FAQ - SECURITY

Q: What is Cryptography?

A: Cryptography is the science of writing or solving ciphers. Cryptography is an essential element in keeping the "secrets" we wish to communicate to a select audience, truly "private" in today's electronic world.

Q: What is Encryption?

A: Encryption is the process of turning readable information, also referred to as plaintext, into unreadable information, also referred to as ciphertext.

Q: What is Decryption?

A: The process of turning ciphertext back into plaintext is called decryption.

Q: Why do I need Encryption?

A: Encryption is an important security tool. It can protect information stored on computers, which may be vulnerable to unauthorized access or physical theft, and it provides a secure communications channel even if the underlying system is not secure. Encryption technology provides a valuable means to enable security, confidentiality, integrity, authenticity, and trust in today's networked world.

Q: What is a cryptographic algorithm?

A: An algorithm is a formalized set of rules for carrying out a computation or solving a problem in a finite number of steps. A cryptographic algorithm is a method for transforming information, so that it is not intelligible until it is decrypted.

Q: What is a PKI?

A: PKI stands for Public Key Infrastructure. The X.509 standard defines a PKI as "The set of hardware, software, people and procedures needed to create, manage, store, distribute and revoke certificates based on public-key cryptography." PKI has three components in its basic form - Public/Private keys, Digital Certificates, and a Certificate Authority (CA). In a typical PKI deployment, each user is assigned a pair of linked keys - a public key available to others through a CA, and a private key, which is kept secret on the user's client. A user sending a secure message uses the receiver's public key to encrypt the transmission so that only the intended recipient can read the message.

Q: Does it make my system more secure if I use Vema-Cipher’s Deadbolt with my existing PKI?

A: Yes, because Vema-Cipher’s Deadbolt provides you with the enhanced security technologies Vernam Pad Encryption.

Q: What makes Vema-Cipher Different?

A: Vema-Cipher technology uses a combination OpenPGP and NSS (Netscape Security Services) for FIPS 140-2 and standards compliance with an option for Vernam OTP that supports unconditional encryption.

Q: What is FIPS 140-2?

A: FIPS 140-2 is a standard set by the US government which specifies the necessary security requirements for cryptographic modules. Encryption application using any of the FIPD 140-2 are approved encryption methods to be used by all US federal agencies. FIPS 140-2 is the accepted compliance standard for any organization doing business or regulated by US.

Q: What is Vernam Encryption?

A: In cryptography, Vernam Encryption AKA the one-time pad (OTP) is a type of encryption, which has been proven to be impossible to crack if used correctly. It has also been proven that any cipher with the perfect secrecy property must use keys with effectively the same requirements as one-time pads. The one-time pad was invented in 1917 and patented a couple of years later. It is derived from the Vernam cipher, named after Gilbert Vernam, one of its inventors. The "pad" part of the name comes from early implementations where the key material was distributed as a pad of paper, so the top sheet could be destroyed after use.

Q: Why is Vernam unbreakable?

A: Being that each bit or character from the plaintext is encrypted by a reversible logic function with a bit or character from a secret random pad of the same length as the plaintext, resulting in a ciphertext; by using a key that is truly random, as large as the plaintext, never reused, and kept secret, the ciphertext will be impossible to decrypt or break without knowing the key.

Q: What is a Risk Assessment?

A: Risk assessment is a process whereby an organization evaluates the possible vulnerabilities and harm resulting from a failure in the process. It is measured in terms of a combination of the probability of an event and its consequence.

Q: What is a Security Policy?

A: A Security Policy is written as the result of a Risk Assessment. As its name implies, it is a set of procedures that must be adhered to in order to prevent breaches or losses, and what remedial steps must be taken in order to minimize or stop its effects and avoid any future occurrence. A Security Policy is made of many sections including; Acceptable Use Policy, Password Policy, Backup Policy, Network Access Policy, Incident Response Policy, Remote Access Policy, Virtual Private Network (VPN) Policy, Guest Access Policy, Wireless Policy, Third Party Connection Policy, Network Security Policy, Encryption Policy, Confidential Data Policy, Mobile Device Policy, Retention Policy, Physical Security Policy etc.

