Enforcing Key Usage
Applicable for Kryptel version 8.0.1 and later, Silver Key version 5.0.1 and later.
Sometimes it may be useful to restrict key usage, specifically, to allow only the keys stored in the Password Manager’s database. This way, long and complex passwords will be guaranteed to be entered correctly.
This feature is also necessary in corporate environment where the employees must use the keys from an approved list only.
If strict enforcing is not required, i.e. if the user is the same person who controls the password database, then it is enough to turn this option on in the Settings panel.
Open the Settings panel and select the Passwords and Keys page. Check the box Accept key material from Password Manager only and press OK.
Enforcing Key Policy (Enterprise Edition only)
The company policy may prohibit using of unapproved keys. In this case the user must not be able to encrypt data with an unauthorized key.
Step 1: Setting up the password database
Run Password Manager, create a password database, and add the keys that the employee is allowed to use. Select File / Exit to finalize the database. The newly created database has the name Passwords.edb and can be found in <Documents>\Kryptel Data\ folder.
Open the directory Program Files\Common Files on the user’s computer.
That directory may have a different name; the actual path is returned by WinAPI function SHGetFolderPath with CSIDL_PROGRAM_FILES_COMMON argument. It can also be found in the system registry – see the parameter CommonFilesDir under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion.
Create a subdirectory Kryptel Data and copy the password database file there.
Step 2: Disabling Unauthorized Keys
As above, it can be done by checking the box. However the user should not be able to uncheck the box back, so this setting must be forced (see Default And Forced Settings).
If this is the only option that you need to force, then you can use a ready-to-use settings file Key Manager.xml. Download and copy it to the folder <Kryptel (Silver Key) installation folder>\Settings\Forced on the user’s computer.
That’s all! The user can now encrypt using only the keys from Password Manager’s database, which in turn can't be modified.
Note that this method relies on Windows access rights and works only if the user is not an administrator and so can’t write to Program Files.