PKI USER MANUAL - NCDC Web Repository
Contents
1. Version Number 2 0 Page 10 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 4 The recipient can click on the Digitally Signed Icon and view the Message Security Properties 2 Message Security Properties 2d Mo Message Subject Available Secure messages may contain encryption and digital Review the decryption and verification information shown signature layers Each digital signature layer will contain below one or more digital signatures Details p SMIVE F aa eE Mo Message Subject Awaila a Signature Status OK D tal Signa Signer pshankarat ncde goy sa O E aramee M qov sa E Original Message i sender Phani Shankara J e mail Address pshankarai ncdc gov sa p Details lt lt Wei Gerbificabe Close Help Version Number 2 0 Page 11 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 The following steps will be invoked to execute this procedure 1 Ensure that ESP for Outlook and SafeNet Tokens Drivers are installed and the token is inserted in the USB slot to perform this procedure 2 Ensure that the Person to whom you are encrypting the mail is part of NCDC PKI Trust Network and his public key certificates available in the LDAP 3 Open a New Mail in Microsoft Outlook Spelling Encrypt Sign nora ame roe Ase aia P3 Version Number 2 0 Page 12 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 092. Click OK amp Token Logon Safe SafeNet Authentication Client Enter the Token PIN Token Name 90285743 Token PIN seosoooooo Curent Language EN Cancel 5 The selected encrypted file will be decrypted and the output will be as follow O x File Edit View Favorites Tools Help File to be Decrypted docx pzm le to be Decrypted docx Secure File Microsoft Office Word Document 11 616 KB Version Number 2 0 Page 37 of 37 Confidential
3. nod ll anil aiboll 5S 30 PY National Center for Digital Certification i PKI USER MANUAL JANUARY 2 2013 Document Classification Confidential VERSION 2 0 Copyright 2013 National Center for Digital Certification Kingdom of Saudi Arabia This document is intended for use only by the National Center for Digital Certification and authorized Saudi National PKI participants This document shall not be duplicated used or disclosed in whole or in part for any purposes without prior consent NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 NCDC Brief Introduction 1 About NCDC The Government of Saudi Arabia has embarked on an ambitious e transaction program recognizing that there is a tremendous opportunity to better utilize information technology to improve the quality of care service lower the cost of operations and increase customer satisfaction To ensure the secure efficient transmission and exchange of information electronically the Kingdom of Saudi Arabia has created a National Public key Infrastructure Named the National Centre for Digital Certification NCDC the NCDC is created by an act of law and its mandate is stipulated in the Saudi e transaction law NCDC provides trust services to secure the exchange of information between key stakeholders Participants include Government employees Citizens Businesses 2 Government Certification Authority Government Certification Authority
4. Government CA is owned by the Ministry of Communication and Information Technology MCIT Government CA is the Certification Authority under the NCDC Root CA NCDC Root CA has issued a digitally signed CA Certificate to the Government CA The Government CA is responsible for issuing and managing Digital Certificates to Government employees entities non human subscribers like Servers and Network Devices within the Government domain through Certificate Service Providers henceforth referred as CSPs within the framework 3 NCDC ESP Kit Every user participating in the PKI usage will be provided with an NCDC ESP Kit which will contain the following Digital Certificate Entrust Entelligence Security Provider ESP for Windows Entrust Entelligence Security Provider ESP for Outlook SafeNet USB token Drivers A AON Digital Certificates The digital equivalent of an ID card used in conjunction with a public key encryption system Also called a digital ID digital identity certificate identity certificate and public key certificate digital certificates are issued by a trusted third party known as a certification authority CA such as NCDC Government Certification Authority Every subscriber participating in the PKI usage will obtain a Digital Signature Certificate DSC issued by Government CA Before issuance of the Digital Certificate the subscriber has to fill a request form and get the required approvals from the Authorizi
