Home

SafeNet Authentication Client (Linux) User's Guide

1. View Token Information provides detailed information about the token Pp View Token Information Disconnect SafeNet eToken Virtual disconnects the SafeNet eToken Virtual or SafeNet eToken Rescue with Disconnect SafeNet eToken Virtual an option for deleting it Advanced View The Advanced View provides additional token management functions To see the advanced view click the Advanced View icon in the Simple View The left pane provides a tree view of the different objects to be managed The tree expands to show objects of inserted tokens When you select an object the relevant functions are available by clicking on the icons in the right pane or by right clicking on the object and selecting the required function from the menu SafeNet Authentication Client Tools Main Screen 13 Advanced View Functions You can access the advanced functions by selecting the required object from the left pane in the Tools Advanced View window Tokens Node When you select the Tokens node the list of attached tokens is displayed in the right pane SafeNet Authentication Client Tools Safe SafeNet Authentication Client My Token amp SafeNet Authentication Clien 3 testl eToken Virtual E amp My Token amp B User Certificat a Bl CA Certificates We Settings S testl is Settings 5 3 eToken Virtual We Settings Bk Client Settings www safenet inc com Tokens connected
2. SafeNet Authentication Client enables the implementation of strong two factor authentication using standard certificates as well as encryption and digital signing of data Generic integration with PKCS 11 security interfaces enables out of the box interoperability with a variety of security applications offering secure web access PC and data security secure email and more PKI keys and certificates can be created stored and used securely from within token hardware or software devices SafeNet Authentication Client can be deployed and updated using any standard software distribution system The SafeNet Authentication Client Tools application is installed by the SafeNet Authentication Client providing easy to use configuration tools for users and administrators New Features The following features were introduced in SafeNet Authentication Client 8 0 for Linux Support for eToken NG Flash 5 3 Support for eToken NG Flash 5 3 Anywhere in PKI mode only Support for upgrade from previous version SafeNet Chapter 2 SafeNet Authentication Client User Interface This section describes how to find your way around the SafeNet Authentication Client user interface In this chapter m Overview of SafeNet Authentication Client User Interface m SafeNet Authentication Client Tray Icon m SafeNet Authentication Client Tools Main Screen 4 Overview of SafeNet Authentication Client User Interface Administrators use Safe
3. Overview of Token Initialization m Initializing a Token 22 Overview of Token Initialization The token initialization option restores a token to its initial state It removes all objects stored on the token since manufacture frees up memory and resets the token password allowing administrators to initialize the token according to specific organizational requirements or security modes Initializing a token is useful for example after an employee has left a company It completely removes the employee s individual certificates and other personal data from the token preparing it to be used by another employee The following data is initialized m Token Name m Token Password Administrator Password optional Login retries before token is locked for token and administrator passwords m Token Password must be changed on first logon m Initialization key Using customizable parameters you can select specific parameters that will apply to certain tokens These parameters may be necessary if you wish to use the token for specific applications or if you require a specific user or administrator password on all the tokens in the organization Initializing a Token To initialize a token 1 Click Initialize Token on the toolbar or right click the token name in the left pane and select Initialize from the shortcut menu The Initialize Token window opens Initializing a Token 23 IS Initialize Token Safe S
4. Token Content This option will delete all your data from the token Click OK to continue Cancel 2 To continue with the delete process click OK else click Cancel The Log On window opens 3 Enter the token password and click OK The Delete Token Content window opens confirming that the delete process has been successful 4 Click OK to finish Viewing Token Information To view token information 1 Open SafeNet Authentication Client Tools 2 Inthe left pane of the Tools window select the required token 3 Click View Token Information in the right pane Reader Settings 49 The Token Info window opens Token Info My Token Token category Reader name AKS ifdh 00 00 Serial number 0x003ef830 Total memory capacity 73728 Free space 32767 Hardware version 4 29 Firmware version N A CardiD 00 3e f8 30 Product name eToken PRO Java 72K 05755 Model Token 4 29 1 1 0 0 0 Card type Java Card OS version eToken Java Applet 1 0 37 Mask version N A Color Blue Supported key size 2048 Token password Present Token password retries remaining 15 Maximum token password retries 15 Administrator password Present Copy to Clipboard l Reader Settings During SafeNet Authentication Client installation four virtual smart card and two SafeNet eToken Virtual readers are installed The number of available hardware and software readers is configured by your system ad
5. cer Cancel 4a Select the certificate file to import and click Open If the certificate requires a password the Password dialog box opens 5 PFX or P12 Password Safe SafeNet Authentication Client Password 8 Enter the certificate password Exporting a Certificate from a Token 37 A window opens asking if you want to store the CA certificates on the token Import operation Do you want to store all CA certificates on the token 9 Select Yes or No All requested certificates are imported and a confirmation message opens Exporting a Certificate from a Token A physical token or SafeNet eToken Virtual exports only the certificate without its key Note In Linux it is possible to export only to cer format To export a certificate 1 Open SafeNet Authentication Client Tools 2 Click the Advanced View icon 3 Inthe left pane of the Advanced View window select the required certificate and click the Export Certificate icon The Save As window opens Look in a iroot z O 0 A EB B Date Modified Folder Dec 23 2009 9 21 Folder Jun 19 2010 5 33 3 Folder Apr 11 2009 2 06 Folder Apr 8 2010 8 05 5 Folder Aug 12 2009 7 51 File name Files of type cer files cer gt Cancel YZ 4 Select the location to store the certificate enter a file name and click Save Note The certificate file must be DER encoded or Base64 not PKCS
6. enhance performance This option defines when private information excluding private keys on the physical token can be cached outside the token Select one of the following options m Always fastest always caches private information in the application memory This enables fast performance as certain information is cached on the host machine However this option is less secure than if no cache is allowed m While user is logged on caches private data outside the token as long as the user is logged on to the token Once the user logs out all the private data in the cache is erased m Never does not cache private data Initializing a Token 27 Field Continued RSA key secondary authentication Description Continued An authentication password may be set for an RSA key If this option is used then in addition to having the token and knowing the token s password accessing the RSA key requires knowing the password set for that particular key This option defines the policy for using this secondary authentication of RSA keys m Always every time an RSA key is generated you are prompted to enter a secondary password for accessing this key Clicking OK generates the key and uses the entered password as the secondary RSA password for that key Clicking Cancel causes key generation to fail m Always prompt user every time an RSA key is generated a secondary password for accessing this key is requested Ho
