1. Creating your private signing key and certificate
   • Vendors that provide CA services
2. Exporting your certificate for access by IP-Protector
3. Recording key storage location information in IP-Protector
4. Accessing the private key to create a signature

Step 1. Creating your private signing key and requesting a public key certificate

Several vendors are listed below that provide signing certificates (public and private keys) that can be used in the IP-Protector application.

There are several techniques for creating key-pairs and certificates. Each of the vendor's web sites below will describe their unique process for creating your keys and their free trials. For example, your organization may have a defined process for creating signing certificates. The IP-Protector only requires that the certificate key-pair be stored in a IETF standard PKCS #12 record.

Back to top

Vendors that provide CA services

The vendors listed below are examples of CA's that provide certificates. There is a free trial certificate provided by most of these vendors for your initial testing.

Your public key is packaged in a X.509 certificate. That certificate contains your identity and the identity of an external party that has witnessed your possession of the associated private key. This is an essential element in the trust model of your digital signature.

Global Sign offers their PersonalSign certificates. Click here to enroll.

Verisign offers their Digital Id for the purpose of signing e-mails. This also works with IP-Protector. Click here to enroll.

Thawte offers their Personal Certificates. Click here to enroll.

Back to top

Step 2. Exporting your certificate for access by IP Protector

The process of exporting your certificate is identical to making a backup copy of your digital certificate. There are two decisions that you make during this process:

1. Where to store the certificate file? We suggest that you put the copy of the certificate on a removable floppy disk. The certificate file is encrypted and could be stored anywhere on your computer.
2. The password you use to protect the certificate should be difficult to guess. It should include a combination of letters and numbers. The security of your signing certificate is only as good as the password you choose.
3. There are additional details about protecting your private key on our web site here.

How you export the signing certificate depends on the browser that you use.

In Internet Explorer 6 and 7:

Go to TOOLS --> INTERNET OPTIONS
Click the Content tab
Click the Certificates button
Click the Personal Tab
Select the certificate you wish to use in IP-Protector
Click the Export button and follow the wizard.
- Make sure to export your private key and choose a good password.
- Choose "Personal Information Exchange - PKCS #12" (do not check "Enable Microsoft Strong Protection" )

Back to top

Firefox:

Go to TOOLS --> OPTIONS
Click the Advanced Icon
Click the View Certificates button
Click the Your Certificates Tab
Select the certificate you wish to use in IP-Protector
Click the Backup button and follow the wizard.
- Make sure to export your private key and choose a good password.

Back to top

In Netscape browser:

Go to EDIT --> PREFERENCES
Click on open the Privacy and Security list
Click the Certificates
Click the Manage Certificates button
Go to the Your Certificates tab
Select the certificate you wish to use in IP-Protector
Click the Backup button and follow the prompts. Make sure to choose a good password.

Back to top

In Internet Explorer 4:

Go to VIEW --> INTERNET OPTIONS
Click the Content Tab
Click the Personal Tab
Select the certificate you wish to use in IP-Protector
Click the Export button and follow the wizard. Make sure to export your private key and choose a good password.

Back to top

In Netscape Messenger:

Go to COMMUNICATOR --> TOOLS --> SECURITY INFO
Under Certificates, click Yours
Select the certificate you wish to use in IP-Protector
Click the Export button and follow the instructions on screen. Make sure to choose a good password.

Back to top

Step 3. Recording key storage location information in IP-Protector

This is a one-time setup task to describe where the signing key is stored. Each time you create a signature, the software will need to access this storage location and will ask you for your password. During this step, the signing key file is not opened or read.

Here is a screen shot where you enter this information.

1. Short, descriptive name - This is just for your reference to distinguish between multiple signing keys. If you have just one, for example, you might name it "trial key".
2. File location - The file that contains the key. This file needs to be a PKCS #12 record and can be created using the two steps above. You might save this on a removable disk, for example, A:/signature.pfx

Back to top

The private key is stored inside the computer file you specified in the previous step. The private key can be accessed only by providing your password. Using your password, the private key is retrieved from the file and used to calculate your signature. The signature calculation is done inside the IP-Protector software.

Here is a screen shot where you enter your password and the software retrieves the key.

The check box option "save password for subsequent uses" allows the software to keep the private key in memory until you close the application and you will not need to reenter your password for each signature. Not checking this option means the software makes a best effort to remove the private key from memory immediately following the signature generation.

There is an alternate approach that uses a smart card to store your signing key and optionally generate the signature that you can read about here.

Back to top