What is VA PKI?
The VA PKI program is a combination of
If all else fails, who can I contact VA PKI
hardware, software, policies, and administrative for more HELP!
procedures that provide a framework to use public Help desk support is available to assist
key cryptography to transfer data in a secure and VA PKI participants with acquiring VA
confidential manner. digital certificates and configuring their
(http://vaww.va.gov/vapki.htm). desktops to use these certificates for
secure e-mail and web applications.
Features of PKI: Contact the VA PKI help line by e-mail
Strong Authentication or by phone at (703) 848-2898. Public Key Infrastructure
Non-Repudiation. For more information, contact:
In 1998, VA established a public key
infrastructure that provides a shared method to Harpreet Sodhi
secure the delivery of electronic services to VA Harp re et. So d h i @ med . v a .go v
employees, contractors, and some business
partners. VA's Public Key Infrastructure (VA PKI) Suzette Holston
is part of an overall security strategy to safeguard S uze tt e .Ho l sto n @ me d . v a.g o v
networked information systems and assets
maintained and controlled by VA, and is a critical Dan Maloney
component for conducting internal VA business Da ni el. Ma lo ne y@ med . v a.g o v
securely over public or private
telecommunications networks. Fred Catoe
Fred . C ato e @ mai l. va . go v
When would I need to use a digital
signature and/or encryption in e-mail? Luigi Tenore
When you want to reassure the recipient that you ir ml te no @ vb a . va. go v
“are who you say you are” and that the message is Department of Veterans Affairs
not tampered with during transmission, use digital
signature. A digitally signed message will also
indicate that your message has not been modified. May 2002
If you are sending sensitive information in your
message, use encryption. Encryption will ensure
that the message and its attachments cannot be
read or tampered with during transmission.
How do I request my VA PKI How much will PKI cost me? certificate repository or VA’s internal LDAP
Certificates? It will not cost you anything to register for and use Directory. LDAP is a network protocol used for
VA PKI certificates because the Office of Cyber retrieving data from a special server called a
Contact your local Information Security Officer
Security is funding the certificates. directory. The VA LDAP directory contains these
(ISO). They can request a PKI certificate for you
What type of certificates can I get certificates; your email application uses LDAP to
through a Local Registration Authority (LRA).
LRAs issue PINs that are used to enroll fo r P KI from the VA PKI program?
cer t i fi ca te s. A li s t o f c ur r e n t LR As At present, the PKI Program supports the issuance
Where can I obtain more specific
es tab l i s hed i n V A is lo cat ed at of “Individual Certificates” (for VA employees as information for new VA PKI users?
http://www.va.gov/proj/vapki/regauth.htm. If well as “partners” external to the VA) and “Secure There is a webpage to assist new users. The URL is
your facility does not have an LRA, contact Ser ve r C ert i fi cat e s”. T hes e cer ti fic ate s http://vaww.va.gov/proj/vapki/forpki.htm
Suzette Holston at Suzette.Holston@med.va.gov are al l configured as
or (785) 350-4546 or Dan Maloney at PKI - Plans for the Future
VA certificates. VA
Daniel.Maloney@med.va.gov or (301) 734-0107. staff receive sep ara te In moving forward, the VA plans to expand VA PKI
Your local ISO (or supervisor) “proofs” ke y p a irs fo r in several ways, including:
you before giving you your PIN. Identity d ig it al si g n i n g a nd Operate an internal PKI for all VA employees,
proofing may be done by personal encryption. contractors and business partners who require
knowledge of you or through valid the ability to communicate securely via
government-issued photo ID (e.g., electronic mail;
What are the hardware/software
Driver's License or VA Badge). This Integrate VA PKI certificates with VA’s
ensures that the PIN is delivered to the requirements for using VA PKI?
electronic mail global address list for easier
intended recipient. Required: Internet Explorer 4.0 (or higher) with 128- access to recipient names;
bit cipher strength and Outlook 98 (or higher)
Once an LRA establishes you in the VA Enable VA’s applications to use VA PKI
PKI Database and issues a PIN for you, Re co m me nd ed : O ut lo o k 2 0 0 0 with Service certificates for authentication;
they will normally send the PIN to you Packs 1 and 2 in order to take advantage of the LDAP
Authenticate users remotely to the VA
through your local ISO or supervisor. functionality. Latest releases are preferred.
network via VPN service.
You then use your PIN to enroll for VA PKI How can I obtain someone else’s Issue digital certificates to network devices
certificates at https://vaww.va.gov/vapki2. certificate to send them encrypted (servers, routers, firewalls, etc) for device
This will install two private keys and two public e-mails? authentication and secure transmission of
keys on your PC. They can be viewed in Internet You must request a digitally signed message from Internet Protocol (IP) packets (IPSec);
Explorer under Tools > Internet Options > the person with whom you wish to exchange Provide certificates on smart cards for
Content > Certificates. encrypted emails. The S-MIME standard will securely storing key pairs.
Once your certificates are installed on your include their certificate in the message. You can then Approximately 1200 users and 54 servers have
PC, you then configure Outlook to actually add this person and their certificate to your contact been issued certificates through VA PKI since
“use” your certificates. list. January 1999. Each of these certificates is
Don’t forget to back up your certificates Another way to accomplish this is to lookup and intended for use by VA employees or contractors
to diskette or other media! download their certificate from VeriSign’s on-line and provides secure communication and
transactions for internal VA business processes.
line and provides secure commun ication and
transactions for internal VA business processes.