5. 4 Please select the other people you wish ko encrypt For Use the search button to search the directory For their encryption certificates 73 pe 2 Search Issued b MCDC CSP Government CA Expiration Dake pchirag ncede gov sa pchirag ncdc gov sa 71212012 El Show Search Results ha View OK Cancel Help 2 Version Number 2 0 Page 32 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 10 Once the details of the person to whom you wish to encrypt the file are added to the Encrypt file wizard click Next E Encrypt Files Wizard Additional Recipients Select the other people these files will be encrypted for Only these people and yourself will be able to decrypt the files To encrypt files for other people you need ther encryption certificates Use the Add button to select the other people you wish to encrypt for E mail Address pchiragtsncdc goyv sa pchiragtnedc goy sa Remove WEN Back Hest gt Cancel Version Number 2 0 Page 33 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 11 Click on Finish to complete the Encrypting process E Encrypt Files Wizard A Completing the Encrypt Files Wizard You have successtully encrypted the following files 6 File to be Encrypted docs pm Delete the original files on finish Back Cancel 12 The output of the Encrypt
6. Click on Sign Button on the Tool Bar and Click Send y z E ee p eaae Version Number 2 0 Page 8 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 4 Entrust Entelligence Security Provider ESP for Outlook will Digitally Sign the email Entrust Entelligence Secunty Provider Signing S MIME Format message 5 The Wizard will prompt to provide the USB Token PIN after Providing the PIN Click OK S Token Logon Safe SafeNet Authentication Client Enter the Token PIN Token Name 90285743 Token PIN sooooooooo Curent Language EN a Gea 6 The signed message is now sent to the recipient and the process is completed Version Number 2 0 Page 9 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 The following steps will be invoked to execute this procedure 1 The recipient of the Digitally Signed Mail will receive the messages with a mail envelope with RED Seal Symbol 3 Inbox Search Inbox Plz Se ee k Click here to enable instant Search 2 On clicking the Digitally Signed Mail Entrust Entelligence Security Provider ESP will verify the sender s signature Entrust Entelligence Security Provider 2d verifying signer pshankaram incdc gov sa s certificate BERREEN 3 The Digitally signed mail will now open in reading pane mode and the recipient can verify that the mail that was Digitally Signed as shown below
7. DC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 4 The Encrypted mail will now open in reading pane mode and the recipient can verify that the mail was Encrypted as shown below 5 The recipient can click on the Encrypted Icon and view the Message Security Properties JF Message Security Properties Secure messages may contain encryption and digital signature layers Each digital signature layer will contain one or more digital signatures Layers As Mime Format Message Confidential Encryption Layer l Original Message Confidential l ee Sender Phani Shankara oe e mail Address pshankara ncde goyv sa pshankara rmcit gov sa Details gt gt Close Help 2 Version Number 2 0 Page 16 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 The following steps will be invoked to execute this procedure 1 Ensure that ESP for Windows and SafeNet Tokens Drivers are installed and the token is inserted in the USB slot to perform this procedure 2 Select a file which you like to Digitally Sign File Edit View Favorites Tools Help ile to be Signed docx Wicrosork Office Word Document 10 KE Version Number 2 0 Page 17 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 3 Right Click on the file and select the option of Digitally Sign File i ESP l oOj x File Edit View Favorites Tools Help ae ile to be Signed doc
