1

WECC Security/Encryption

User Guide

2

Table of Contents

1. Installation .......................................................................................................................... 3

How do I download GPG4WIN? ............................................................................................. 3

2. Setup .................................................................................................................................. 6

3. Creating a Private Key ........................................................................................................ 7

How do I create a private key? ............................................................................................... 7

4. Entering a Passphrase ........................................................................................................ 9

5. Creating a Backup ............................................................................................................ 11

6. Download & Import the WECC Compliance Public Key .................................................... 12

Where and how do I download & import the WECC Compliance Public Key? ...................... 12

7. Encrypting Files ................................................................................................................ 15

How do I encrypt a file? ........................................................................................................ 15

8. Contact Information .......................................................................................................... 17

3

WECC Security/Encryption User’s Guide

1. Installation

How do I download GPG4WIN?

1. Close all programs currently running on your computer

2. Download GPG4WIN 2.1.0 from http://www.gpg4win.org/

3. The installation assistant will start and ask you for the language to be used with the installation process.

4. Confirm your language selection by [Clicking OK]

5. Afterwards you will see the welcome dialog box.

6. The next page displays the licensing agreement - it is only important if you wish

4

to modify or forward Gpg4win. If you only want to use the software, you can do this right away, without reading the license. [Click on Next]

The page that contains the selection of components will allow you to decide which programs you want to install. A default selection has already been made for you. You can also install individual components at a later time.

Moving your mouse cursor over a component will display a brief description. Another useful feature is the display of required hard drive space for all selected components. The only components necessary to sign and Encrypt data with GPG4WIN are GnuPG, Kleopatra, and GpgEX, as illustrated below. [Click on Next]

7. The system will suggest a folder for the installation, e.g.: C:\Programme\GNU\GnuPG. You can accept the suggestion or select a different folder for installing Gpg4win. [Click on Next]

5

8. Now you can decide which links should be installed - the system will automatically create a link with the start menu. You can change this link later by using the Windows dashboard settings. [Click on Next]

9. If you have selected the default setting, which links with start menu, you can define the name of this start menu on the next page or simply accept the name. [Click on Install]

10. During the installation process that follows, you will see a progress bar and information about which file is currently being installed. You can press “Show details” at any time to show the installation log. Once you have completed the installation, [Click Next]

6

11. When the screen shown below appears, check the Box Root certificate defined or skip configuration. [Click Next] The last page of the installation process is shown once the installation has been successfully completed.

2. Setup

1. You have the option of displaying the README file, which contains important information on the Gpg4win version you have just installed. If you do not wish to view this file, deactivate this option. [Click on Finish]

7

In some cases, you may have to restart Windows. In this case, you will see the following page.

Now you can decide whether Windows should be restarted immediately or manually at a later time.

3. Creating a Private Key

How do I create a private key?

1. Open Kleopatra using the Windows start menu:

You will see the main Kleopatra screen (the certificate administration).

At the beginning, this overview will be empty, since you have not created or imported any certificates yet. [Click on file and select New Certificate]

8

2. When you see the following dialog, select the format for the certificate. Choose

the following: Open PGP (PGP/MIME) in the certificate option dialog, [Click on “Create personal Open PGP key pair”]

3. Enter your e-mail address and name in the appropriate fields. (Name and e-mail address will be made publicly visible later.)

You also have the option of adding a comment for the key pair. Usually, this field stays empty, but if you are creating a key for test purposes, you should enter "test" so you do not forget it is a test key. This comment becomes part of your login name, and will become public along with your name and e-mail address.

If you first wish to test your Open PGP key pair, simply enter any name and fictional e-mail address, e.g.: “Heinrich Heine” heinrich@gpg4win.del

[Click on advanced settings]

Change the RSA Key from the default, 2,048 bits, to 3,072 bits. [Click OK]

9

4. Next, you will see a list of all of the main entries and settings for review purposes. If you are interested in the (default) expert settings, you can view these via the Show all details option. If everything is correct, [Click “Create Key”]

4. Entering a Passphrase

Now for the most important part: entering your passphrase!

