SecretAgent^®
for Windows

SecretAgent now offers CMS as an alternative to the native .SA5 output format. You may create encrypted, or encrypted and signed, messages and exchange them with users of other RFC3852-compliant (S/MIME) applications (e.g., OpenSLL). Encrypted and/or signed message you receive in Microsoft Outlook Express can now be decrypted/validated using SecretAgent.

SecretAgent 5's integration with Microsoft Word, Excel, and PowerPoint, as well as with WordPerfect, allows you to encrypt or sign documents from within these applications. For example, in Microsoft Word you get a new toolbar that makes it easy to run the following macros:

encrypts the current document

signs the document creating a detached .sgn file; to validate this type of signature, use the SecretAgent GUI or double-click the .sgn file in Windows Explorer

signs the document by inserting your digital signature into an embedded graphic at the end of the document; this macro also locks the document against changes

validates an embedded signature, displaying the distinguished name of the signer

removes an embedded signature and unlocks the document

SecretAgent for Windows offers seamless integration with popular email clients. Plug-ins for Microsoft Exchange, Outlook 2000/XP/2003, and Lotus Notes may be downloaded from the SecretAgent Support pages of our website.

SecretAgent also has the ability to send encrypted and/or signed documents using any Windows e-mail application that provides MAPI support.

SecretAgent 5.x for Windows includes an integrated certificate store management utility, called Certificate Explorer 2 (CX2). CX2 allows you to create and maintain various local and remote certificate stores and make them available within SecretAgent.

CX2 also generates PKCS#10 certificate requests and imports X.509 certificates for total interoperability with a wide variety of commercial Certificate Authorities (CAs). CX2 can import and export PKCS#8 private keys and import PKCS#12 private keys, so they can be shared with your other applications.

CX2 also provides live LDAP pulls for remote certificate directory access and optional CRL support with an auto-update feature. The latest version of CX2 also provides access to your local CAPI and remote ActiveDirectory stores so that the same certificates you use with Internet Explorer, Outlook, and other CAPI-based applications, are also available in SecretAgent.

Certificate extension processing and validation assure proper certificate use, while self-signed certificates allow users to exchange secured information without a formal PKI. Certificate processing in CX2 conforms with RFC3280 and has passed interoperability testing at DISA's JITC PKI Certification Lab at Ft. Huachuca and has received formal certification of full compliance with the DoD PKI. (JITC's Interoperability Test Summary.)

   Read more about Certificate Explorer

Our certificate retrieval logic now supports administrator-configurable static and dynamic LDAP groups and parametrized LDAP queries. In an enterprise setting, SecretAgent/Windows can also periodically poll a network server for digitally-signed software updates and revised security policies.

SecretAgent for Windows can be configured by PolicyAgent to periodically poll a specified server for updated (digitally signed) security policies. This mechanism allows an enterprise to "push out" to their end-users updated policies (with new trusted root certificates or new CRL distribution points, say) whenever the situation calls for it. Individual end-user machines need not be reconfigured individually and the update process is completely user-transparent.

SecretAgent can also be configured to automatically poll a server for authenticated software updates.

Automatic encryption allows you to transparently protect sensitive files stored on your PC. Users can specify sets of folders that are automatically encrypted when SecretAgent 5 exits and automatically decrypted when it starts back up. These events can be tied to the Windows startup and shutdown processes.

Note: SpyProof! is a much more transparent solution — files remain encrypted at all times so there is no wait for files to be decrypted and re-encrypted.

SecretAgent 5 allows you to create and send encrypted files to other Windows users who can decrypt them without needing SecretAgent 5. (Support for UNIX target platforms may also be available; contact ISC for details.)

An integrated (FIPS 181-compliant) pronounceable password generator suggests passwords that can be easily remembered, yet cannot be found via an exhaustive on-line dictionary-type attack and hence are extremely difficult to guess. (PKCS#8 "password-based encryption" using TDES is used to protect locally stored RSA and DSA private key files.)

When asked to "inspect" any file (with a filename extension other than .sa5, .saa, or .sgn), the GUI now computes and displays the SHA-1 and MD5 message digests of that file. Command line builds can provide MD2, MD5, and SHA-1/256/384/512 message digests for any file.

SecretAgent 5.9 can also create and decrypt OpenPGP files that you may exchange with users of other OpenPGP-compliant applications. (At this time, digital signatures are not supported with this file format. If you received an encrypted and signed OpenPGP file, SecretAgent will decrypt it but ignore the signature information.) For details, follow these links:

SecretAgent/PGP Interoperability Guidlines
OpenPGP interoperability matrix.

IMPORTANT: OpenPGP is no longer supported in SecretAgent 6.0 and above.