7. on page 34 ty Change Password Change Password See Changing the Token Password on on page 39 Ea Rename Token Rename See Renaming a Token on on page 41 Z Disconnect SafeNet eToken Disconnect Virtual See Disconnecting SafeNet eToken Virtual or SafeNet eToken Rescue on on page 53 Copy to Clipboard Not available See Copying Token Information to the Clipboard on page 41 B Some functions are available only if an administrator password has been set for the token The administrator icons are located on the right of the window enclosed within a border Administrator Function Icon Right Click Menu Item Log On as Administrator Log On as Administrator See Logging On to a Token as an Administrator on page 34 el Change Administrator Change Administrator Password Password See Changing the Administrator Password on page 42 Fi Unlock Token Unlock See Unlocking a Token using Challenge Response N on page 45 Set Token Password Set Token Password is activated only when you have logged on to the token with an administrator password See Unlocking a Token Using Set Token Password on page 44 el SafeNet Authentication Client Tools Main Screen 17 User Certificates If the token contains certificates a User Certificates node is displayed in the left pane under the token Information about the certificates on the token is displayed in the
8. the token and you will be asked to enter the password if it exists protecting the PFX file Importing a Certificate onto a Token 35 In the case of a CER file which contains only X 509 certificates the program checks if a private key exists on the token If the private key is found the certificate is stored with it If no private key is found then you are asked if you want to store the certificate as a CA certificate Note It is not possible to import a certificate onto SafeNet eToken Rescue To import a certificate 1 Open SafeNet Authentication Client Tools 2 Click the Advanced View icon 3 Inthe left pane of the Advanced View window select the required token 4 Do one of the following Inthe left pane of the Advanced View window select the required token and click the Import Certificate icon Inthe left pane of the Advanced View window right click the required token and select Import Certificate from the menu The Import Certificate window opens S Import Certificate My Token Safe SafeNet Authentication Client C Import a certificate from my personal certificate store Cancel 5 Select the following Import a certificate from a file 6 Click OK The Choose a certificate dialog box opens Certificate Selection Look in root Desktop for shalini certs A E E Exp 9 testcert 1 pfx testcert pfx File name Files of type Certificates pfx p12
9. then be required to set a password meeting password quality requirements as configured in the settings window See Setting Password Quality on page 58 To initialize an administrator password select Set Administrator Password and enter a password in the Set Administrator Password and Confirm fields Minimum password length is 4 characters Note Creating an administrator password enables certain functions to be performed on the token such as resetting a token password on a locked token In the Logon retries before token is locked field enter a value between 1 and 15 This counter specifies the number of times the user or administrator can attempt to log on to the token with an incorrect password before the token is locked The default number of incorrect logon attempts is 15 If required select Token Password must be changed on first logon This is selected by default If you want to configure advanced settings continue from the next section see Configuring Advanced Initialization Settings Click Start When the initialization process is complete a confirmation message is displayed Initializing a Token 25 Configuring Advanced Initialization Settings To configure advanced settings 1 In the Initialize Token window click Advanced The Advanced Token Initialization Settings window opens Advanced Token Initialization Settings SafeNet Authentication Client Private data caching W Password quality s
10. therse eit ktesteen 32 Logging On to a TOREN ir vernederend 32 Importing a Certificate onto a TOKEN nunensnarranen serveer anernensensaen steenen 34 Exporting a Certificate from a Token nanne ennen vens 37 Deleting a GEMS L zussen tenen ee 38 Changing the Token Password aaneen ennen ensenvensensenvensensenenn 39 Renaming a TOK GD assen rn ee neat e altel 41 Copying Token Information to the Clipboard neen 41 Changing the Administrator Password anneer ennen ens enrenvensensenvenven 42 Unlocking a TOKEN iida a a a eel at 44 Unlocking a Token Using Set Token Password nnen venen 44 Unlocking a Token using Challenge Response nnen enen 45 Deleting Token Content recente eer the annen nen 47 Viewing Token Information ics eraser serveren nende de ea terne 48 Reader Settings re gestencilde meetelden tte 49 SafeNet eToken Virtual annanannaanenensennenensensenennenneaenenne 51 Overview of SafeNet eToken Virtual and SafeNet eToken Rescue 52 Using SafeNet eToken Virtual SafeNet eToken Rescue to Replace a Lost Token 52 Connecting SafeNet eToken Virtual or SafeNet eToken Rescue 53 Disconnecting SafeNet eToken Virtual or SafeNet eToken Rescue 53 Unlocking SafeNet eToken Virtual anneer ennensensennenvensenrenvenven 54 Generating a One Time Password OTP ananas ensenventeneenenn 55 Token Settings cs fetes enenekeeee enden enne eenderde 57 Setting Password QUAY rasteren eender eee 58 setting Private Data Caching nrs ereteke
11. tray menu enable you to configure the options that control the use of token devices In this chapter m Selecting the Active Token m Logging On to a Token Importing a Certificate onto a Token m Exporting a Certificate from a Token m Deleting a Certificate m Changing the Token Password m Renaming a Token Copying Token Information to the Clipboard m Changing the Administrator Password m Unlocking a Token m Deleting Token Content m Viewing Token Information m Reader Settings 32 Selecting the Active Token If more than one token is attached you must select which device you want to work with Note The token selected here is relevant only for tray menu functions To select the active token 1 Click the application tray icon Ls 2 Select Tokens A list of inserted tokens is displayed mn a Tools Delete Token Content Change Token Password My Token My Token About Hide 3 Select the required token Logging On to a Token You can log on to a token as a user or as an administrator An administrator has limited permissions on a token No changes to any user information may be made nor may the user s security be affected The administrator s functions are restricted to Change Administrator Password Set Token Password Unlocking Token using Challenge Response and Change Password Quality Settings that are stored on the token Logging On to a Token 33 Logging On to a Token as a User To log o
