This excerpt originally appeared in the article "Encryption Software" in the December 2, 1996 issue of Federal Computer Week.

AT&T SecretAgent 3.14

SecretAgent offers a host of standards to choose from for key generation, encryption, digital signatures, compression and encoding. While some users may be overwhelmed by the choice of standards, AT&T provides helpful advice for sifting through them all.

SecretAgent relies entirely on public-key cryptography for key management. Users choose from RSA or Digital Signature Algorithm (DSA) keys in either 512- or 1,024-bit lengths and can share public-key databases with other users across a network. In addition, Secret-Agent offers users the choice of DES, Triple DES or AT&T's own encryption algorithm, EA2. SecretAgent also supports hardware tokens such as the Fortezza card or Datakey Inc.'s Smartcard. Of course, sites using SecretAgent with the Fortezza card rely on the card's Skipjack encryption rather than any of the three algorithms provided with SecretAgent.

If you save files locally or share them across a network, you'll probably just store the encrypted data in binary form. SecretAgent can automatically encode data in base64 or hexadecimal representations if you're relying on Internet mail or if you need ASCII-based encoding for any other reason. In addition to encryption, SecretAgent can sign your documents with DSS, although there's no way to sign documents without encrypting them.

AT&T also sells versions of SecretAgent that prevent users from generating their own keys and that also support an emergency-access key.

Installation
Installation is straightforward, thanks to a simple setup routine. We'd prefer that the manual spell out all the configuration steps, such as key generation, in one place rather than referring you to the on-line guide or part of another chapter. Likewise, the software should force users to back up their private keys because losing a private key could prove disastrous. The lack of an uninstall routine is a bit of a nuisance. Still, the process was relatively simple. We rated SecretAgent's installation good.

Administration
There isn't much to administering SecretAgent. Users' preferences, such as automatically mailing encrypted files or changing encryption standards, are located in a single dialog box off SecretAgent's main screen. A separate key-management utility lets you merge public-key databases.

Like most of the other packages, SecretAgent doesn't give you many tools to enforce your company's standards. You can order the version that prevents users from generating their own keys, and SecretAgent can rely on external X.509 or other certificate servers. Inherent in the product, however, are a raft of supported standards -- everything from key generation to compression. While SecretAgent doesn't offer much in the way of centralized management, you shouldn't overlook the importance of letting organizations choose the security standards that are right for them. That's enough to boost SecretAgent's score to good.

Protecting Data
Encrypting files is easy. From the main screen, you simply add files to a list, click on the encrypt button and enter your pass phrase. You can manually remove the original file or have SecretAgent remove it automatically after encrypting. (AT&T claims compliance with DOD standards for erasing files.)

The program is actually a Windows 3.x executable, but it runs fine under Windows 95. However, it runs without the niceties of Windows 95, such as common dialog boxes for locating files.

Unlike some packages, Secret Agent has no facility for automatically encrypting files when you shut down, but it does come with macros for Word for Windows and WordPerfect that allow you to encrypt files from the programs' menus or toolbars. Despite the lack of automation, the interface is easy and earns a good score.

Sharing Data
SecretAgent is clearly geared toward corresponding with others. First and foremost, its public-key database makes encrypting documents for someone else's review a snap. The database is hardly sophisticated, but it gets the job done.

It will automatically send documents through either VIM- or MAPI-compliant e-mail packages -- a very nice touch. It will automatically sign encrypted documents and encode them for MIME format messages, although most e-mail products will do that for you anyway. A more flexible public-key database would help, but you can use SecretAgent with other databases, including X.500 servers. All this is just as easy as encrypting local files, so SecretAgent earns an excellent score for sharing data.

Summary
AT&T aims this product squarely at federal government users and those who do business with the government. The company's support of just about every federal guideline for security and products such as the Fortezza card makes it stand out from the crowd. While Secret-Agent automates virtually every aspect of sharing data with others, it is easy enough to use for keeping your local files private. The Windows 3.x interface does little for Windows 95 users, but the product runs fine on both platforms.