Just download binary and use it!
 | Useful Information
Your settings, and copies of your keyset (.p12 / .pfx file in PKCS12 format) are saved in the following directory:
C:\Documents and Settings\MyName.MyDomain\Cryptonit
Where "C" is your installation drive and where "MyName.MyDomain" is your "home" directory |
| Unix / Linux: installing from binary RPM |
XFree86
Note that CRYPTONIT depends on XFree86, which is deprecated in Fedora 5 (and more). Therefore yo need to add the XFree86 shared libs before installing. You will find them hereafter (from Fedora 1):
XFree86-libs-data-4.3.0-55.i386.rpm
XFree86-libs-4.3.0-55.i386.rpm
Installing binary
[root@example-host ~ ]# rpm -i XFree86-libs-data-4.3.0-55.i386.rpm
[root@example-host ~ ]# rpm -i XFree86-libs-4.3.0-55.i386.rpm
[root@example-host ~ ]# rpm -i Cryptonit-0.9.7-2.i586.rpm
Bug: With Linux binary RPM, CRYPTONIT is installed under the name Cryponit .
[root@examle-host ~]# ls /usr/bin/Cry*
-rwxr-xr-x 1 root root 6663168 Jun 9 2006 /usr/bin/Cryponit
| Unix / Linux: installing from sources RPM |
With Fedora Linux you need before building CRYPTONIT to have the standard developement environment and install wx suite as follows
[root@example-host ~ ]# yum install wx*
Then:
- Download Cryptonit sources
- Check sources
- make binary as follows
[root@example-host ~ ]# bunzip2 cryptonit-0.9.7.tar.bz2
[root@example-host ~ ]# tar xzvf cryptonit-0.9.7.tar
[root@example-host ~ ]# cd cryptonit-0.9.7
[root@example-host cryptonit-0.9.7]# ./configure
[root@example-host cryptonit-0.9.7]# make
[root@example-host cryptonit-0.9.7]# make test
[root@example-host cryptonit-0.9.7]# make install
[root@example-host cryptonit-0.9.7]# make clean
The default location of Cryptonit binary is /usr/local/bin/Cryptonit
You may use it as an X windows application
Using CRYPTONIT requires a certificate keyset. See [ KEYMAN as certificates manager]; you may also use CRYPTONIT to request a user certificate (PKCS10)and once obtained, create a keyset in PKCS12 format (Microsoft .p12 / .pfx extensions).
When you have a certificate, for encryption, these are the basic steps:
- Create an archive if you have multiple files to encrypt
- Select a file to encrypt
- Select a contact (recipient certificate) for the encrypted file
- Encrypt
- Send or archive the encrypted file
- Safely erase the original file
 | Security tip
Don't use automatic erase of the source file in CRYPTONIT, instead, erase beyond recovery with a safe eraser (i.e: cyberscrub for Microsoft or Linux shred command) |
Follow the GUI (Graphical user interface)
- Launch CRYPTONIT and choose to update settings cryptonitInit
- Update CRYPTONIT identities cryptonitIdentity
- Import your certificate's keyset cryptonitP12
- Update your encryption algorithm cryptonitAlgo
- Set your default directory server if yo have one cryptonitLDAP
- Update your contacts address book cryptonitContacts
- Check your contact's address book contentcryptonitAddressBook
- Choose a recipient for encryption cryptonitRecipient
- Confirm the recipient's certificate validation cryptonitValidation
- Create your encrypted file
- Close CRYPTONIT
Return to top of page topCryptonit
Return to top of page topCryptonit
If you already have a certificate keyset in PKCS12 format (Microsoft .p12 / .pfx extensions) you may import it directly. If you used CRYPTONIT to generate a certificate request, you may select the certificate file returned by the certification authority (CA).
Return to top of page topCryptonit
- Give a friendly name to your certificate
- Select your .p12 / .pfx file
Return to top of page topCryptonit
The default CRYPTONIT encryption algorithm is set to AES 128 bits. It is recommended to use AES 256 bits which is stronger. Keep the default SHA1 digest type which is a standard.
Return to top of page topCryptonit
This is a directory server holding informations and public certificate of your recipients. When updating the contact's address book of CRYPTONIT, it is possible to search for a recipient certificate. i.e: if you know the recipient e-mail address.
Always launch the connection test to test the connection.
Example with openosi directory
Return to top of page topCryptonit
After choosing contacts then add you get a dialog asking whether you import a certificate file or launch a query to an LDAP directory.
If you choose to query an LDAP directory, your default directory settings will be used. Note that you default LDAP directory may be configured to pass the request to another referral directory. Here is an example using an e-mail address argument. That is if you know the contact e-mail address you could search for its certificate.
In this example an entry was found for email address mycolleague@example.com
Select this entry and import it.
directory.openosi.org our example directory, refers to the openldap referral root.openldap.org which in turns refers to the proper LDAP directory providing the later is appropriately configured.
Return to top of page topCryptonit
Check your contact's address book content
After you import recipient's certificate file, or search result of an LDAP directory, check the content of your address book. At least the content is your identity allowing you to encrypt files for yourself. If you want to encrypt a file for a recipient, it MUST be in the address book before you operate.
Return to top of page topCryptonit
When you want to send an encrypted file to someone, you have to encrypt the file for this recipient only. That is, with CRYPTONIT, you have to choose and existing contact of the address book as a valid recipient.
Her is an example with MyColleague contact, previously created
Return to top of page topCryptonit
When you choose a recipient for an encrypted file, your file will be encrypted using the recipient's public certificate. Before doing that CRYPTONIT verifies the recipient's certificate validity. That is, it checks:
- the associated certification authority chain for trust
- the associated CRL (Certificate revocation list).
Here is an example of valid certificate
The CRL are identified with an address (URI), that MAY be embedded in the certificate. When you create the contact, a CRL is downloaded. If later it is out of date, CRYPTONIT may update it. If the CRL verification failed or if there is no CRL al all CRYPTONIT will tell you.
Here is an example of missing CRL
It's your choice to decide to use the contact certificate or not. You should take into account:
- If you are sure the recipient's certificate was not revoked by the owner
- If you require a high security level for this transmission
- Is the CRL distribution point of your recipient reliable enough?
- Have you carefully updated the certification authority certificates (in authorities)