8. From Users pshankara MCIT Desktop PKI CD NCDC V Always ask before opening this file F While files from the Intemet can be useful this file type can D potentially harm your computer Only run software from publishers you trust What s the risk e Click Next to continue the installation Version Number 2 0 Page 4 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 Q NCDC Clients Packager 1 0 Setup De Welcome to the NCDC Clients Packager 1 0 Setup Wizard Nod ll anil nlleol 55 jo This wizard will guide you through the installation of NCDC Clients Packager 1 0 It is recommended that you dose all other applications before starting Setup This will make it possible to update relevant system files without having to reboot your computer Click Next to continue http www nedc gov sa helpdesk ncdc gov sa e Accept the License Agreement when prompted and Click Install e Wait for the Packager to install the components Version Number 2 0 Page 5 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 Q NCDC Clients Packager 1 0 Setup Installing Please wait while NCDC Clients Packager 1 0 is being installed a ae Extract NCDC SafeNet 14MAY 12 x32 8 1 SP 1 msi 100 E JA Ll Output folder C Program Files NCDC Clients Package SAC Extract NCDC SafeNet 14MAY 12 x32 8 1 SP 1 msi 100 e Upon successful installa
9. V2 0 4 Select the recipients to whom you wish to send an Encrypted Mail and Click on Encrypt Button on the Tool Bar and Click Send 5 Entrust Entelligence Security Provider ESP for Outlook will obtain the recipients Public key and encrypt the mail Entrust Enteligence Security Provider 2d Obtaining and verifying certificates LA Cancel 6 The Encrypted e Mail will be sent to the selected recipient and the process will be completed Version Number 2 0 Page 13 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 The following steps will be invoked to execute this procedure 1 The recipient of the Encrypted Mail will receive the messages with a mail envelope with BLUE Lock Symbol nbox Search Inbox P Click here to enable Instant Search 2 On clicking the Encrypted Email Entrust Entelligence Security Provider ESP will decode the message contents Entrust Entelligence Security Provider Ea 2d Decoding the S MIME Format message contents BERE 3 The Wizard will prompt to provide the USB Token PIN after Providing the PIN Click OK Version Number 2 0 Page 14 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 amp Token Logon Safe SafeNet Authentication Client Enter the Token PIN Token Name 90285743 Token PIN seeceecese Current Language EN Version Number 2 0 Page 15 of 37 Confidential NC
10. ed file will be in a new format p7m The encrypted file for other user may be sent using any medium such as flash memory CD or by email File Edit View Favorites Tools Help File bo be Encrypted docx le to be Encrypted doc Microsoft Office Word Document Secure File 10 KE Version Number 2 0 Page 34 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 The following steps will be invoked to execute this procedure 1 Select an Encrypted file to decrypt j ESP File Edit View Favorites Tools Help ile to be Decrypted docx pm Secure File 11 019 KB Version Number 2 0 Page 35 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 2 Right click on the encrypted file and Select the Decrypt and Verify O x a File Edit View Favorites Tools Help Decrypt Yerify and Open Decrypt and verify Scan with OfficeScan Client Open with Send To ut Copy Create Shortcut Delete Rename Properties 3 Entrust Entelligence Security Provider ESP will start the verification process Entrust Entelligence Security Provider Decrypting and Verifying File C Documents and Settings pshankaralDesk File to be Decrypted docx pzm Barcel Version Number 2 0 Page 36 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 4 The Wizard will prompt to provide the USB Token PIN after Providing the PIN
11. gence Security Provider ESP will start the verification process Entrust Entelligence Security Provider Decrypting and Verifying File C Documents and Settings pshankaralDeskto File to be Verified docx pzm Cancel 1 Seconds Remaining Version Number 2 0 Page 23 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 4 Once the process is completed the original file can be obtained lol x File Edit View Favorites Tools Help File to be Verified docx p ym le to be Verified docx Secure File Wicrosork Office Word Document 1 KE 10 KE Version Number 2 0 Page 24 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 The following steps will be invoked to execute this procedure 1 Ensure that ESP for Windows and SafeNet Tokens Drivers are installed and the token is inserted in the USB slot to perform this procedure 2 Select a file which you wish to Encrypt i ESP O x File Edit View Favorites Tools Help le to be Encrypted docx Wicrosork Office Word Document 10 KE 3 Right Click on the file and select the option of Encrypt File Version Number 2 0 Page 25 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 O x File Edit View Favorites Tools Help ae le to be Encrypted docx icrosork Office Word Dog 10 KE Edit Pie Print Encrypt File Digitally Sign File Encr
