?
File encryption ?certificates
Encryption Encryption of files
#
Confidential files (e.g. documents) are protected # can be encrypted for different users. Therefore # the Explorer context menu: Marked files can
Using
A file
by encryption. be encrypted using the explorer context menu (to
the recipient's encryption certificates are used.
open, click the right mouse button). If several files are
# to encrypted data is restricted to authorised
Access # offers several ways to retrieve the encryption marked, each file can be encrypted separately
CCE
users. (Verschlüsselung von jeder Datei) or the marked files
certificates:
are stored together in an encrypted container
#
Certificates can be imported from a citizen card, (Erzeuge Container).
from files, or downloaded from LDAP-servers.
#
Directory services such as LDAP-serves store the
certificates of their customers. The directory
!
If files are to be protected service of A-Trust contains the certificates of
against unauthorised access, citizens who activated their bank card “Banko-
encryption is the tool of choice. matkarte” as citizen card, the directory service # the
Using CCE-Manager: Use the Windows start
of the Main Association of the Social Insurance menu to start the CCE-Manager. Files can be added
Institutions holds the certificates of the health and encrypted using the button “Datei
insurance card “e-card”, respectively. Verschlüsselung”.
# LDAP-servers are preconfigured with CCE
These
? Encrypted The default settings of CCE perform a secure
!
CCE - Citizen Card and queries can be made with data (e.g., the
name or part of the name) of the desired person. deletion of plaintext files after the data have
been encrypted. This prevents residual
#is a tool, to en-/decrypt files using the citizen
CCE
# holds certificates in its certificate store. Groups
CCE plaintext data on the harddisk.
card.
of certificates can be build that contain certificates
#promotion:
A-SIT of several users.
https://demo.a-sit.at/buergerkarte/cce2_tool Decryption of files
/index.html offers a tool to encrypt and store data
in a container using the Citizen Card.
# can decrypt files using the citizen card or a
CCE
# be en-/decrypted using the CCE manager
Files can software key. Before decoding the user has to enter
or using the context menu of the Windows Explorer. the PIN code of the citizen card or the password of
the software key store.
#uses the format S/MIME which guarantees the
CCE
compatibility to E-Mail-Clients such as Outlook, # the Explorer context menu: the marked files
Using
Thunderbird or Evolution. can be decrypted using the Windows explorer
context menu (click the right mouse button).
# S/MIME as a file format, CCE decrypts e-mails
Using
encrypted by this standard.
# supports secure deletion of files. This guaran-
CCE
tees that no residual unencrypted data remains.
# the CCE Manager: Use the Windows start
Using #
Software token: The key is stored on a data medium I nformationstec
ere hn
ol
menu to start the CCE-Manager. Encrypted files (e.g., the harddisk). The key file is usually protected si
ch
og
f ür
can be added and decrypted using the button by a password. If an attacker gets access to this key
ie
um
-A
“Datei Entschlüsselung”. file, he can try to crack the password and thus gets
ustria
Zentr
access to the private key.
# supports hardware- and software tokens.
CCE
A-SIT
3 of files
tria
Se c
Software tokens are stored in a key memory which is
Secure deletion
us
ure
secured by a password.
-A
nf r
I
or
ma nt e
tion Ce
# is deleted, the data usually remain physically
If a file Technology
on the disk and can be restored.
# case of sensitive data it is important that the
In the
?
Backup key CCE - file encryption using the
files are deleted in a way that nobody can restore it Austrian Citizen Card
any more.
# is encrypted with the Citizen Card, the file can
If data
no longer be decrypted in case of lost or defective E-Government Flyer Nr.208 EN
#implements an algorithm that overwrites a file
CCE cards.
multiple times before it is deleted. This prevents any
restoring of deleted data.
#
It is recommended to use at least a second certifica-
te for encryption. CCE - Citizen Card Encrypted -
# is configured to delete plaintext files safely
CCE file encryption tool
after its encryption.
#
The second certificate can be either another citizen
card or a software-token.
#
If a software token is used as backup key, it must be
stored separatly from the encrypted data.
!
Files must be deleted securely after its
encryption to prevent restoring
of the plain text.
#
File encryption
To prevent data loss in case of a lost or damaged
Citizen Card it is important to use
# - tool
CCE
a backup key or an additional card.
?/ Software token
Hardware token
If the backup key is a software key, do not store it
#
Encryption certificates
#
Encryption of files
#
The storage of the private key is important for the together with the encrypted data.
security of encrypted data. There are two kinds of #
Decryption of files
tokens: hardware tokens and software tokens.
# deletion of files
Secure
#
Hardware token: The Citizen Card is a hardware
token. The private key is stored on the card and
cannot be read in general. All operations using the
? Further questions #
Hardware token / Software
token
key are implemented directly on the hardware Send an e-mail to: technology@a-sit.at
token. www.a-sit.at 2010-06 # key
Backup