Use this page to set options for creating or signing archives based on the OpenPGP standard.
Note: Some options described here, included the ability to use OpenPGP, may be disabled by PK Protect Policy. Contact your PK Protect Policy Administrator for more information.
To turn on encryption to encrypt files with OpenPGP when they are added to an archive:
Check the Encrypt files box. PK Protect encrypts files that you add to an archive only when encryption is turned on.
Specify an Encryption Algorithm
Select an algorithm from the Algorithm drop-down menu.
PK Protect offers the choice of the algorithms shown in the following table. Different key lengths are supported for the Advanced Encryption Standard (AES) algorithm. In general, the longer the key, the stronger the encryption. Encryption also takes slightly longer in proportion to the length of the key.
The standard algorithm adopted by the U.S. federal government and in increasingly widespread use in banking and credit card operations.
"Triple DES" is a stronger, updated variant of the older DES algorithm.
This algorithm is the default algorithm for many popular OpenPGP clients.
This is an optional algorithm in the OpenPGP standard, used in many OpenPGP clients.
Enable an Encryption Method
Choose whether to allow passphrases or keys to encrypt.
Enable Passphrase Encryption
Uses passphrase-based encryption. Passphrases can include spaces and other non-alphanumeric characters. Files are encrypted using the algorithm specified in the Algorithm drop-down menu.
Enable Key Encryption
Uses strong, OpenPGP-based encryption. You must select a default OpenPGP key for yourself. Only recipients you designate when you encrypt and add files to the archive can extract the files. Files are encrypted using the algorithm specified in the Algorithm drop-down menu.
You can choose to enable both passphrase and key-based encryption. When you use both, files in the archive can be decrypted by anyone who either has the passphrase or is on the recipient list. Recipients on the list do not need to enter the passphrase to decrypt, but you can distribute the archive to people who are not on the recipient list too. They can use the passphrase to decrypt.
For more information about strong encryption, see About Strong Encryption.
Click this button to display a list of OpenPGP keys enabled for encryption.
Check the Sign files box to enable digitally sign files with OpenPGP keys when they are added to an archive:
- You must have a OpenPGP public/private key pair on your system to sign files.
- Added files are signed only when signing is turned on. You can turn on signing from the Sign button on the Actions group in the main window and from several other places as well.
Hashing Algorithm for Digital Signatures
The hashing algorithm creates a hash value for the file to be signed.
The hash value uniquely represents the file: any change to the file gives it a different hash value. Comparing the hash value of the file when it was signed with the file's current hash value reveals whether the file has been changed.
The default algorithm for OpenPGP is SHA-256.
The strength of an algorithm is relative to the size of the resulting hash value. SHA-1 produces a 160-bit hash, a slightly longer hash value that may be more secure than that produced by the MD5 algorithm. Other SHA algorithms that may be available, depending on your operating system, produce hash values of the size indicated in their names. For example, SHA-256 produces a 256-bit hash.
Use the drop-down menu to select a default key.
Click this button to display a list of OpenPGP keys enabled for signing.
Using ASCII Armor
ASCII armor (also known as Radix-64) is a character format that creates an ASCII character stream that could be used in transferring OpenPGP files through transport mechanisms that can only handle character data (for example, email body text).
Check the ASCII Armor box to wrap your OpenPGP archive in ASCII characters.