Encryption is the heart of PK Protect. Encrypting a file encodes its contents so that the file cannot be read until it is decrypted. Decrypting removes the encryption and restores the file to its original form.
Encryption provides confidentiality for data. Unencrypted data is called plaintext. Encryption transforms the plaintext data into an unreadable form, called ciphertext, using an encryption key. Decryption transforms the ciphertext back into plaintext using a decryption key.
Encrypting with PK Protect
PK Protect uses these methods to encrypt files:
Strong, passphrase-based encryption
Strong, certificate-based encryption
You can use a passphrase or a key from one or more digital certificates (or both passphrase and certificate) to encrypt files. A passphrase uses letters, numbers, spaces and other non-alphanumeric symbols to allow your recipient to open your encrypted file or message.
If you use a passphrase to encrypt, anyone who has the passphrase can decrypt. If you use a key from a digital certificate, only the owner of the certificate can decrypt. If someone sends you an archive containing files encrypted with your digital certificate, PK Protect attempts to decrypt the files automatically when you (and only you) extract them.
Encryption based on the OpenPGP standard, RFC 4880. You can also create OpenPGP files encrypted using passphrases, public/private key pairs, or both.
Encryption with Smartkeys: Smartkeys replace both passphrase- and certificate-based encryption, and makes PK Protect unique. A Smartkey is a collection of encryption keys tied to an access control list (ACL). The ACL defines who can decrypt the data contained in an archive. PK Protect administrators can also create community keys, defining groups of users to encrypt to.
PK Protect does not extract files that cannot be decrypted. Someone who wants to extract encrypted files must either be able to supply a correct passphrase or else own a digital certificate used to encrypt the files.