12. 3 The following functions are available Function Icon Right Click Menu Item Reader Settings See Reader Settings on page 49 Reader Settings on page 52 Connect SafeNet eToken Virtual See Overview of SafeNet eToken Virtual and SafeNet eToken Rescue Connect SafeNet eToken Virtual Attached Tokens The names of the tokens are displayed in the left pane When you select a token information about the token is displayed in the right pane and the name of the token reader is displayed in the tool tip Safe amp SafeNet Authentication Clien a Tokens ih Settings amp amp testl ik Settings B eToken Virtual Wi Settings Client Settings SafeNet Authentication Client Tools SafeNet Authentication Client Total memory capacity size a www safenet inc com EIS E My Token a Hardware AKS ifdh 00 00 0x0042dlee 73728 32767 SI N A 00 42 d1 ee eToken NG FLASH 1G Java 72K Token 5 1 1 0 0 0 0 Java Card eToken Java Applet 1 0 37 N A Blue 2048 x SafeNet Authentication Client Tools Main Screen 15 The following user functions are available User Function Icon Right Click Menu Item Initialize Token Initialize See Token Initialization on page 21 e7 User Logon to Token Log on See Logging On to a Token as a User on page 33 Import Certificate Import Certificate See Importing a Certificate onto a Token
13. 7 Deleting a Certificate You can remove a certificate from a token To delete a certificate from a Token Open SafeNet Authentication Client Tools Click the Advanced View icon 3 Do one of the following Inthe left pane of the Advanced View window expand the required token select the required certificate and click the Delete Certificate icon Changing the Token Password 39 Inthe left pane of the Advanced View window expand the required token right click the required certificate and select Delete Certificate from the shortcut menu The Delete Certificate window opens Delete Certific ate This will delete the certificate Are you sure 4 Do one of the following To cancel the deletion click No To delete the certificate click Yes Changing the Token Password All the manufactured token devices are configured with the factory initial password 1234567890 To ensure strong two factor security it is important for the user to change the token password to a private token password as soon as the new token is received When a token password has been changed the new password is used for all token applications involving the token It is the user s responsibility to remember the token password Without it the user cannot use the token Note The token password is an important security measure in safeguarding your company s private information The best passwords are at least eight charac
14. Net Authentication Client Tools to set token policies Users use Tools to perform basic token management functions such as changing passwords and viewing certificates on the tokens In addition Tools provides users and administrators with a quick and easy way to transfer digital certificates and keys between a computer and a token Tools includes an initialization feature allowing administrators to initialize tokens according to specific organizational requirements or security modes and a password quality feature which sets parameters to calculate a token password quality rating CAUTION Do not remove the token from the USB port during an operation This may cause corruption of data on the token Tools provides information about the token including its identification and capabilities It has access to information stored on the token such as keys and certificates and enables management of content such as password profiles To launch the application do one of the following m Right click the application tray icon SL and select Tools from the menu Double click the application tray icon From Linux desktop select Applications gt SafeNet gt SafeNet Authentication Client gt SafeNet Authentication Client Tools The SafeNet Authentication Client Tools window opens Overview of SafeNet Authentication Client User Interface 5 SafeNet Authentication Client Tools Safe SafeNet Authentication Client My Token f Ren
15. SafeNet Authentication Client Linux User s Guide Version 8 0 Revision A Safe Net Copyright 2010 SafeNet Inc All rights reserved All attempts have been made to make the information in this document complete and accurate SafeNet Inc is not responsible for any direct or indirect damages or loss of business resulting from inaccuracies or omissions The specifications contained in this document are subject to change without notice SafeNet and SafeNet Authentication Client are trademarks of SafeNet Inc All other trademarks brands and product names used in this Manual are trademarks of their respective owners SafeNet Hardware and or Software products described in this document may be protected by one or more U S Patents foreign patents or pending applications For details of FCC Compliance CE Compliance and UL Notification please contact SafeNet Support Support We work closely with our reseller partners to offer the best worldwide technical support services Your reseller is the first line of support when you have questions about products and services However if you require additional assistance you can contact us directly at Telephone You can call our help desk 24 hours a day seven days a week USA 1 800 545 6608 International 1 410 931 7520 Email You can send a question to the technical support team at the following email address support safenet inc com Website You can submit a questio
16. Settings SafeNet Authentication Client Tools Safe SafeNet Authentication Client Password Quality Advanced Minimum password length characters SafeNet Authentication Clien Maximum password usage period days a Tokens Minimum password usage period days amp My Token Password expiration warning period days amp B User Certificat password history size CA Certificates 2 AR 3 H T Settings Maximum character repetitions in a password testl The password must comply with the password complexity rules At least 3 rules 4 i Settings Manual Complexity Rules ae eToken Virtual Numerals Permitted gt it Settings Upper case letters Permitted J Client Settings Lower case letters Permitted Special Characters Permitted Set to Default Save Discard www safenet inc com Client Settings Password Quality To set the Client Settings Password Quality 1 Open SafeNet Authentication Client Tools 2 Select Client Settings in Advance View See Opening SafeNet Authentication Client Settings on page 66 Copying CA Certificates to a Local Store 67 3 Select the Password Quality tab 4 Change the password quality settings Tip The SafeNet Authentication Client Settings password quality is configured in the same way as the token password quality settings See Setting Password Quality on page 58 5 Do one of the following To save your changes click Save To ignore your chang
17. Tools Safe SafeNet Authentication Client Password Quality Advanced Minimum password length characters SafeNet Authentication Clien Maximum password usage period days a Tokens Minimum password usage period days amp My Token Password expiration warning period days gi E User Certificat Password history size a I CA Certificates Ae ER Settings Maximum character repetitions in a password testl The password must comply with the password complexity rules Wi Settings Manual Complexity Rules eToken Virtual Numerals Permitted 4 ih Settings Upper case letters Permitted SJ amp dient Settings Lower case letters Permitted Special Characters Permitted Sj Set to Default Save Discard Logged on as user Setting Password Quality 59 Enter the password quality parameters as follows Password Quality Parameter Description Minimum password length characters Default 6 characters Maximum password usage period days The maximum period before which the password must be changed Default 0 none Minimum password usage period days The minimum period before the password can be changed Default 0 none Password expiration warning period days Defines the number of days before the password expires that a warning message is shown Default 0 none Password history size Defines how many previous passwords should not be repeated Defau