FAQ - DEADBOLT

Q: What are the buttons on the toolbar used for?

A: The large address bar drop-down button is used for selecting the recipients for this encryption. It is only used in conjunction with the Encrypt button. The Closed Lock is used for encrypting. The Open Lock is used for decrypting. The Trash Can is used for forensically erasing files or folders. You must select the file/folder or text to be used prior to selecting an encrypt/decrypt/erase function. The Down Arrow displays the Options menu.

Q: What are Rune Keys?

A: Rune keys are generated by The Locksmith Appliances and consist of unbreakable Vernam Keys.

Q: What are OpenPGP keys?

A: OpenPGP keys also referred to as Deadbolt keys are used for math based encryption.

Q: What encryption methods are available using Deadbolt?

A: Deadbolt allows you to use Deadbolt or OpenPGP math based encryption or Rune keys using unbreakable Vernam Key.

Q: What encoding methods are available when only encrypting a selected portion of a text document?

A: You may either display selected text encoding using the standard OpenPGP Armor or Base26 uppercase alpha characters only.

Q: What is a User Identity?

A: User Identities are assigned to every encryption key holder Every individual encryption key holder has at least one user identity key.

Q: Why would we have more than one User Identity?

A: An individual can be a member of multiple Rune groups and each one of these groups will have a unique Vernam Key.

Q: Can I create my own user identity?

A: Yes you may create your own OpenPGP user identity. You can create an OpenPGP user Identity from the Key Management Menu/ Create Key option. This key will differ from any one created by the Vault appliance.

Q: Why would you select one of your own user identities for encryption?

A: Selecting your own user identity will allow you to encrypt information that only you can decrypt.

Q: What is a Group?

A: A group is a list of recipients that can decrypt information that has been encrypted to them.

Q: Can I create my own custom Group?

A: Yes but groups created through Deadbolt will only use asymmetric math based Open PGP encryption. Only groups created by the Locksmith appliance will use Rune Vernam encryption key. You can create/edit/delete groups from the Key Management Menu. Rune groups cannot be modified using Deadbolt.

Q: How Are Rune Groups created and modified?

A: Rune groups are created and modified by the Locksmith Appliance. Deadbolt can import and apply these changes on the user key device.

Q: How are OpenPGP keys created?

A: OpenPGP keys are created by the Locksmith appliance for first time users; once these keys are created they are saved for future use. Typically the Vault appliance will assign the same OpenPGP key to the same user regardless of how many Rune groups he/she belongs to.

Q: What is a Recipient?

A: A recipient is a single individual that can decrypt the information that has been encrypted.

Q: What do the small icons in the address bar mean?

The ‘key’ icon represents a user identity. A drop-down will display for selection all the keys associated with this user identity. The’ Deadbolt’ Icon indicates that the encryption will only use OpenPGP keys. The ‘Rune’ logo icon indicates that Rune Vernam key will be used for encryption (unbreakable mode)

Q: What is the Export option used for?

A: Export allows you to extract all your key information so that it could be imported into another (typically larger portable) device.

Q: Can I share my public key with anyone?

A: Yes you can select the Key Identity you wish to share the public key and select ‘Share Key’ on the Key Management Menu.

Q: Can I automatically erase the file I have just encrypted or decrypted?

A: Yes, there is an Erase Preferences option on the Options drop-down menu that allows you to select if and what erase option should be used. Once the file is erased it cannot be recovered.

Q: How do I make sure I have the latest version of Deadbolt?

A: You can select ABOUT from the Options drop-down menu and select the ‘Check for Updates’ button. You must have access to the internet to use this feature.

Q: How do I exit the application?

A: From the Options drop-down menu select Close.