Situation:
You have some questions about symmetric and public key encryption in pcAnywhere.

Solution:

---

Before you begin:
pcAnywhere Technical Support cannot provide any support for problems with the setup or configuration of public key encryption with pcAnywhere, nor does it support the Certcons.exe or Machkey.exe utilities. All information contained in pcAnywhere documents on public key encryption is provided as-is and should be considered as only a guideline.

---

How does encryption work?
Before each connection, the host and remote generate new public and private keys. Immediately upon connection, before any other data is sent, the host sends its public key to the remote and the remote sends its public key to the host. The host encrypts its data stream with the remote's public key and the remote encrypts its data stream with the host's public key.

The remote then decrypts the host's data stream using it's (the remote's) private key, and the host decrypts the remote's data stream using it's (the host's) private key. Even if someone captures the public keys, the transmission is secure because the private key, which is never sent, is required to decrypt the data stream.

How many bits does the encryption use?
The number of bits used to encrypt the pcAnywhere data stream depends on what crypto providers you have installed. If you have installed the 40-bit version of Internet Explorer 4.0 on Windows 9x or you are running the 40-bit version of Windows NT with Service Pack 3 or higher, then you will be using 40 bits to encrypt the pcAnywhere data stream. If you have installed the 128-bit versions of the Internet Explorer 4.0 or Windows NT 4.0, then you will be using 128 bits to encrypt the pcAnywhere data stream.

If you use public key encryption, is all of the data encrypted with that key pair?
The public key is only used to authenticate that you are who you say you are. The pcANYWHERE32 8.0 negotiation phase, including logon names and passwords, is encrypted. Once this authentication has been done, the rest of the data stream is encrypted using a symmetric key pair that the host and remote generate before each connection. This follows established procedures where public key encryption is used for signature authentication and short data blocks. Symmetric key pairs are used for bulk data encryption. This is done for performance reasons.

You are having problems with encryption. Whom do you contact?
pcAnywhere uses the Microsoft CryptoAPI. With the Microsoft CryptoAPI, you can install any third-party cryptographic algorithms that corresponds to Microsoft's CryptoAPI interface. Contact the Cryptographic Service Provider (CSP) if you are experiencing problems with the encryption.

Technical Information:
Related documents
Error: "Crypto API not loaded" when using Symmetric or Public-Key Encryption with pcAnywhere
How to install public key encryption using Internet Explorer
How to install the Microsoft Crypto API



References:
For information on Crypto and encryption, please refer to these Microsoft documents:

• How to Obtain the Microsoft Encryption Pack / Strong Encryption, Article ID: Q158739
• How to Upgrade Internet Explorer to 128-Bit Encryption, Article ID: Q195833
• Choosing Your Version of Service Pack 4
• Differences Between 128-bit and 40-bit versions of SP3 & SP4, Article ID: Q176820
• Description of Digital Certificates, Article ID: Q195724
• MSDN: Cryptography
  
  
  

Document ID: 1999022312571812
Last Modified: 04/09/2004
Date Created: 02/23/1999
Operating System(s): Windows 95, Windows 98, Windows 98SE, Windows NT 4.0, Windows 2000, Windows Me, Windows XP Home, Windows XP Professional
Product(s): pcAnywhere 10.0, pcAnywhere 10.5, pcAnywhere 11.0, pcAnywhere 9.0