18. afeNet Authentication Client Token Name My Token porren Logon retries before token is W Set Token Password g fis locked Confirm pe I Set Administrator Password Logon retries before token is 15 Confirm locked Note An Administrator Password will be needed to unlock the token Additional Settings W Token Password must be changed on first logon Advanced 2 Enter a name for the token in the Token Name field If no name is entered the default name My Token is applied 3 Select Set Token Password to initialize the token with a token password Otherwise the token is initialized without a token password and it will not be usable for SafeNet eToken applications 24 If Set Token Password is selected enter a new token password in the Set Token Password and Confirm fields Note The default password for a new token is 1234567890 If the user uses the default password during initialization and default password quality requirements are used the user must select the Token Password must be changed at first logon option Otherwise the initialization will fail as the default password will not meet default password quality requirements See Setting Password Quality on page 58 If the Token Password must be changed at first logon field is selected the initialization will succeed and the user will be prompted to set a new token password when next logging on with the token The user will
19. ame Token E Ht Change Token Password E na Unlock Token E Delete Token Content eToken Virtual E 19 View Token Information Disconnect SafeNet eToken Virtual www safenet inc com testl Ci C 6 SafeNet Authentication Client Tray Icon The SafeNet Authentication Client tray icon gives you quick access to many of the functions in the application Launching the Tray Menu To access the tray menu m Click the application tray icon Sl The tray menu opens Tools Generate OTP Delete Token Content Change Token Password Tokens gt About Hide Tray Icon Menu The following functions can be accessed quickly from the tray icon menu Tools launches SafeNet Authentication Client Tools Generate OTP generates OTP for SafeNet eToken Virtual This function is available only if SafeNet eToken Virtual is configured to support this function Delete Token Content removes the deletable data from the token Change Token Password changes the token password Tokens provides the option to select the active token when more than one is inserted About displays product information m Hide hides the icon SafeNet Authentication Client Tools Main Screen 7 Hiding and Unhiding the Tray Icon To hide the tray Icon m Click the application tray icon and select Hide To unhide the tray menu Do one of the following m Remove and re insert the token Re boot the computer SafeNet Authe
20. arameters may be changed after initialization This option is selected by default Allowing only an administrator to configure password quality on token 69 To allow password quality configuration on token after initialization Open SafeNet Authentication Client Tools Select Client Settings in Advance View See Opening SafeNet Authentication Client Settings on page 66 Select the Advanced tab Select Allow password quality configuration on token after initialization Do one of the following To save your changes click Save To ignore your changes click Discard Allowing only an administrator to configure password quality on token The Allow only an administrator to configure password quality on token option defines whether the password quality parameters may be changed after initialization by the administrator or if unchecked by the user This option is selected by default To allow only an administrator to configure password quality on token 1 2 3 Open SafeNet Authentication Client Tools Select Client Settings in Advance View See Opening SafeNet Authentication Client Settings on page 66 Select the Advanced tab Do one of the following To enable configuration by administrator check Allow only an administrator to configure password quality on token To enable configuration by user uncheck Allow only an administrator to configure password quality on token Do one of the followin
21. d a secondary password for accessing this key is requested However the user can choose to dismiss the prompt by clicking Cancel and key generation will continue without using a secondary password for the generated RSA key Prompt on application request This enables applications that use secondary authentication for RSA keys to make use of this feature on the token when creating the key in Crypto API with a user protected flag Never Secondary passwords are not created for any RSA key and the authentication method uses only the token password to access the key 6 Do one of the following To save your changes click Save To ignore your changes click Discard SafeNet Chapter 7 SafeNet Authentication Client Settings The SafeNet Authentication Client Settings set the parameters that apply to all tokens that are initialized after the settings have been configured In this chapter m Opening SafeNet Authentication Client Settings m Client Settings Password Quality m Copying CA Certificates to a Local Store m Allowing password quality configuration on token after initialization Allowing only an administrator to configure password quality on token 66 Opening SafeNet Authentication Client Settings To open SafeNet Authentication Client Settings 1 Open SafeNet Authentication Client Tools 2 Click the Advanced View icon 3 In the left pane of the Advanced View window select Client
22. ecified time period Using SafeNet eToken Virtual SafeNet eToken Rescue to Replace a Lost Token To use SafeNet eToken Virtual SafeNet eToken Rescue to replace a lost token the SafeNet eToken Virtual SafeNet eToken Rescue must be enrolled using the Token TMS Client For more details refer to the Token TMS Client documentation Connecting SafeNet eToken Virtual or SafeNet e Token Rescue 53 Connecting SafeNet eToken Virtual or SafeNet eToken Rescue To connect SafeNet eToken Virtual or SafeNet eToken Rescue 1 2 3 Open SafeNet Authentication Client Tools Click the Advanced View icon Select Tokens in the left pane Click the Connect SafeNet eToken Virtual icon S or right click Tokens and select Connect SafeNet eToken Virtual from the shortcut menu Navigate to the SafeNet eToken Virtual file etvp or SafeNet eToken Rescue file etv and click it The SafeNet eToken Virtual SafeNet eToken Rescue file is added Click OK Disconnecting SafeNet eToken Virtual or SafeNet eToken Rescue When the SafeNet eToken Virtual is no longer necessary disconnect it from its attached reader To disconnect SafeNet eToken Virtual or SafeNet eToken Rescue 1 2 3 Open SafeNet Authentication Client Tools Click the Advanced View icon Select the SafeNet eToken Virtual or SafeNet eToken Rescue to be disconnected and do one of the following Inthe left pane right click and select Disconnect Inthe right pa
23. es click Discard To return to default settings click Set to Default Copying CA Certificates to a Local Store CA certificates can be downloaded onto a token When the token is inserted into the computer one or more of these CA certificates may not be on the computer In such a case the CA certificate may be loaded onto the computer This option is selected by default To open CA certificate management 1 Open SafeNet Authentication Client Tools 2 Select Client Settings in Advance View See Opening SafeNet Authentication Client Settings on page 66 3 Select the Advanced tab SafeNet Authentication Client Tools Safe SafeNet Authentication Client Password Quality Advanced Copy user certificates to a local store jn SafeNet Authentication Clien Copy CA certificates to a local store Vv a Tokens Enable single sign on el E amp My Token Allow password quality configuration on token after initialization v ik Settings Vv Allow only an administrator to configure password quality on token Client Settings Save Discard www safenet inc com 4 Select Copy CA certificates to a local store 5 Do one of the following To save your changes click Save To ignore your changes click Discard Allowing password quality configuration on token after initialization The Allow password quality configuration on token after initialization option defines whether the password quality p
