Home Purchase Products Downloads Information Security About Support Our Customers
pgp data securitydownload pgp

FileAssurity Open PGP products and Digital Signatures

ArticSoft products make use of digital signature technology in order to provide confidence that content or files have come from the claimed source and has not been altered after it was authorized by its creator.  Digital signature software is used to generate the signature file component of the protected file/content.  The digital signature is always made part of the file/content itself so that it can never become detached or be easily substituted.  See also ArticSoft products and Digital Signatures.


How does FileAssurity Open PGP authorize documents?

A 'document' is just a file of information.  When you digitally sign a file with FileAssurity Open PGP you are enveloping it with a digital signature.  That is just the same as adding a physical signature to a paper document. So when you digitally sign a file, you are also authorizing it as coming from you and having your approval.


What digital signature is being used?

The international standard RSA algorithm with a 2048 bit key is used if you generated your identity using FileAssurity Open PGP.  If you imported your identity from a PKI system the key length will be whatever your supplier provides (generally a smaller key).


How do I know a document has been authorized?

When you select a FileAssurity Open PGP protected document you see in FileAssurity Open PGP's right hand panel if the document has been signed and who signed it.  If it has been digitally signed, then it has been authorized. When you want to use the document the authorization will be fully checked before you can use it.


Can I verify the signature/authorization on the document?

Yes. Whenever you unprotect a document the signature is checked for you.  The log file in the right panel shows you who signed the file and if the signature is still valid (the file has not been altered and the identity details of the signer are correct).  If anything fails you will receive warning messages telling you that you should not trust this file.


Can I check the signer’s details?

Yes.  If you click on the document name in the right hand panel, and then right click on it you see the option for Advanced Signing Key Information.  If you click on that you can see the full certificate details of the signer, together with any links they have to Public Trust Authorities (such as VeriSign, GlobalSign and so on).


What if the document is encrypted as well as signed?

Document decryption always checks the authorizing signature last.  When a document is encrypted and signed, the information is digitally signed first, and then encrypted.  This means that anyone trying to attack the encryption process cannot alter the file because the digital signature is still protecting it.  So it has to be decrypted first, and then the digital signature is checked.  We actually do these processes simultaneously to make it efficient.


What documents do you deal with?

Any.  You define what documents are, and FileAssurity Open PGP helps you authorize them.  Because FileAssurity Open PGP works with files rather than their contents you can authorize any document of any type.  The person receiving a document from you always has to check that you have authorized it before they can use it.  So you can authorize Word documents, HTML, spreadsheets, pdf files or any other kind of file that you want.


Does FileAssurity Open PGP have compatibility problems?

No.  Because FileAssurity Open PGP operates outside the document content, it can never interfere with it, or cause any kind of program failure. There are no special interfaces that users have to understand or updates that have to be carried out if you upgrade parts of your desktop, and no problems about supporting legacy versions when applications software changes.


Do you need a server system?

No.  FileAssurity OpenPGP works on your desktop.  It does not need a server setting up or accounts configuring. You download documents onto the desktop so that you can check that they have been authorized.  Once you have finished with the document (perhaps you are working as a group or a team) you can authorize it and then make it available for the other members to work on. Everyone else will be able to see that you have authorized the document.  What you can’t do is all work on the same document simultaneously.


Do you use proprietary algorithms?

Absolutely not.  We only use algorithms that have been through the public standards process so that our users can be totally confident about the security of their documents.  See our PKI Technology.


Do I have to have purchase FileAssurity to check authorizations?

No.  A freeware PGP compatible viewer provided by ArticSoft, FileAssurity Open PGP Reader, allows anyone to check authorizations (verify digital signatures) on documents sent to them.  Users of the free viewer are not able to digitally sign documents.


 
 

Home | Products | Purchase | Downloads | Information Security | About | Support | Our Customers | PGP Feed pgp products 

Digital Signatures - digitally sign files with FileAssurity PGP