MeSign Forum

SMF - Just Installed!

Lesson 5 – Key Security
Read 2192 times
* October 23, 2019, 06:29:09 AM
Before we start talking about key security of MeSince, let us have a look at the traditional way of encrypting and signing an email. Traditionally, a client certificate is issued to meet two needs, encrypting and signing an email. That is the way almost all public CAs are issuing client certificates.

However, under such an arrangement, Applicants are required to apply, import and exchange client certificates to enable email encryption and signing function on an email client software. Simply the procedure of import and change certificates has scared away most users due to their complexity.

Automation and senselessness are the key factors MeSince focuses on. MeSince believe, to realize senselessness of encryption, all procedures related to encrypting certificate, including certificate application, installation and exchanging, have to be automated. Moreover, in the context of multi-platform, to ensure an user that he can decrypt every one of his emails, all his devices and platforms must share the same encrypting certificate. This requires us to host a server specifically for these encrypting certificates.

As for signing certificate, MeSince does not host any of them on server, in consideration that ansigning certificate that contains identity information containing legal effect too. Thus, if MeSince inherited the traditional way of issuing client certificate, then the innovative email client wouldn't be created. To balance the requirement of encryption and signing, MeSince issues certificates with each of the functions separately, an encrypting certificate and a signing certificate. As described above, the former one is hosted in our server for users to download anytime and the latter is generated in user's device.

Then, how MeSince guarantee the security of certificates that are hosted in the server? The details on protection of encrypting certificates hosted on server is in this link, Here is a summary of it:

1. The default settting for encrypting certificate isn't requiring user to set a Certificate Protection Password, which is a decision made after balancing convenience and key security.
2. For higher level of protection on your security key, you can sign in on our website and set a Certificate Protection password for your encrypting certificate.
Note: Certificate Protection Password is another protection on your encrypting certificate, which do protect the encrypting certificate to extremely secure, but you have to remember one more password.