24. ettings on token Always fastest RSA key secondary authentication I One factor logon Never P 2048 bit RSA key support I Manually set the number of reserved RSA keys I OTP support fo 1024 bit keys Change Initialization Key 2 Complete the fields as follows Field Description eToken PKI Client 3 65 Select to maintain compatibility with token RTE 3 65 compatible Password quality settings Select to keep password policy on the token device on token This is enabled only when the 3 65 compatible is selected FIPS Select to enable FIPS support FIPS Federal Information Processing Standards is a US government approved set of standards designed to improve the utilization and management of computer and related telecommunication systems Any token with applet 1 1 25 or above supports FIPS Field Continued One factor logon Description Continued Default disabled When one factor logon is enabled only the presence of the token is required to log on to applications A password is not required Note For security reasons one factor logon is not applied to SafeNet Authentication Client Tools 2048 bit RSA key support Select to enable 2048 bit RSA key support on compatible token OTP support Select to enable OTP support on compatible token Private data caching In SafeNet Authentication Client public information stored on the token is cached to
25. g To save your changes click Save To ignore your changes click Discard
26. ialization key Second is the Change Initialization key which is the new value of the initialization key that can be set during initialization To change the Token Initialization Key 1 In the Advanced Token Initialization Settings window click Change Initialization Key The Token Initialization Key window opens 5 Token Initialization Key Safe SafeNet Authentication Client Use this initialization key I Change the key for the next initialization to Default C Random C This Value b d Confirm ee S Initializing a Token 29 2 Complete the fields as follows Field Description Use default initialization Key Select to use factory set default Use this initialization Key Enter the initialization key to be used Change the key for the next Set the new value of the 2nd initialization key for initialization to any of the 3 options specified m Default Revert to default m Random If selected it will never be possible to re initialize the token Em This Value Enter and confirm a a value for initialization key 3 Click OK to return to the Advanced Token Initialization Settings window then click OK again to return to the Initialize Token window 4 Click Start When the initialization process is complete a confirmation message is displayed SafeNet Chapter 4 Token Management The SafeNet Authentication Client Tools application and the SafeNet Authentication Client
27. ing initialization The unlock feature is available for token hardware devices and SafeNet eToken Virtual This feature is not available for SafeNet eToken Rescue CAUTION The number of times that SafeNet eToken Virtual can be unlocked can be limited to a specified number If this number is exceeded the SafeNet eToken Virtual becomes unusable and must be replaced If the administrator has access to the user s computer the token may be unlocked using the Set Token Password feature see Unlocking a Token Using Set Token Password on page 44 When the administrator is located remotely for example when an employee is out of the office a Challenge Response authentication method can be employed to unlock the token see Unlocking a Token using Challenge Response on page 45 With this method the user sends the administrator the Challenge Code supplied by Tools and then enters the Response Code provided by the administrator The user then enters a new password and the token is unlocked Unlocking a Token Using Set Token Password To unlock a token using Set Token Password 1 Log on to the token as an administrator see Logging On to a Token as an Administrator on page 34 2 Do one of the following Click the Set Token Password icon DD Unlocking a Token 45 Right click the token in the left pane and select Set Token Password from the shortcut menu The Set Password window opens tS Set Password Safe SafeNe
28. invalidate the procedure Deleting Token Content 47 The administrator provides the Response Code to be entered Note The creation of response code depends on the backend application being used by the organization System administrators should refer to the relevant documentation for details on how to generate the response code 5 Select Token Password must change on first logon if the new password is known to others and must be changed 6 Enter a new token password in the Password and Confirm fields 7 Click OK The token is unlocked and a confirmation message is displayed Deleting Token Content The Delete Token Content function enables you to delete all deletable objects on your token Objects types include data objects profiles keys and certificates CA or user Non deletable objects will not be removed Non deletable objects are created when the administrator configures the object attributes The Delete Token Content function leaves the data structure on your token intact It is less wide reaching than the Initialize function which restores a token to its initial state removing all objects stored on the token since manufacture and resets the token password See Chapter 3 Token Initialization on page 21 To Delete Token Content 1 Click the application tray icon and select Delete Token Content from the menu The Delete Token Content window opens prompting you to confirm the delete action Delete
29. ls 2 Click the Advanced View icon 3 Inthe left pane of the Advanced View window expand the required token and select Settings 4 In the right pane select the Advanced tab Setting Private Data Caching 61 SafeNet Authentication Client Tools Safe SafeNet Authentication Client Password Quality Advanced Private data caching Always fastest X 6 SafeNet Authentication Clien RSA key secondary authentication Never x a Tokens amp My Token Bl User Certificat a El CA Certificates H Settings El amp test i Settings amp eToken Virtual ik Settings GE Client Settings Save Discard www safenet inc com Logged on as user 5 In the Private data caching field select one of the following options Option Description Always fastest Always caches private information in the application memory This enables fast performance as certain information is cached on the host machine However this option is less secure than if no cache is allowed While user is logged on Caches private data outside the token as long as the user is logged on to the token Once the user logs out all the private data in the cache is erased Never Does not cache private data 6 Do one of the following To save your changes click Save To ignore your changes click Discard 62 Setting RSA Key Secondary Authentication An authentication passwo
30. lt 10 Maximum character repetitions in a password Defines number of times a character can be repeated in the password Default 3 The password must comply with the complexity rules Determines if the complexity requirements are required in the token password m Atleast 3 rules Complexity requirements are enforced m None Complexity requirements are not enforced m Manual Complexity requirements as set manually in the Manual Complexity settings are enforced Default Setting Private Data Caching Password Quality Parameter Continued Description Continued Manual Complexity Rules For each of the character types Numerals Upper case letters Lower case letters and Special Characters select one of the following options m Permitted Can be included in the password but is not mandatory Default m Mandatory Must be included in the password m Forbidden Must not be included in the password 6 Do one of the following To save your changes click Save To ignore your changes click Discard To return to default settings click Set to Default In SafeNet Authentication Client public information stored on the token is cached to enhance performance This option defines when private information excluding private keys on the physical token can be cached outside the token To set private data caching 1 Open SafeNet Authentication Client Too