12. ion Algorithm 3DES hi Back Cancel 7 To encrypt files for other people you need their encryption certificate Use the Add button to select the other people you wish to encrypt the file Version Number 2 0 Page 29 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 E Encrypt Files Wizard Additional Recipients Select the other people these files will be encrypted for Only these people and yourself will be able to decrypt the files To encrypt files for other people you need ther encryption certificates Use the Add button to select the other people you wish to encrypt for E mail Address Add Remove WEY Back Cancel Version Number 2 0 Page 30 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 8 Type in name email id of person to whom you wish to encrypt the file and use the search button to search the directory for their encryption certificates A Please select the other people you wish to encrypt For Use the search button to search the directory For their encryption certificates Search Show All HEV cne o 4 Version Number 2 0 Page 31 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 9 Once the search results provides you with the details of the person to whom you wish to encrypt the file select the persons certificate and click on OK
13. ng Person Subscriber s identity then verified by the Registration office and a Digital Certificate is issued The Subscriber can perform the followings using the issued Digital Certificate 1 Digital Signing and Verification of an Email 2 Encrypting and Decrypting an Email Version Number 2 0 Page 2 of 37 Confidential NCDC PKI User Manual identifier NCDC SSC Manuals008 09V2 0 3 Digital Signing and Verification of a Document 4 Encrypting and Decrypting a Document 5 Entrust Entelligence Security Provider ESP Entrust Entelligence Security Provider ESP is a desktop security solution and is an enterprise wide security platform for Windows desktops domain controllers and authentication servers that allows organizations to deploy the digital identities that enable the strong authentication encryption and digital signature capabilities within a number of authentication applications and other applications such as data encryption and secure email 6 Secure Storage Device Safenet ikey USB tokens SafeNet USB token offers a compact hardware solution for authentication and digital identity management SafeNet USB token offers onboard key generation key storage encryption and digital signing capabilities add high assurance security to user login digitally sign emails holding master keys for disk encryption VPN authentication and other secure client applications 7 Pre Requisites The following pre requisites are needed befo
14. re installation of ESP and SafeNet USB token Drivers 1 End user Operating System Windows XP or Vista 2 Microsoft Outlook installed for the Entelligence Security Provider for Outlook 8 Help Desk Contacts For any assistance or technical support please contact NCDC operations centre by sending an email to helodesk ncdc gov sa or via helpdesk Telephone numbers 01 452 2086 01 452 2037 01 452 2196 Installation of ESP and USB Token Drivers Every subscriber will be provided with a PKI CD which will have the software s for ESP and SafeNet USB token or the subscriber can download the NCDC Clients Packager from NCDC Web Repository http Aweb ncdc gov sa a Torun the Installation from CD e Insert the PKI CD into the CD Drive e You will find the NCDC Clients Packager to install the packager Right Click and select Open b If you have downloaded the NCDC Clients Packager from NCDC Web Repository http web ncdc gov sa save the Packager on desktop and to install the packager Right Click and select Open Version Number 2 0 Page 3 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 a NCDC Clients vl 0 32 exe e Click Run on the Open File Security Warning window to proceed the installation Open File Security Warning Do you want to run this file Ca Name MCIT Desktop PKI CD NCDC_Clients_v1 0 32 exe Publisher National Center for Di ification Type Application