1. To create a key pair, you must enter your personal passphrase. *Note: this window may have been opened in the background and is not visible at first.

10

If the passphrase is not secure enough because it is too short or does not contain any numbers or special characters, the system will alert you.

To ensure you did not make any typing errors, you will be prompted you to enter your passphrase twice. Always confirm your entry by [Clicking OK]

2. Your Open PGP key pair will now be created. This may take a couple

of minutes. You can assist the creation of the required random numbers by entering information in the lower input field. The information entered is not important, as the characters will not be used and only the time period between each keystroke will matter. You can also continue working with another application on your computer, which will also slightly increase the quality of the new key pair.

3. When the key pair creation is successful, you will see the following dialog. [Click

Finish]

The 40-digit "fingerprint" of your newly generated Open PGP certificate will be displayed in the results text field. This fingerprint is unique anywhere in the world (i.e., no other person will have a certificate with the same fingerprint). Actually, even at 8 digits it would already be quite unlikely that the same sequence would ever occur twice. For this reason, it is often only the last 8 digits of a fingerprint which are used or shown, and are described as the key ID. This fingerprint identifies the certificate as well as the fingerprint

11

of a person.

However, you do not need to remember or write down the fingerprint; you can also display it later in Kleopatra's certificate details.

5. Creating a Backup

1. To create a backup copy of your (private) certificate, enter the path under which your full certificate containing your new key pair should be exported.

2. Kleopatra will automatically select the file type and store your certificate as an .asc or.gpg file, depending on whether you activate or deactivate the ASCII armor option. For Export [Click OK]

Important: If you save the file on the hard drive, you should copy the file to another data carrier (USB stick, diskette or CD-ROM) as soon as possible, and delete the original file without a trace. Do not leave it in the Recycle bin! Keep this data carrier and back-up copy in a safe place.

You can also create a back-up copy later; to do this, select the following from the Kleopatra main menu: File -> Export private certificate.

This completes the creation of your Open PGP certificate. End the Kleopatra assistant with by [Clicking Finish]

12

6. Download & Import the WECC Compliance Public Key

Where and how do I download & import the WECC Compliance Public Key?

1. Click on the below link below to download WECC Compliance Public Key

http://www.wecc.biz/compliance/Pages/Security.aspx

You can also download WECC Compliance Public Key by going to http://keyserver.pgp.com and searching for compliance@wecc.biz

13

2. Click “Download” to download the WECC Compliance Public Encryption Key. The Key will have an .asc file extension and you can rename the file to a name that makes sense to you, but keep the .asc file extension.

Open Kleopatra [Click on File] and Import Certificates.

3. A window will pop up and you will need to browse to the location of the saved WECC Compliance Public Key.asc file. [Click OK]

4. In Kleopatra, click on the “Imported Certificates” and you will see the WECC Compliance Imported Key.

14

5. If you would like to verify WECC’s Compliance Key Fingerprint, you can go to the “Other Certificates” tab and highlight the Compliance Key and [Right Click], then select “Certificate Details.”

6. WECC Compliance Key Fingerprint

15

7. Encrypting Files

How do I encrypt a file?

1. Select one or more files or folders and use the right mouse button to select the context menu. You will choose the “Sign and encrypt” option.

2. In the next window, select the option “Sign and Encrypt.” [Click Next]

3. In the following dialog, if not already selected by default, select your key and WECC’s Public Key. [Click Add]

16

The key will appear in the bottom window.

4. Now confirm your selection by clicking “Sign & Encrypt” and enter your passphrase in the pin entry dialog.

Once the signing process has completed successfully, the following window will appear.

You have now successfully encrypted the file.

17

The file/folder that was encrypted will be copied to a single file with the original name and extension of .GPG. Upload this file to WECC EFT Server using your authentication credentials.

8. Contact Information If you have questions, contact Morgan King at mking@wecc.biz or 801.819.7675

Revision History

Version Date Editor Revision Description 1 06/09/2011 Morgan King Initial Draft 2 10/12/2011 Jennifer Salisbury Inserted TOC