PKCS#11
With this plugin the Personal, Standard, Professional and Enterprise Edition can be extended by the login with a Token, a Smartcard or another authentication tool. So the login can optionally be made via this Token and therefore no password for the login has to be entered. For the use of a plugin you need a Token, Smartcard or a Middleware which supports the standard gateway PKCS#11. This gateway is supported by nearly all Token, Smartcard or Middleware producers. So you can integrate Password Safe in already existing PKI scenarios in your company. But also private users benefit from increased security by that.
Notice that Password Safe only works with certificates which are filed on the Token. Password Safe itself can not create certificates and safe them on the Token. Password Safe only uses existing certificates. To create and coast new certificates please use the tools of the Token producers or of the Middleware.
License info: One plugin license has to be bought for each computer/user license. So if you have 20 computer/user licenses you also have to buy 20 plugin licenses.
Notice:
Please get to know before if your device or Middleware producer has a PKCS#11 gateway. Basically we can not take back licenses due to devices which are not supported. As a company you can receive a test license in advance and therefore test your devices for the login at Password Safe.
Working manufacturers products which we have tested:
•eToken Pro with eToken PKI Client (Producer: Aladdin, PKCS#11-DLL: eTPKCS11.dll)
•CardMan 3121 by Omikey with SafeSign Middleware (Producerr: Omnikey, PKCS#11-DLL: aetpkss1.dll)
With substantial orders you can directly contact our reseller. Please directly address our sales department. We are pleased to advise you.
You can see how to create a new database with a plugin here.
To configure a plugin choose a plugin in the check box in the login window and click on the button on the right side next to the check box.
Afterwards click on the plugin "Standard PKCS#11" and then click on "properties" in the left array below.
Afterwards the configuration of the plugin opens. Here you can carry out different settings.
PKCS#11 DLL
Choose the DLL here, which the Token (or Smartcard, or Middleware, and many more) provides for the PKCS#11 gateway. As an example we use an eToken Pro by Aladdin. If you do not know if your Token has got a PKCS#11 gateway please directly ask the producer of your Token.
Name
Please enter any name here that you want to give your Token (or Smartcard, and many more). This name will be shown to you in the whole program when you use the device.
MessageDelay
Waiting time in milliseconds for the display of messages.
1 second = 1000 milliseconds
Private keys
If the Token (or Smartcard, and many more) has got private keys please activate this option. Normally only then a PIN entry is requested and only then it will be possible to access secured certificates on the Token.
Auto login
Here you have the possibility that Password Safe memorizes with which database and with which key a login at the database has to be carried out. If you plug in the USB stick for the second time a database will be opened automatically.
Delete auto login
With this you can delete the auto login. The auto login is not active until you logged in the next time.
Nothing = No action completed
Lock = The database will be locked
Logout = The database will be closed
For safety reasons we generally recommend to use the option "Logout". Therefore the database will be completely closed when pulling off the key.
Example for a configuration of an eToken Pro by Aladdin:
If you have carried out the changes click on "Ok" to save the changes.
If the plugin has been properly configured and the Token (or Smartcard, and many more) plugs in the computer, the attendance will be signalized with a green symbol.
If a PIN should be required for the access to the Private Keys you have to enter that PIN when plugging in the Token or at the login on a database.
As soon as the PIN has been entered the saved certificates for the use in Password Safe are available.
If you have mistyped the PIN only the Public Keys are shown to you. You can enter the correct PIN again via the button "enter PIN", afterwards also the Private Keys will be shown to you. Then choose the certificate which you want to use for the database. We basically recommend to use only private keys because here you only need to enter one PIN. Public keys can be read at any time without PIN entry and if you should loose your key it would be a security hole. So you better only use private keys for safety reasons.