"SignEncrypt" application

The SignEncrypt application is accessible from the following icon in the toolbar:

../_images/tab_signencrypt.png

This application allows you to easily sign, verify, encrypt and decrypt files directly from the manager interface. These functionalities are also accessible from the contextual menu of the system File Explorer.

../_images/signencrypt_menu.png

File signature

This operation can be used to sign local files from disk, in CAdES, PAdES or XAdES format.

Input files must be chosen by clicking on the plus_icon icon. Multiple files can be added for batch signing. For each file, the output format can be chosen. Allowed formats are:

  • CAdES enveloped: the original file and the signature are both contained in the output file, and the resulting file uses the CAdES format (based on CMS/PKCS#7). This is the default option, except for PDF files.

  • CAdES detached: only the signature is written in the output file, in CAdES format (based on CMS/PKCS#7). The verification operation will require both the original file and the signature file.

  • PAdES: available only for PDF files, and the default choice for these files. The signature is embedded within the resulting PDF.

  • XAdES detached: only the signature is written in the output file, in XAdES format (based on XML). The verification operation will require both the original file and the signature file.

The destination directory, which will contain the files resulting from the operation, can optionally be chosen by clicking on the dir_icon icon. By default, the destination directory is the directory of the first chosen input file.

The operation is then triggered by clicking the "Sign" button. The next step is to select the signing certificate:

../_images/signencrypt_selcert.png

The "Smart card" tab lets you choose a certificate from a smart card or a cryptographic token, and "System store" lets you choose a software certificate from your local system certificate store or keychain. Note that the certificates need to be valid to be shown. Click on the certificate you want to use and click the "OK" button.

The smart card PIN is then required to continue (unless the certificate comes from the system store).

The resulting files are finally produced, and the summary of the operation is shown:

../_images/signencrypt_signreport.png

File encryption

This operation encrypts files for one or multiple recipients. The output file format is CMS/PKCS#7.

Input files must be chosen by clicking on the plus_icon icon. Multiple files can be added for batch encryption.

The destination directory, which will contain the files resulting from the operation, can optionally be chosen by clicking on the dir_icon icon. By default, the destination directory is the directory of the first chosen input file.

The operation is then triggered by clicking the "Encrypt" button. The next step is to select the recipient certificates. The certificate list is obtained from the inserted smart cards and the contents of the "Other people" system certificate store. Tick the checkbox of the recipient certificates (multiple certificates can be selected), and click the "OK" button.

The resulting files are finally produced, and the summary of the operation is shown:

../_images/signencrypt_encryptreport.png

File signature and encryption

This operation encrypts and signs files for one or multiple recipients. The output file format is CMS/PKCS#7.

Input files must be chosen by clicking on the plus_icon icon. Multiple files can be added for batch operation.

The destination directory, which will contain the files resulting from the operation, can optionally be chosen by clicking on the dir_icon icon. By default, the destination directory is the directory of the first chosen input file.

The operation is then triggered by clicking the "Sign and Encrypt" button. The following step is the selection for the encryption, then for the signing (selected certificates can be different). For encryption, multiple certificates can be selected.

After the certificate selection, the resulting files are finally produced, and the summary of the operation is shown:

../_images/signencrypt_sign_and_encrypt_report.png

Open

This operation verifies and/or decrypt files. For enveloped files, it also recovers the original.

Input files must be chosen by clicking on the plus_icon icon. Multiple files can be added for batch verification.

After the file selection, the token PIN is requested. The files are then verified, and the summary of the operation is shown:

../_images/signencrypt_open_report.png

A validation report can be generated by clicking the validation_report_icon icon. The generated report will open in the default PDF software.

The details of the generation can be shown by clicking on the validation_details_icon button:

../_images/signencrypt_report_details.png