“SignEncrypt” application

The SignEncrypt application is accessible from the following icon in the toolbar:

../_images/tab_signencrypt.png

This application allows you to easily sign, verify, encrypt and decrypt files directly from the manager interface. These functionalities are also accessible from the contextual menu of the system File Explorer.

../_images/signencrypt_menu.png

File(s) signing

This operation can be used to sign local files from disk, in CAdES, PAdES or XAdES format.

Input files must be chosen by clicking on the plus_icon icon. Multiple files can be added for batch signing. For each file, the output format can be chosen. Allowed formats are:

  • Enveloped CAdES: the original file and the signature are both contained in the output file, and the resulting file uses the CAdES format (based on CMS/PKCS#7). This is the default option, except for PDF files.

  • Detached CAdES: only the signature is written in the output file, in CAdES format (based on CMS/PKCS#7). The verification operation will require both the original file and the signature file.

  • PAdES: available only for PDF files, and the default choice for these files. The signature is embedded within the resulting PDF.

  • Detached XAdES: only the signature is written in the output file, in XAdES format (based on XML). The verification operation will require both the original file and the signature file.

The destination directory, which will contain the files resulting from the operation, can optionally be chosen by clicking on the dir_icon icon. By default, the destination directory is the directory of the first chosen input file.

The operation is then triggered by clicking the Sign button. The next step is to select the signing certificate:

../_images/signencrypt_selcert.png

The Smart card tab lets you choose a certificate from a smart card or a cryptographic media, and System store allows you to choose a software certificate contained in the local system’s certificate store or keyring. Note that the certificates need to be valid to be shown. Click on the certificate you want to use and click the “OK” button.

The smart card PIN is then required to continue (unless the certificate comes from the system store).

The resulting files are then produced, and the summary of the operation is shown:

../_images/signencrypt_signreport.png

File(s) encryption

This operation encrypts files for one or multiple recipients. The output file format is CMS/PKCS#7.

Input files must be chosen by clicking on the plus_icon icon. Multiple files can be added for batch encryption.

The destination directory, which will contain the files resulting from the operation, can optionally be chosen by clicking on the dir_icon icon. By default, the destination directory is the directory of the first chosen input file.

The operation is then triggered by clicking the Encrypt button. The next step is to select the recipient certificates. The certificate list is obtained from the inserted smart cards and the contents of the Other people system certificate store. Tick the checkbox of the recipient certificates (multiple certificates can be selected), and click the “OK” button.

The resulting files are finally produced, and the summary of the operation is shown:

../_images/signencrypt_encryptreport.png

File(s) signature and encryption

This operation encrypts and signs files for one or multiple recipients. The output file format is CMS/PKCS#7.

Input files must be chosen by clicking on the plus_icon icon. Multiple files can be added for batch operation.

The destination directory, which will contain the files resulting from the operation, can optionally be chosen by clicking on the dir_icon icon. By default, the destination directory is the directory of the first chosen input file.

The operation is then triggered by clicking the Sign and Encrypt button. The next step is to select the certificates to encrypt and then to sign (selected certificates can be different). For encryption, multiple certificates can be selected.

After the certificate selection, the resulting files are finally produced, and the summary of the operation is shown:

../_images/signencrypt_sign_and_encrypt_report.png

Open signed or encrypted file(s)

This operation verifies and/or decrypt files. For enveloped files, it also recovers the original.

Input files must be chosen by clicking on the plus_icon icon. Multiple files can be added for batch verification.

After the file selection, the PIN of the cryptographic media is requested. The files are then verified, and the summary of the operation is shown:

../_images/signencrypt_open_report.png

A validation report can be generated by clicking the validation_report_icon icon. The generated report will open in the default PDF reader software.

The details of the generation can be shown by clicking on the validation_details_icon button:

../_images/signencrypt_report_details.png