SecretAgent® 6

  • User Interface
  • Features
  • Token Support
  • Additional Info

Creating an Archive

With the new SecretAgent 6.0 platform-independent user interface you can create encrypted archives as easily as you now compose e-mail messages: open a new archive, add individuals (or communities of interest) to its access control list (ACL) just as you would add recipients to an e-mail message, type in an optional message body, and attach the files you wish to encrypt. When you save the archive, the message body and all file attachments are encrypted into a single output file. (Active directory and LDAP address book queries for recipient certificates can be created and/or customized and saved by you, or provided to you by your system administrator.)

The layout of SecretAgent's archive composition window resembles the message composition window of the most popular e-mail clients: a header region provides ACL info, a central text area provides room for the optional message body, and the bottom pane lists the 'attached files' that are to be encrypted:


sa6 archive view

SecretAgent even allows you to work collaboratively on encrypted archives much as you now share office documents: open an archive (thereby locking it for readonly access by others), edit the attached files in their native applications, and then when you close the archive, SecretAgent will automatically detect your changes and offer to re-encrypt the entire archive for the original list of recipients. (At that point you also have the opportunity to revise the recipient list if you so desire.)


Managing Archives

The new ISC Security Console, an integrated framework for SecretAgent, SpyProof!, and other ISC security tools, provides two alternate views of your collection of encrypted archives: a Windows Explorer-like view,


sa6 explorer view


and a more limited 'organizer view' that shows only your (local or remote) encrypted archives:


sa5 organizer view


In either view, clicking on an existing archive to which you have access and entering your private key password will open the archive in a message composition window. You may then read and/or edit the contents. (If someone else already had the archive open, you will be asked if you wish to open it in READONLY mode.) When you close the archve, any changes you might have made are automatically detected and SecretAgent will offer to re-encrypt the archive with its original list of recipients.


Additional Features

For a detailed discussion of various special features see the next tab.

Special Features of SecretAgent 6.0


ISC Security Console GUI

SecretAgent 6.0 is now supplied as a plug-in module within the cross-platform graphical user interface called the ISC Security Console. Additional modules allow the end-user or system administrator to manage their certificate keystores, LDAP directory queries, security policy creation tasks, and even their SpyProof! encrypted virtual disk partitions all from within the same framework. (Which modules are available depends on the software edition the user has licensed; see the Editions tab on the Overview page for details.)


Microsoft Office Suite Integration

Users can now open encrypted Word, Excel, and PowerPoint documents from within the appropriate Office application as well as create new documents and save them in encrypted form. Choosing to save a document as a SecretAgent archive brings up the standard New Archive window so that the user can select recipients, etc.


SA menu in Word 2007

SecretAgent Menu and Toolbar As It Appears in Word 2007


S/MIME v3 CMS Support

SecretAgent now offers CMS as an alternative to the native .SA5 output format. You may create encrypted, or encrypted and signed, messages and exchange them with users of other RFC3852-compliant (S/MIME) applications (e.g., OpenSLL). Encrypted and/or signed message you receive in Microsoft Outlook Express can now be decrypted/validated using SecretAgent.

E-mail Client Integration on Windows

SecretAgent for Windows offers seamless integration with popular e-mail clients. Plug-ins for Microsoft Exchange, Outlook 2000/XP/2003, and Lotus Notes may be downloaded from the SecretAgent Support pages of our website.

SecretAgent also has the ability to send encrypted and/or signed documents using any Windows e-mail application that provides MAPI support.

Integrated Credential Management Tools

Certificate Explorer, now integrated into the ISC Security Console framework, is a certificate store management utility that allows you to create and maintain various local and remote certificate stores and make them available within SecretAgent (and SpyProof!, if that is also installed).

The Credentials Manager imports X.509 certificates for total interoperability with a wide variety of commercial Certificate Authorities (CAs). It can also import and export PKCS#8 private keys and import PKCS#12 private keys, so they can be shared with your other applications.

Certificate extension processing and validation assure proper certificate use, while self-signed certificates allow users to exchange secured information without a formal PKI.

Certificate and CRL processing in all ISC products conform with RFC5280. SecretAgent 6.0.3 passed PKIX interoperability testing at DISA's JITC PKI Certification Lab at Ft. Huachuca and received formal certification of full compliance with the DoD PKI in February 2010. SecretAgent 5.6 first received DoD PKI interoperability certification in September 2002 (JITC compliance certification letter; JITC Interoperability Test Summary).

Keystore Flexibility

SecretAgent supports the following certificate and private key stores:

  • internal proprietary keystore
  • CAPI/CNG (Windows only)
  • PKCS #11 token
  • Entrust (Windows only)
Enhanced LDAP Support

Our certificate retrieval logic now supports administrator-configurable static and dynamic LDAP groups and parametrized LDAP queries. Users and/or administrators can configure live Active Directtory/LDAP queries for remote certificate directory access and optional CRL support with an auto-update feature.

Password-Encrypted Archives

SecretAgent allows you to create PBE-encrypted archives and send them to correspondents who can decrypt them using the free SecretAgent Reader edition once you have communicated the required password. In this mode, no certificates or private keys are required.

Message Authentication / Hashing

When asked to "inspect" any file (with a filename extension other than .sa5, .saa, or .sgn), the GUI now computes and displays the SHA-1 and MD5 message digests of that file. Command line builds can provide MD2, MD5, and SHA-1/256/384/512 message digests for any file.

Built-in DAS Support
SecretAgent Enterprise Edition's native support for ISC's Document Access Servlet (DAS) allows it to be used for server-mediated decryption (providing confidentiality within communities of interest). Role-based authentication and other new DAS-supported schemes are also available to SecretAgent clients when used in conjunction with CSPid.
PolicyAgent Module in Administrator Edition

The PolicyAgent module integrated into Administrator Edition of the cross-platform ISC Security Console framework, allows system administrators to create and digitally sign policy settings documents for disemination to their user base. Policy files provide control over all cryptographic features and most operational settings for all other installed Security Console modules.


PolicyAgent module

Smartcard Support (PKCS#11 Tokens)

SecretAgent for Windows supports a growing number of smartcards and other hardware tokens. The following products have been successfully tested for compatibility:


Tested APIs †
(formerly ActivCard)

ActivCard Gold
ActivIdentity Smart Card

Aladdin eToken Pro 8K, 16K, 64K
eToken R2
A.E.T. Europe SafeSign (G&D STARCOS 2.3)
Covadis S.A. Alya™ reader
Gemalto NV
(formerly Axalto/Schlumberger)

Cryptoflex 16
Cryptoflex 32
.NET 2.0 Card
Access 64K


Gemplus Gemsafe Version 2.x
Gemsafe Version 3.x
GemXpresso 64K


IBM / Lenovo Atmel TPM
nCipher nShield
Oberthur Card Systems DoD CAC
RSA Security SecurID
SafeNet (Rainbow) Luna SA
iKey 2008/2032/3000
Datakey Model 320/330/USB
Saflink/Litronic Forte

FIU-710 Puppy
FIU-810 Puppy

Spyrus Rosetta

†Due to certain limitations in vendor-supplied CAPI CSPs, some functionality (e.g., AES-256) may fail when using the CAPI interfaces to some of these devices. In such circumstances, the vendor-supplied PKCS#11 interface is preferred. Contact ISC for details.

Windows 10 logo     Apple Mac Logolinux logo
SecretAgent Overview
Brochure [PDF]
Support Pages
Contact ISC

Microsoft Partner logo

Red Hat logo

Buy Now button