- Private Key - you should keep privately and use to
- decrypt messages sent to you
- sign messages so that your recipients will be able to verify the signature using your Public Certificate
- Trusted Certificates - a chain of officially Trusted certificates that issued the Public Certificate from direct Issuer up to the Root Trusted Certificate so that anyone can verify the origin of your Public Certificate.
- Public Certificate - the certificate your recipients should use to encrypt private messages sent to you, this certificate is also used when you're sending an encrypted message to yourself, thus it's present in Personal and in Recipient lists of certificates.
Import Private Key (p12, pfx)
The option valid when the User already has got a personal identity in the form of a file P12 or PFX format protected by a Passphrase (can be empty). Usually, it contains a Private Key accompanied by a corresponding Public Certificate.Once the user provides the correct passphrase to decrypt the imported file, Fossa Guard:
- Checks if contained Public Certificate is valid and is issued to the email of logged User, if Yes - the Private Key assigned as the default User's identity
- Adds the corresponding certificate to Recipients list (so the user will be able to send encrypted emails to himself)
Enroll Fossa Certificate
The user has an option to enroll a free Personal Certificate signed by Fossa Certificate Authority (CA). Fossa Guard extension and Fossa CA designed to make the enrollment simple and secure using Enrollment over Secure Transport (EST).
Once the user provides the name (the only mandatory parameter) he can start the procedure
Using TLS connection Fossa Guard securely sends Certificate Request with Public Key inside and gets back Public Certificate signed by Fossa CA
On the final step, Fossa Guard asks the User to enter Passphrase to protect Private Key before storing it with Public Certificate in local Chrome extension storage.
Enroll Self-signed Certificate
On completion self-signed certificate is automatically added to the Personal, Trusted, and Recipient certificates list.
NOTE that self-signed certificates can't be verified checking Issuer certificates, so the user should find the trusted way to share it with his recipients.