31. ministrator When a token is inserted into a USB port or SafeNet eToken Virtual is added the effect is the same as inserting a smart card into one of the readers To display the number of readers 1 Open SafeNet Authentication Client Tools 2 Click the Advanced View icon 3 Do one of the following Click the Reader Settings icon Right click the Tokens node and select Reader Settings from the shortcut menu The Reader Settings window opens Reader Settings SafeNet Authentication Client Number of virtual readers for tokens 4 Number of virtual readers for SafeNet eToken Virtual B tokens OK Cancel In Linux the smart card service pcscd loads the smartcard driver dynamically The number of virtual readers available for token is determined by the pescSlots property value in the eToken conf file For more details see SafeNet Authentication Client Linux Administrator s Guide Set the required number of hardware or software readers in the appropriate field The default number of available readers are Hardware readers 4 On Linux platform this is disabled and shows how many tokens can be connected determined by the pescslots property value Software readers 2 Click OK to close the window Restart Tools to make the changes effective SafeNet Chapter 5 SafeNet eToken Virtual SafeNet Authentication Client supports the SafeNet eToken Virtual line of prod
32. n Information of Disconnect SafeNet eToken Virtual www safenet inc com When a token is inserted or SafeNet eToken Virtual is present a specific icon representing the inserted token is displayed in the left pane Each token has a name displayed to the right of the icon My Token is the default name if no name has been assigned to the token The selected token is marked by a shaded rectangle in the left pane 9 SafeNet Authentication Client Tools Main Screen Authenticator Icons The icon indicates the type of authenticator attached Icon Type eToken PRO SafeNet eToken Virtual eToken NG Flash eToken NG Flash Anywhere eToken PRO Anywhere SafeNet eToken Rescue AN Ly eToken NG OTP aA Reader eToken PRO Smartcard Broken token Unknown token SafeNet Authentication Client Tools Main Screen 11 Simple View Functions In the right pane you can select any of the enabled buttons to perform the action described Function Button Rename Token sets the token name Rename Token Change Token Password changes the token password 36969696 Change Token Password Unlock Token resets the token password via a challenge response mechanism Enabled only when an administrator w password has been initialized on the token Unlock Token Delete Token Content removes deletable data from the token amp Delete Token Content
33. n as a user 1 Open SafeNet Authentication Client Tools 2 Click the Advanced View icon E The Advanced View window opens 3 Do one of the following Select the required token in the left pane and click the Log On to Token icon Right click the required token in the left pane and select Log On from the shortcut menu The Log on window opens Log on My Token SafeNet Authentication Client Enter the Token Password Token Name my Token Password fl Cancel 4 Enter the token password in the Password field and click OK The user is logged on Logging On to a Token as an Administrator To log on as an administrator 1 Open SafeNet Authentication Client Tools 2 Click the Advanced View icon 3 Do one of the following Select the required token in the left pane and click the Log on as Administrator icon Right click the required token in the left pane and select Log on as Administrator from the shortcut menu The Log on dialog box opens 4 Enter the administrator password in the Password field and click OK The user is logged on as the Administrator Importing a Certificate onto a Token The following certificate types are supported m pfx m pl2 m cer Note In Linux it is possible to export only to cer format If a PFX file is selected the private key and corresponding certificate will be imported to the token You will be asked if CA certificates should be imported to
34. n enne 60 Setting RSA Key Secondary Authentication annae eneen 62 SafeNet Authentication Client SettingS nnennensrannenn 65 Opening SafeNet Authentication Client Settings nennen ennen 66 Client Settings Password Quality rans aasnenennennsens eneen eneenseenennenseseneens 66 Copying CA Certificates to a Local Store nana ensen ennensenenennn 67 Allowing password quality configuration on token after initialization 68 Allowing only an administrator to configure password quality on token 69 SafeNet Chapter 1 Introduction SafeNet Authentication Client enables token operations and the implementation of token based PKI solutions In this chapter m Overview m New Features 2 Overview Public Key Infrastructure PKI is a framework for creating a secure method for exchanging information based on public key cryptography providing for trusted third party vetting of and vouching for user identities It is an arrangement that consists of a system of digital certificates Certificate Authorities and other registration authorities that verify and authenticate the validity of each party involved in an internet transaction SafeNet s Authentication Client enables integration with various security applications It enables token security applications and third party applications to communicate with the token These include token PKI solutions usingPKCS 11 or proprietary token applications
35. n through the SafeNet Support portal http c3 safenet inc com secure asp Additional Documentation We recommend reading the following SafeNet Token publication m SafeNet Authentication Client Linux 8 0 Administrator s Guide m SafeNet Authentication Client Linux 8 0 User s Guide m SafeNet Authentication Client Linux 8 0 ReadMe 1 3 SafeNet Table of Contents DDE OCU ESCO enen ensen ennen kenne 1 OVENS Nanne ee Ye ne TEE N 2 New FEAE ae ee teen tenen 2 SafeNet Authentication Client User Interface sssssssssssssrnnsrsnssrnssnnnss 3 Overview of SafeNet Authentication Client User Interface nn 4 SafeNet Authentication Client Tray ICON anneer enen enennensennenvenvenenn 6 Launching the Tray MENU nennen nee 6 Tray l on MET Seesle enten 6 Hiding and Unhiding the Tray ICON nnee ennen ene enenvensenenventenenn 7 SafeNet Authentication Client Tools Main Screen unne ensen renee 7 SafeNet Authentication Client Tools Main Screen Toolbar 8 SPE MEN sene ene Ee 9 Advanced MEW eten eene eneen 12 Token Initialization nan saansanseanseanseansensensnenvanavanseeneeenvansnnnsn 21 Overview of Token Initialization reerde anne ee ee ede 22 initializing A TOKE reen ene 22 Configuring Advanced Initialization Settings nennen 25 Changing the Token Initialization K y unnnannanaennenseneensensensensen 28 vi 4 Token Management nnnsanaananannenensaanenensennenennensenensennsaeneene 31 Selecting the Active CKEN 4 entenmeniten
36. ne click Disconnect SafeNet eToken Virtual or Disconnect SafeNet eToken Rescue icon The Disconnect SafeNet eToken Virtual message is displayed Do one of the following 54 To keep the SafeNet eToken Virtual SafeNet eToken Rescue file on the computer click Disconnect only the connection from the SafeNet eToken Virtual to the SafeNet Authentication Client is disconnected To remove the SafeNet eToken Virtual SafeNet eToken Rescue file from the computer click Delete Note Disconnecting the SafeNet eToken Virtual SafeNet eToken Rescue is applicable when the user is out of the office and may need to use the SafeNet eToken Virtual SafeNet eToken Rescue on the road later When the lost token is replaced the SafeNet eToken Virtual SafeNet eToken Rescue should be deleted from the computer After the SafeNet eToken Virtual SafeNet eToken Rescue is deleted it can be recreated only by reinstalling it Unlocking SafeNet eToken Virtual Note The unlock function is supported only by SafeNet eToken Virtual not SafeNet eToken Rescue If you enter an incorrect password more than a specified number of times the SafeNet eToken Virtual will be locked See Unlocking a Token using Challenge Response on page 45 or Unlocking a Token Using Set Token Password on page 44 Note The number of times that SafeNet eToken Virtual can be unlocked can be limited to a specified number If this number is exceeded the SafeNet eToken Virtual bec
