When you opened your first EaSecure message sent to your email address using the corresponding one-time password, a pair of public/private keys was automatically generated. The public key was posted to the EaSecure key server, and the private key was stored on your computer protected by your password. Because EaSecure needs your private key to open and send messages, you cannot open or send EaSecure messages on another computer, unless you export your keys from your original computer into that computer.

Even if you do not want to use EaSecure on other computers, it is still important that you export your keys onto a removable device and keep it in a safe place. This will allow you to have a backup copy of your keys just in case the keys on your computer become lost (e.g. a disk crash).

Exporting Keys

To export keys:

(1) Select "EaSecure Key Manager" under the "Tools" menu to start the EaSecure Key Manager. A picture of the EaSecure Key Manager is shown below:

(2) Select the email addresses whose keys you want to export and click the button. If you do not select any email addresses, all the keys you have on the current computer will be exported.

(3) Select the export options. The following export options are available:

(a) Export the keys unprotected. If you select this option, the keys stored in the export file will not be protected. The advantage of using this export option is that it allows you to recover your keys in case you forget your passwords protecting the keys. However, because the keys are not protected, it is very important that you put the export file onto a removable device and store the device in a safe place that nobody else has access to. Unprotected export files should never be stored on a computer hard drive.

(b) Export the keys as protected by your original passwords. If you select this option, each key stored in the export file will be protected by the corresponding original password. You can use the export file to recover your keys if they are physically lost (e.g. a disk crash or theft of your computer) and you can still remember your passwords. The export file cannot be used to recover the keys if you forget your passwords.

(c) Export the keys with the protection of an additional password. If you select this option, each key stored in the export file will be protected by the original passwords, and in addition, you can specify an "Export File Password" to protect the whole export file. The export file created in this way can be used to transport keys through an insecure channel (e.g. plaintext email) if a strong Export File Password is used. A strong Export File Password should be long and contain random upper and lower case letters, numbers, and non-alphanumerical characters.

If you have selected the unprotected option (a), you will be prompted to enter password for each email address (EaSecure client needs the passwords to decrypt the keys so that the keys can be exported unprotected), and then prompted to specify the path and file name for the export file.

If you have selected the protected option (b), you will only be prompted to specify the path and file name for the export file.

If you have selected the extra-protected option (c), you will be first prompted to create and type an Export File Password (twice), and then be prompted to specify the path and file name of the export file.

After these steps, the keys will be exported to the export file you specify. To exit the Key Manager, click the button.

Importing Keys

To import keys:

(1) Select "EaSecure Key Manager" under the "Tools" menu to start the EaSecure Key Manager.

(2) Click the button. A dialog box will pop up to let you browse folders and find the export file.

(3) Find the export file and click the button.

If the export file was created with the unprotected option (a) described above, the email addresses associated with the keys in the export file will be listed in an "Importing Keys" dialog box shown on the left. Select the email addresses whose keys you want to import and click the button. You will be prompted to create a password (type twice) to protect the key for each email address. This will be the password for opening and sending EaSecure messages on the new computer you have imported the keys into.

If the export file was created with the protected option (b) described above, the email addresses associated with the keys in the export file will be listed in the "Importing Keys" dialog box. Select the email addresses whose keys you want to import and click the button. The keys will be imported and still protected by the original passwords. You need to remember the original passwords in order to open and send EaSecure messages on the new computer you have imported the keys into.

If the export file was created with the extra-protected option (c) described above, you will be prompted to enter the Export File Password you entered when creating the export file. If the Export File Password is correct, the email addresses associated with the keys in the export file will be listed in the "Importing Keys" dialog box. Select the email addresses whose keys you want to import and click the button. The keys will be imported. The keys imported are still protected by the original passwords. You need to remember the original passwords in order to open and send EaSecure messages on the new computer you have imported the keys into.

If the computer you import keys into already has keys, a key will be imported only when that key is newer than the existing key on the computer. When the import action is completed, the key import status for each email address will be displayed:

The following explains the import status:

IMPORTED -  indicates that the email address does not have a key on the current computer and therefore the key file was imported.

UPDATED -  indicates that a key file for that email address already exists, but the export file contains newer keys, and therefore the existing key file was updated to include newer keys from the export file. (You can open both old and new messages using the updated key file.)

REPLACED - indicates that a key for that email address already exists, but that key has been reset. Because the export file contains the new key established after the reset, the existing key file was replaced by the key file from the export file. (After resetting your key, you can only open new messages. You old messages are lost forever.)

SKIPPED -  indicates that the existing key is newer or the same as the key being imported, and therefore,  it was NOT replaced.

FAILED - indicates that the key being imported or the existing key may be corrupted and that the import action failed..