Platform-Specific Information
Flexible User Interface
SecretAgent for Windows' interface provides simple, intuitive, user-friendly operations such as drag-and-drop file selection and context menu operations. Fully integrated with the operating system, all security operations can be accessed from SecretAgent's Explorer view:
Explorer view can be collapsed into a simple floating toolbar onto which files can be dragged and dropped:
|
|
All functions can also be accessed from the SecretAgent system tray menu (right):
The major functions are also available in Windows Explorer using
the right-click context menu (below):
|
|
The new encryption dialog provides control over all input and output options as well as convenient access to all existing certificate stores for recipient selection:
SecretAgent for Windows complies with Section 508 of the Rehabilitation Act (VPAT) and provides several important features not available on other platforms. Some of those features are highlighted below.
Special Features
S/MIME v3 CMS Support
SecretAgent now offers CMS as an alternative to the native .SA5 output format. You may create encrypted, or encrypted and signed, messages and exchange them with users of other RFC3852-compliant (S/MIME) applications (e.g., OpenSLL). Encrypted and/or signed message you receive in Microsoft Outlook Express can now be decrypted/validated using SecretAgent.
OpenPGP Support
SecretAgent can also create and decrypt OpenPGP files that you may exchange with users of other OpenPGP-compliant applications. (At this time, digital signatures are not supported with this file format. If you received an encrypted and signed OpenPGP file, SecretAgent will decrypt it but ignore the signature information.) For details, follow these links:
SecretAgent/PGP Interoperability Guidlines
OpenPGP interoperability matrix.
Auto-Update Functions
SecretAgent for Windows can be configured by PolicyAgent to periodically poll a specified server for updated (digitally signed) security policies. This mechanism allows an enterprise to "push out" to their end-users updated policies (with new trusted root certificates or new CRL distribution points, say) whenever the situation calls for it. Individual end-user machines need not be reconfigured individually and the update process is completely user-transparent.
SecretAgent can also be configured to automatically poll a server for authenticated software updates.
Enhanced LDAP Support
Our certificate retrieval logic now supports administrator-configurable static LDAP groups and parametrized LDAP queries. In an enterprise setting, SecretAgent/Windows can also periodically poll a network server for digitally-signed software updates and revised security policies.
Certificate Explorer 2
SecretAgent 5.x for Windows includes an integrated certificate store management utility, called Certificate Explorer 2 (CX2). CX2 allows you to create and maintain various local and remote certificate stores and make them available within SecretAgent.
CX2 also generates PKCS#10 certificate requests and imports X.509 certificates for total interoperability with a wide variety of commercial Certificate Authorities (CAs). CX2 can import and export PKCS#8 private keys and import PKCS#12 private keys, so they can be shared with your other applications.
CX2 also provides live LDAP pulls for remote certificate directory access and optional CRL support with an auto-update feature. The latest version of CX2 also provides access to your local CAPI and remote ActiveDirectory stores so that the same certificates you use with Internet Explorer, Outlook, and other CAPI-based applications, are also available in SecretAgent.
Certificate extension processing and validation assure proper certificate use, while self-signed certificates allow users to exchange secured information without a formal PKI. Certificate processing in CX2 conforms with RFC3280 and has recently passed interoperability testing at DISA's JITC PKI Certification Lab at Ft. Huachuca and has received formal certification of full compliance with the DoD PKI. (JITC's Interoperability Test Summary.)
Read more about Certificate Explorer
Standard Features
E-mail Client Integration
SecretAgent for Windows offers seamless integration with popular email clients. Plug-ins for Microsoft Exchange, Outlook 2000/XP/2003, and Lotus Notes may be downloaded from the SecretAgent Support pages of our website.
SecretAgent also has the ability to send encrypted and/or signed documents using any Windows e-mail application that provides MAPI support.