37. ntication Client Tools Main Screen Tools includes two viewing options Simple View to perform basic and common tasks See Simple View on page 9 Advanced View for complete control over the SafeNet Authentication Client and the inserted tokens See Advanced View on page 12 Each view displays two panes m The left pane indicates which token Simple View or which object Advanced View is to be managed m The right pane enables the user to perform specific actions to the selected token or object A toolbar at the top of the window enables certain actions to be initiated in both views SafeNet Authentication Client Tools Main Screen Toolbar The main screen toolbar is displayed in both Simple and Advanced View The toolbar contains the following icons Icon Action Advanced View switches from the simple to the advanced view Simple View switches from the advanced to the simple view Refresh refreshes the data for all connected tokens About displays product version information Help launches the help i rs SafeNet Home opens the SafeNet s website Simple View The SafeNet Authentication Client Tools is launched in Simple View SafeNet Authentication Client Tools SafeNet Authentication Client y mes i vA Rename Token i 969 Change Token Password j testl f 2 Unlock Token E y f Delete Token Content eToken Virtual t 19 View Toke
38. ols window select the token to be renamed 3 Click Rename Token in the right pane 4 If prompted enter the token password The Rename Token window opens Rename Token Safe SafeNet Authentication Client New Token name This name will be used to identify your token Cancel 5 Enter the new name in the New Token name field 6 Click OK The new token name is displayed in the Tools window Copying Token Information to the Clipboard To copy and paste token information 1 Do one of the following Inthe Token Info window click Copy 42 In Advanced view select the required token in the left pane and click the Copy to Clipboard icon 2 Place the cursor in the target application and paste the information Changing the Administrator Password Setting an administrator password on the token enables the administrator to unlock a locked token by resetting a new token password if it is forgotten We recommend initializing all tokens with an administrator password Password Quality feature enables the administrator to set certain complexity and usage requirements for the password See Setting Password Quality on page 58 Note Password is an important security measure in safeguarding your company s pri vate information The best passwords are at least eight characters long and include upper and lower case letters punctuation marks and numbers created in a random order We recommend against using passwo
39. omes unusable Generating a One Time Password OTP 55 Generating a One Time Password OTP The Generate OTP function is available only if SafeNet eToken Virtual or SafeNet eToken Rescue with the OTP feature activated is stored on your computer To generate an OTP 1 Click the application tray icon The SafeNet Authentication Client tray menu opens 2 Select Generate OTP The Generate OTP window opens Generate OTP x Generate OTP 3 Click Generate OTP The Log on window opens 4 Enter the token password The generated OTP is displayed in the Generate OTP window SafeNet Chapter 6 Token Settings Configurations set in token settings determine behavior that applies to the specific token In this chapter m Setting Password Quality m Setting Private Data Caching m Setting RSA Key Secondary Authentication 58 Setting Password Quality Once password quality parameters are set any future passwords are automatically checked against these parameters to determine the password s level of acceptability If the token was initialized in early PKI Client versions RTE no password policy is stored on the token To set password quality 1 Open SafeNet Authentication Client Tools 2 Click the Advanced View icon 3 Inthe left pane of the Advanced View window expand the required token and select Settings 4 Inthe right pane select the Password Quality tab SafeNet Authentication Client
40. rd may be set for an RSA key If this option is used then in addition to having the token and knowing the token s password accessing the RSA key requires knowing the password set for that particular key This option defines the policy for using this secondary authentication of RSA keys To set RSA key secondary authentication 1 2 3 Open SafeNet Authentication Client Tools Click the Advanced View icon In the left pane of the Advanced View window expand the required token and select Settings In the right pane select the Advanced tab SafeNet Authentication Client Tools Safe SafeNet Authentication Client Password Quality Advanced Private data caching Always fastest 7 SafeNet Authentication Clien RSA key secondary authentication Never X l a Tokens B My Token B User Certificat i Settings amp eToken Virtual We Settings Client Settings Save Discard www safenet inc com Logged on as user Setting RSA Key Secondary Authentication 63 5 Inthe RSA key secondary authentication field select one of the following options Option Description Always Every time an RSA key is generated you are prompted to enter a secondary password for accessing this key Clicking OK generates the key and uses the entered password as the secondary RSA password for that key Clicking Cancel causes key generation to fail Always prompt user Every time an RSA key is generate
41. rds that can be easily discovered such as names or birth dates of family members To change the Administrator Password 1 Open SafeNet Authentication Client Tools 2 To change the administrator password do one of the following Changing the Administrator Password 43 Inthe left pane of the Tools window select the required token and click the Change Administrator Password icon The Change Administrator Password icon is located at the right of the window enclosed within a border Inthe left pane of the Tools window right click the required token and select Change Administrator Password from the menu The Change Administrator Password window opens S Change Administrator Password My Token x Safe SafeNet Authentication Client Current Password t New Password ttr Confirm Password teeter Cancel Enter the current administrator password in the Current Password field Note If an incorrect password is entered more than a specified number of times the token will be locked Enter the new administrator password in the New Password and Confirm Password fields Click OK The token s administrator password is changed 44 Unlocking a Token If you enter an incorrect password more than a specified number of times the token hardware device SafeNet eToken Virtual or SafeNet eToken Rescue will be locked You can unlock the token only if an administrator password was set dur
