Document encryption helps to protect the contents of files from unauthorised access: encrypted documents (with the extension .cdoc) can only be opened with the ID-card of a person authorised to do so. The contents of the document will remain protected from everybody else. For instance, encryption is necessary if you forward confidential information via e-mail and wish to maintain the confidentiality of the contents of the files if they should fall into the wrong hands.
This is a temporary solution intended for secure transfer of files, not for long-term storage.
The person who can open encrypted documents is determined by the encrypter:
- To this end, the recipient’s personal identification code is required or the company name or registry code in the case of a legal person.
- NB! If you wish to maintain the ability to use encrypted documents, make sure to include yourself as a recipient.
DigiDoc4 allows you to easily encrypt both digitally signed and unsigned documents. You can also use DigiDoc4 to quickly and conveniently decrypt encrypted files – provided that you are one of the recipients of the encrypted document.
In order to encrypt/decrypt documents, insert your ID-card into an ID-card reader, connect it to a computer and launch DigiDoc4.
Open “CRYPTO” in the left-hand menu in the DigiDoc4 Client in order to encrypt documents. You can add the necessary files by dragging them across the screen or by clicking on “... or load file from disk”. You can encrypt files that have or have not been digitally signed.
The files encrypted at the same time are added into the same container or document envelope. If you use a macOS computer, you will be asked to name the envelope when you add the files. Select a clear and descriptive name, so that the envelope can be easily found and used later.
Windows users don’t have to name the envelope themselves, as it is automatically created and the envelope of the encrypted documents is saved in the same place as the documents that were encrypted.
“Add more files” helps you to add as many documents to the envelope as you want.
After all documents have been added, you must determine the recipients of the envelope:
- In the case of private individuals, you need to know their personal identification codes.
- In the case of legal entities, you need the company’s registration number or the institution’s name.
- NB! If you want to open the encrypted documents later, you must add yourself as a recipient as well!
Make sure that you have added all of the necessary files and recipients before encryption!
Click on “ENCRYPT” if everything is in order.
DigiDoc4 will let you know when the documents were successfully encrypted and the name of the “ENCRYPT” button will change as well: it now says “DECRYPT” (so you can immediately open the document envelope if necessary).
The encrypted document envelope can now be safely shared.
NB! Only the recipients determined by you can open the encrypted documents with their ID-cards or digital IDs. Nobody else can access the content of the documents on their computers.
The .cdoc file extension is used in the case of encrypted files and these files can only be opened by the recipients determined by the encrypter with their ID-card (or other digital document).
NB! You can encrypt documents without an ID-card or other digital identity document. However, you must keep in mind that you cannot open or decrypt encrypted documents with mobile-ID or Smart-ID!
In order to open encrypted files, connect your ID-card to a computer, open DigiDoc4 and check that the data of your ID-card are read correctly. Then double click on the encrypted document envelope.
Encrypted documents are opened in the DigiDoc4 menu “CRYPTO”. The “decrypt” button is active if you have the right to decrypt or open the documents. If the “decrypt” button is active, you don’t have the right to open the documents (or an incorrect card has been inserted into the reader).
If you use both an ID-card and digi-ID: make sure that the correct document is in the card reader! The document you can use to open an encrypted file is shown in small print under the recipient’s name.
Click “DECRYPT WITH ID-CARD”.
You need your PIN1 to open an encrypted file.
Follow the instructions on screen and everything will go smoothly. Don’t forget to save the decrypted files on your computer in a place where you can easily find them later!
NB! When files are decrypted, a copy is made of the contents of the security container in the temporary TEMP (%TMP%, usually Windows → Temp in Windows) directory.
The contents of the TEMP directory are protected from unauthorised access just as well as all the other contents of your computer: if several people use your computer or the content of the encrypted documents is confidential (e.g. it contains someone’s personal data, passwords, etc.), the copies created in the TEMP directory should definitely be deleted!
Document encryption is not meant for long-term storage of files. Encryption is necessary for sending files securely: the received files should be opened and immediately saved in unencrypted format in a place that is safe and protected by other means.
Only the recipients of encrypted documents can open them and only with the same ID-card or digital ID card that was effective at the time he documents were encrypted (i.e. for which the file was encrypted).
Documents that were encrypted earlier cannot be opened with an ID-card that is new and/or has renewed certificates.
If you need access to a document that was encrypted earlier and you cannot open it with your ID-card anymore, you only have one option: ask another addressee of the document to open it.
Therefore, it’s important that enough recipients are added to documents when they are encrypted and that the encrypter themselves is also added as a recipient.