Situation:
You want to know what types of encryption pcAnywhere 8.x, 9.x, 10.x, and 11 support.

Solution:
pcAnywhere supports three levels of encryption:

• pcAnywhere encryption
• Symmetric encryption
• Public key encryption

pcAnywhere encryption:
Of the three levels of encryption supported in pcAnywhere, pcAnywhere encryption is the least secure. pcAnywhere encryption scrambles the data stream, using a simple mathematical transformation, so that a third party cannot easily interpret it. The data is sent in non-clear-text format. It is designed to prevent someone from reading the pcAnywhere data stream and immediately knowing what is being transmitted. However, if the data stream is captured, a cryptographer could break the encryption without too much effort.

pcAnywhere encryption is intended for users who do not have access to a cryptographic service provider or who want to connect to a computer that uses an older version of pcAnywhere that does not support a higher level of encryption.

Symmetric encryption:
Symmetric encryption is stronger than the pcAnywhere level of encryption. Symmetric encryption encodes and decodes data using the same cryptographic key. When you send data using this method, both the sender and the recipient share the same key. This key is called a session key and is uniquely generated for each pcAnywhere connection. This encryption method is generally faster than public key encryption, but it is not without risk. Because the key is sent with the data, it is possible for someone to intercept the data and discover the key. The recipient has no way of verifying that the data actually came from the person who sent it.

Symmetric encryption is available on any operating system that supports CryptoAPI, such as Windows 98/Me/NT 4.0/2000/XP. For Windows 95, CryptoAPI 1.0 is available with OSR2 or with Microsoft Internet Explorer 3.0 and later.

Depending on which Microsoft Crypto providers have been installed, pcAnywhere uses either 40- or 128-bit cryptographic algorithms. pcAnywhere has no control over how many bits are used for the encryption. This is the responsibility of the Crypto providers.

Public key encryption:
Public key encryption is the strongest form of encryption supported by pcAnywhere. Public key encryption encodes and decodes data using key pairs. A public key encodes the data, and a matching private key decodes it. Both the sender and the recipient each have a key pair. Neither person distributes the private key, so there is no danger of someone else seeing it. When you send data using this method, the initial transmission is done with public key encryption. The data is encoded on the sender's computer using the recipient's public key and decoded on the recipient's computer using the recipient's private key. While the session is protected by public key encryption, a session key (as explained in symmetric encryption) is transmitted to the recipient. This process ensures that the session key is protected, preventing eavesdroppers from capturing it. Once this exchange is complete, the remainder of the session is protected using symmetric encryption to optimize performance. This follows established procedures in which public key encryption is used for signature applications and short data blocks and symmetric key pairs are used for bulk data encryption.

Public key encryption uses certificates to ensure the secure distribution of the public keys. Certificates are digital documents that are issued by a certificate authority. They contain information needed to confirm the identity of the person who holds the public key, as well as the authority that issued it. This encryption method is more secure than symmetric encryption because the key needed to decode the data is never shared. However, this method is slower than symmetric encryption.

pcAnywhere requires Microsoft-compatible certificates. You can obtain personal certificates (or key pairs) from a commercial certificate authority or from an internal certificate server. After a certificate is installed, it appears in the Private Key list on the host and remote connection items' Security Options property page.

Public key encryption requires CryptoAPI 2.0, available in Windows NT 4.0 Service Pack 3, Windows 2000, Windows XP, or Microsoft Internet Explorer 4.0.

---

Note: pcAnywhere Technical Support cannot provide any support for problems with the setup or configuration of public key encryption with pcAnywhere, nor does it support the utilities Certcons.exe and Machkey.exe. All information contained in pcAnywhere documents on public key encryption is provided as-is and should be considered as a guideline only.

---

For detailed information on public/private key encryption with pcAnywhere, refer to the following documents:

• Common questions about symmetric or public key encryption in pcAnywhere
• How to install the Microsoft Crypto API

For information on Crypto and encryption, please refer to the following Microsoft documents:

• How to Obtain 128-bit Encryption for Windows NT Service Packs and Networking Clients--article ID Q158739
• How to Upgrade Internet Explorer to 128-Bit Encryption--article ID Q195833
• Choosing Your Version of Service Pack 4
• Differences Between 128-bit and 40-bit versions of Service Pack 3 & Service Pack 4--article ID Q176820
• Description of Digital Certificates--article ID Q195724
• Description of Symmetric and Asymmetric Encryption--article ID Q246071