Office Suite Integration
SecretAgent 5's integration with Microsoft Word, Excel, and PowerPoint, as well as with WordPerfect, allows you to encrypt or sign documents from within these applications. For example, in Microsoft Word you get a new toolbar  that makes it easy to run the following macros:
 encrypts the current document
 signs the document creating a detached .sgn file; to validate this type of signature, use the SecretAgent GUI or double-click the .sgn file in Windows Explorer
 signs the document by inserting your digital signature into an embedded graphic at the end of the document; this macro also locks the document against changes
 validates an embedded signature, displaying the distinguished name of the signer
 removes an embedded signature and unlocks the document
Automatic File Security
Automatic encryption allows you to transparently protect sensitive files stored on your PC. Users can specify sets of folders that are automatically encrypted when SecretAgent 5 exits and automatically decrypted when it starts back up. These events can be tied to the Windows startup and shutdown processes. (Note: SpyProof! is a much more transparent solution —files remain encrypted at all times so there is no wait for files to be decrypted and re-encrypted.)
Self-Decrypting Archives
SecretAgent 5 allows you to create and send encrypted files to other Windows users who can decrypt them without needing SecretAgent 5. (Support for UNIX target platforms may also be available; contact ISC for details.)
Secure Password Generation
An integrated (FIPS 181-compliant) pronounceable password generator suggests passwords that can be easily remembered, yet cannot be found via an exhaustive on-line dictionary-type attack and hence are extremely difficult to guess. (PKCS#8 "password-based encryption" using TDES is used to protect locally stored RSA and DSA private key files.)
Hashing
When asked to "inspect" any file (with a filename extension other than .sa5, .saa, or .sgn), the GUI now computes and displays the SHA-1 and MD5 message digests of that file. Command line builds can provide MD2, MD5, and SHA-1/256/384/512 message digests for any file.
Hardware Support (PKCS#11 Tokens)
SecretAgent for Windows supports a growing number of smartcards and other hardware tokens. The following products have been successfully tested for compatibility:
Manufacturer |
Tokens/Middleware |
Tested APIs † |
ActivIdentity
(formerly ActivCard) |
ActivCard Gold
ActivIdentity Smart Card
|
CAPI, PKCS#11 |
| Aladdin |
eToken Pro 8K, 16K, 64K
eToken R2 |
CAPI, PKCS#11 |
| A.E.T. Europe |
SafeSign (G&D STARCOS 2.3) |
CAPI, PKCS#11 |
| Covadis S.A. |
Alya™ reader |
PKCS#11 |
Gemalto NV
(formerly Axalto/Schlumberger) |
Cryptoflex 16
Cryptoflex 32
.NET 2.0 Card |
CAPI, PKCS#11
CAPI, PKCS#11
PKCS#11
|
| Gemplus |
Gemsafe Version 2.x
Gemsafe Version 3.x |
PKCS#11 |
| IBM / Lenovo |
Atmel TPM |
CAPI, PKCS#11 |
| nCipher |
nShield |
PKCS#11 |
| Oberthur Card Systems |
DoD CAC |
CAPI, PKCS#11 |
| RSA Security |
SecurID
3GI DoD CAC |
CAPI, PKCS#11 |
| SafeNet (Rainbow) |
Luna SA
iKey 2008/2032/3000
Datakey Model 320/330/USB |
PKCS#11
CAPI, PKCS#11
PKCS#11 |
| Saflink/Litronic |
Forte
Maestro
NetSign |
PKCS#11 |
| Sony |
FIU-710 Puppy
FIU-810 Puppy |
PKCS#11 |
| Spyrus |
Rosetta |
PKCS#11 |
†Due to certain limitations in vendor-supplied CAPI CSPs, some functionality (e.g., AES-256) may fail when using the CAPI interfaces to some of these devices. In such circumstances, the vendor-supplied PKCS#11 interface is preferred. Contact ISC for details.
Additional Information
SecretAgent 5's Standards Compliance
Diagram of the SecretAgent encryption process (PDF)
Section 508 VPAT for SecretAgent (PDF)
Feature Comparison Chart for Various Platforms (updated 3/31/08)
E-mail plug-ins and other support items for SecretAgent 5
SecretAgent 5 Reader for Windows (Free Download!)
SecretAgent 5 Reader for Mac OS X (Free Download!)
Contact ISC for further information
|
