Using Smartcard/Security Tokens

Your private keys are the key to the security of your signed and/or encrypted data. Making your private keys secure is very important. An effective way to secure your private keys is to store them on a smartcard/security token.

Note: Smartcards/security tokens are not supported on Window 98 and Windows ME.

Supported Security Tokens

iSafeguard™ currently supports the following security tokens

1. eToken PRO from eAladdin
2. eToken R2 from eAladdin

Note: You must have eToken Runtime Environment 3.60 or later installed on your computer.

How It Works

iSafeguard™ works with one smartcard/token at a time. Here is how it works:

1. On startup, iSafeguard™ automatically searches your system for supported smartcards/tokens.
2. It will use the first smartcard/token it finds and ignore the rest if more than one smartcards/tokens are available on your system.
3. If the smartcard/token currently chosen is removed iSafeguard™ will choose next available one to use.
4. When you plug in a smartcard/token iSafeguard™ will automatically use it if there is no smartcard/token currently chosen; otherwise iSafeguard™ will ignore the newly plugged smartcard/token.
5. If you have certificates and key pairs stored on a supported smartcard/token iSafeguard™ will make them available for use automatically.
6. iSafeguard™ behaves the same way even if your system supports smartcards/tokens from different vendors.

Storing Certificate and Key Pair on a Security Token

If you have a supported security token you can store your certificates and key pairs on it at the time they are created when you create a self-signed certificate, enroll into a PKI or renew a certificate.

To create certificate and key pair on a smartcard/token:

1. Login if you are not currently logged in
2. Start iSafeguard™ Certificate Manager
3. Click the Create button and then follow the wizard
4. When it comes to the Smartcard/Security Token screen make sure to check the Store certificate and key pair on the following smartcard/token check box, as shown in the screen shot below.

5. Follow the wizard to complete the creation process

During the process iSafeguard™ will ask you if you want to backup your certificate and key pair. A screen shot is shown below.

If the check box is not checked the key pair will be generated on your token. Once the key pair is generated on the token it cannot be exported.

If the check box is checked the key pair will be generated on your system and then move to the token. This enables iSafeguard™ to backup the generated certificate and key pair in a backup file.

Note: If there is no smartcard/token available these options will not show in the wizard.

Follow the same steps to store certificate and key pair in smartcard/token if you are enrolling into a PKI instead of creating a self-signed certificate.

Tip: It is highly recommended that your backup your certificate and key pair since once a key pair is created on a token or imported to a token it cannot be exported. If your security token is damaged or lost your data encrypted with this certificate is lost.

Moving Certificate and Key Pair To A Security Token

If you have already had certificates and key pairs in your profile you can move them to a security token.

To move a certificate and key pair to a smartcard/token:

1. Login if you are not currently logged in
2. Start iSafeguard™ Certificate Manager
3. Right-click your mouse button on the certificate you want to move to smartcard/token and then select Move to security token from the popup menu
4. Click Yes on the confirmation message box

Note: If there is no smartcard/token available Move to security token menu item will not show.

Note: A key pair contains a public key and a private key. A private key is always stored with its public key. For this reason we sometimes use private key and key pair interchangeably.