15. rsion Number 2 0 Page 20 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 7 Click on Finish to complete the Digital Signing Process Wi Digitally Sign Files Wizard xX Completing the Digitally Sign Files Wizard Tou have successtully signed the following files 4 File to be Signed docx pi mi 7 Delete the original files on finish lt Back Cancel 8 The output of the Digitally Signed file will be in a new format p7m Ioj x File Edit wiew Favorites Tools Help File to be Signed docx ile to be Signed docx p7m Microsoft Office Word Document W ecure File 10 KB iz ke Version Number 2 0 Page 21 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 The following steps will be invoked to execute this procedure 1 Select a Digitally Signed file to verify m ESP O x Fie Edit wiew Favorites Tools Help ile to be Verified docx pm Secure File Version Number 2 0 Page 22 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 2 Right click on the Signed file and Select the Decrypt and Verify O x File Edit View Favorites Tools Help ae le to be Verified docx pyri Secure File iz KB Decrypt erify and Open Decrypt and Verify Scan with OfficeScan Client Open With Send To ut Copy Create Shortcut Delete Rename Properties 3 Entrust Entelli
16. tion you will be prompted to restart the computer Click Yes to reboot NCDC Clients Packager 1 0 Setup Ses geen ne Setup has completed successfully A reboot is required to finish the installation Do you wish to reboot now c Upon successful installation of Entrust Entelligence Security Provider ESP for Windows the subscriber can view an Icon in the system tray Version Number 2 0 Page 6 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 d Upon successful installation of Entrust Entelligence Security Provider ESP for outlook the subscriber can view 2 new options added to the Outlook New Message Window e To check that the SafeNet USB token driver has been successfully installed Click on Start gt Programs gt SafeNet gt SafeNet Authentication Client gt SafeNet Authentication Client d SafeNet Authentication Client SafeNet Authentication Client Tc S SafeNet Authentication Client The following steps will be invoked to execute this procedure 1 Ensure that Entrust Entelligence Security Provider ESP for Outlook and SafeNet Tokens Drivers are installed and the token is inserted in the USB slot to perform this procedure Version Number 2 0 Page 7 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 2 Open a New Mail in Microsoft Outlook Fo 4ee 3 Select the recipients to whom you like to send a Digitally Signed Mail
17. x Microsoft Office Wirt 10 KB Encrypt File Digitally Sign File Encrypt and Digitally Sign File Scan with OfficeScan Client Open with d Send To b ut Copy Create Shortcut Delete Rename Properties 4 The Digitally Sign files Wizard would open which will guide you through the process of digitally signing of files click Next Version Number 2 0 Page 18 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 E Digitally Sign Files Wizard x Welcome to the Digitally Sign Files Wizard This wizard will guide you through the process of digitally signing files The files you are signing are Ewi File to be Signed docs To continue click Mert 4 Back Cancel 5 The signing certificate and the Hash algorithm SHA1 will appear click Next Version Number 2 0 Page 19 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 E Digitally Sign Files Wizard Digital Signature Options Digitally signed files are signed by yourself four Signing Certificate pshankara nodo gov sa Key Usage No Choose Hash Algorithm z Back Cancel 6 The Wizard will prompt to provide the USB Token PIN after Providing the PIN Click OK S Token Logon Safe SafeNet Authentication Client Enter the Token PIN Token Name 90285743 Token PIN seeceecese Current Language EN x cancel Ve
18. ypt and Digitally Sign File Scan with OfficeScan Client Open with i Send To H ut Copy Create Shortcut Delete Rename Properties Version Number 2 0 Page 26 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 4 The Encrypt files Wizard would open which will guide you through the process of Encrypting of files click Next E Encrypt Files Wizard x Welcome to the Encrypt Files Wizard This wizard will guide you through the process of encrypting files for yourself and others The files you are encrypting are Ew File to be Encrypted doce To continue click Next are Cancel 5 Your Encryption Certificate and Encryption Algorithm 3DES will appear then click Next Version Number 2 0 Page 27 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 E Encrypt Files Wizard Encryption Options Encrypted files are encrypted for yourself and optionally for other people Version Number 2 0 Page 28 of 37 Confidential NCDC PKI User Manual Identifier NCDC SSC Manuals008 09V2 0 6 Tick the box in case you intend to encrypt the file for other people in addition to yourself E Encrypt Files Wizard x Encryption Options Encrypted files are encrypted for yourself and optionally for other people Files are always encrypted for yourself Tour Encryption Certificate pshankara node gov sa Key Usage Ke Choose Encrypt
Download Pdf Manuals
Related Search