Password Safe and Repository

PKCS#11

PKCS#11

Previous topic Next topic  

PKCS#11

Previous topic Next topic  

With this plugin the Personal, Standard, Professional and Enterprise Edition can be extended by the login with a Token, a Smartcard or another authentication tool. So the login can optionally be made via this Token and therefore no password for the login has to be entered. For the use of a plugin you need a Token, Smartcard or a Middleware which supports the standard gateway PKCS#11. This gateway is supported by nearly all Token, Smartcard or Middleware producers. So you can integrate Password Safe in already existing PKI scenarios in your company. But also private users benefit from increased security by that.

 

Notice that Password Safe only works with certificates which are filed on the Token. Password Safe itself can not create certificates and safe them on the Token. Password Safe only uses existing certificates. To create and coast new certificates please use the tools of the Token producers or of the Middleware.

 

License info: One plugin license has to be bought for each computer/user license. So if you have 20 computer/user licenses you also have to buy 20 plugin licenses.

 

Notice:

Please get to know before if your device or Middleware producer has a PKCS#11 gateway. Basically  we can not take back licenses due to devices which are not supported. As a company you can receive a test license in advance and therefore test your devices for the login at Password Safe.

 

Working manufacturers products which we have tested:

eToken Pro with eToken PKI Client (Producer: Aladdin, PKCS#11-DLL: eTPKCS11.dll)

CardMan 3121 by Omikey with SafeSign Middleware (Producerr: Omnikey, PKCS#11-DLL: aetpkss1.dll)

 

With substantial orders you can directly contact our reseller. Please directly address our sales department. We are pleased to advise you.

 

Setup

You can see how to create a new database with a plugin here.

 

To configure a plugin choose a plugin in the check box in the login window and click on the button on the right side next to the check box.

 

usb_config9

 

Afterwards click on the plugin "Standard PKCS#11" and then click on "properties" in the left array below.

 

usb_config10

 

Afterwards the configuration of the plugin opens. Here you can carry out different settings.

 

usb_config11

 

General

PKCS#11 DLL

Choose the DLL here, which the Token (or Smartcard, or Middleware, and many more) provides for the PKCS#11 gateway. As an example we use an eToken Pro by Aladdin. If you do not know if your Token has got a PKCS#11 gateway please directly ask the producer of your Token.

 

Name

Please enter any name here that you want to give your Token (or Smartcard, and many more). This name will be shown to you in the whole program when you use the device.

 

MessageDelay

Waiting time in milliseconds for the display of messages.

 

1 second = 1000 milliseconds

 

Private keys

If the Token (or Smartcard, and many more) has got private keys please activate this option. Normally only then a PIN entry is requested and only then it will be possible to access secured certificates on the Token.

 

Insert card

Auto login

Here you have the possibility that Password Safe memorizes with which database and with which key a login at the database has to be carried out. If you plug in the USB stick for the second time a database will be opened automatically.

 

Delete auto login

With this you can delete the auto login. The auto login is not active until you logged in the next time.

 

Delete card

Nothing = No action completed

Lock = The database will be locked

Logout = The database will be closed

 

For safety reasons we generally recommend to use the option "Logout". Therefore the database will be completely closed when pulling off the key.

 

Example for a configuration of an eToken Pro by Aladdin:

 

usb_config12

 

If you have carried out the changes click on "Ok" to save the changes.

 

usb_config13

 

If the plugin has been properly configured and the Token (or Smartcard, and many more) plugs in the computer, the attendance will be signalized with a green symbol.

 

If a PIN should be required for the access to the Private Keys you have to enter that PIN when plugging in the Token or at the login on a database.

 

usb_config14

 

As soon as the PIN has been entered the saved certificates for the use in Password Safe are available.

 

usb_config15

 

If you have mistyped the PIN only the Public Keys are shown to you. You can enter the correct PIN again via the button "enter PIN", afterwards also the Private Keys will be shown to you. Then choose the certificate which you want to use for the database. We basically recommend to use only private keys because here you only need to enter one PIN. Public keys can be read at any time without PIN entry and if you should loose your key it would be a security hole. So you better only use private keys for safety reasons.