42. right pane 5 SafeNet Authentication Client Tools Safe SafeNet Authentication Client ml iz SafeNet Authentication Clien Issued To Issued By Expiration Date Purposes E a Tokens El Users Admini IAM2003CA 07 06 2011 CTL Usage Signing Encry El My Token El Users Admini AM2003CA 07 06 2011 CTL Usage Signing Encry E El Users Adm El Users Adm e R CA Certificates Wi Settings B testl We Settings 6 3 eToken Virtual W Settings Client Settings www safenet inc com 2 User Certificates The following functions are available User Function Icon Right Click Menu Item Import Certificate Import Certificate See Importing a Certificate Ts h onto a Token on page 34 Export Certificate Export Certificate See Exporting a Certificate from a Token on page 37 Delete Certificate Delete Certificate See Deleting a Certificate on page 38 Settings Each attached token has a Settings window SafeNet Authentication Client Tools Safe SafeNet Authentication Client Password Quality Advanced Minimum password length characters SafeNet Authentication Clien Maximum password usage period days a Tokens Minimum password usage period days E amp My Token Password expiration warning period days amp B User Certificat password history size CA Certificates j a 5 s l Maximum character repetitions in a password W Settings 5
43. t amp testl The password must comply with the password complexity rules i Settings Manual Complexity Rules 5 amp eToken Virtual Numerals Permitted H di Settings Upper case letters Permitted amp Client Settings Lower case letters Permitted Special Characters Permitted Set to Default Save Discard www safenet inc com Logged on as user The settings window contains two tabs SafeNet Authentication Client Tools Main Screen 19 m Password Quality See Setting Password Quality on page 58 m Advanced See Setting Private Data Caching on page 60 and Setting RSA Key Secondary Authentication on page 62 SafeNet Authentication Client Settings The client settings will affect all tokens that will be initialized after the settings have been configured The SafeNet Authentication Client Settings window contains two tabs as in the Settings window Password Quality m Advanced See SafeNet Authentication Client Settings on page 65 SafeNet Chapter 3 Token Initialization Token initialization restores a token to its initial state removing all objects stored on the token since manufacture frees up memory and resets the token password Typically initialization is carried out on a token when an employee leaves the company enabling the token to be issued to another employee Note You cannot initialize SafeNet eToken Virtual with SafeNet Authentication Client In this chapter m
44. t Authentication Client New Password Confirm Password Logon retries before token is locked fis Cancel Enter a new password in the New Password and Confirm Password fields The Logon retries before token is locked displays the maximum login failures set by the administrator during initialization Click OK The token is unlocked You can now log on as a user with the new password Unlocking a Token using Challenge Response To unlock a token using Challenge Response 1 2 3 Open SafeNet Authentication Client Tools In the left pane of the Tools window select the token to be unlocked Click Unlock Token in the right pane The Unlock Token window is displayed Unlock Token My Token Safe SafeNet Authentication Client Administrator Logon Challenge Code Response Code Response Code must be exactly 16 New Password characters I Token Password must be changed on first logon Password Confirm 4 Contact the administrator and provide the Challenge Code Note To copy the challenge code to the clipboard click on the Copy challenge code to clipboard icon CAUTION After providing the Challenge Code to the administrator do not undertake any activities that use the token until after receiving the Response Code and completing the unlocking procedure If any other token activity occurs during this process it will affect the context of the Challenge Response process and
45. ters long and include upper and lower case letters punctuation marks and numbers created in a random order We recommend against using passwords that can be easily discovered such as names or birth dates of family members To change the token password 1 2 4 5 Open SafeNet Authentication Client Tools In the left pane of the Tools window select the token to which the new password will be assigned Click Change Password in the right pane Tip You can change the token Password also by clicking on the application tray icon and selecting Change Token Password The Change Password window is displayed 5 Change Password My Token Safe SafeNet Authentication Client Current Token Password New Token Password Confirm New Token Password EE 0 Q Password must meet token defined complexity requirements Cancel Enter a password Enter the current token password in the Current Token Password field Enter the new token password in the New Token Password and Confirm New Token Password fields Note As you type a new password the password quality indicator on the right displays a percentage score of how well the new password matches the password quality policy Click OK The token password is changed Renaming a Token 41 Renaming a Token You can change the token name To rename a token 1 Open SafeNet Authentication Client Tools 2 In the left pane of the To
46. ucts This includes SafeNet eToken Virtual and SafeNet eToken Rescue These are stored as files on your computer or on a mass storage device Tip To obtain SafeNet eToken Rescue or SafeNet eToken Virtual contact your system administrator In this chapter m Overview of SafeNet eToken Virtual and SafeNet eToken Rescue m Using SafeNet eToken Virtual SafeNet eToken Rescue to Replace a Lost Token m Connecting SafeNet eToken Virtual or SafeNet eToken Rescue m Disconnecting SafeNet eToken Virtual or SafeNet eToken Rescue m Unlocking SafeNet eToken Virtual m Generating a One Time Password OTP 52 Overview of SafeNet eToken Virtual and SafeNet eToken Rescue SafeNet Authentication Client supports software tokens The following types of software tokens are available SafeNet eToken Rescue provides a solution when a staff member loses or damages a token when away from the office SafeNet eToken Rescue is a read only token You cannot import certificates It operates for a limited period of time SafeNet eToken Virtual performs all the functions of an eToken NG OTP It supports OTP generation if so configured SafeNet eToken Virtual is locked to a particular computer or storage device such as a flash drive This means that it can be used only on the computer or storage device where it was enrolled SafeNet eToken Virtual Temp identical to SafeNet eToken Virtual but contains certificates which become invalid after a sp
47. wever the user can choose to dismiss the prompt by clicking Cancel and key generation will continue without using a secondary password for the generated RSA key m Prompt on application request this enables applications that use secondary authentication for RSA keys to make use of this feature on the token when creating the key in Crypto API with a user protected flag m Never secondary passwords are not created for any RSA key and the authentication method uses only the token password to access the key Manually set the number of reserved RSA keys Set the number of reserved RSA keys This ensures that there will always be memory available for this number of keys Change Initialization Key The initialization key protects against accidental initialization and requires a separate password to be entered before initialization can occur 3 If you want to change the token initialization key continue from the next section see Changing the Token Initialization Key on page 28 else click OK to return to the Initialize Token window 4 Click Start When the initialization process is complete a confirmation message is displayed Changing the Token Initialization Key Two initialization keys can be provided during the initialization process One is the current initialization key it is required so the initialization can be done The Default Initialization and Specified Initialization Key refer to current init

SafeNet Authentication Client (Linux) User's Guide

Contents

Download Pdf Manuals

Related Search

Related Contents