Receiving the Certificate from the Intended Recipient

The recipient must have already obtained a certificate from a Certificate Authority such as Verisign or Thawte. You can ask the intended recipient to send you his certificate file as an e-mail attachment or via ftp, etc. The recipient uses the Windows Internet Options > Content > Certificates > Certificates > Export tool to create a .cer or .p7b file and sends that file to you.

Verifying the Certificate

You should not use a certificate unless it meets the following requirements:

• It has not expired.
• It was issued by a trusted certification authority (CA) such as Verisign or Thawte. Note that an organization can implement its own CA.
• It positively identifies the person you intend. Use the Windows certificate viewer to check trust and expiration.

You can direct File Encryption to use expired certificates with the key-in SIGNATURE TOGGLEEXPIREDCERTS.

File Protection and References

Each file is protected separately and carries its own set of licenses and rights. Therefore, a master file can be protected while references are not, or vice versa. To protect all files in a set, the author must protect each file individually. In turn this means when opening a file with references attached, a user must acquire a separate license for each reference.

Using certificate-based licenses is as easy for multiple files as for a single file. For password licenses, Bentley recommends that the author assign the same password to all files in a set. The author decides which rights the password should convey in each file individually. This allows the user to open an entire set of files with a single password.