3.3. Securing Files

3.3.1. WinCrypt

WinCrypt uses the Microsoft crypto API to encrypt and /or sign files. It will optionnaly create a zip archive of the selected files/folders before signing. It provides a front end to the certificate store, allowing the user to browse the installed certificate store, install and delete certificates and choose the certificate to use for WinCrypt signing.

The procedure for creating a certificate is the same as for Microsoft Outlook. Indeed it uses the same certificate store, you can point WinCrypt to a certificate previously installed for Outlook and vice-versa.

It is possible to verify a WinCrypt signed file filename.sgn using:

openssl smime -verify -inform der -in filename.sgn -CAfile cacert.crt

To sign a file with openSSL in a compatible format use:

openssl smime -sign -outform der -nodetach -out filename.sgn \
-signer certificate.pem -in filename.txt

To view the structure of a signed file:

openssl asn1parse -inform der -in filename.sgn