in program files\articsoft\FileAssurityOpenPGP\bin, but this file MUST NOT be altered or deleted. The next time you load FAOPGP a new empty keystore will be generated.