Transcription
SafeNet Authentication Client(Windows)Version 8.1 SP1 Revision AUser’s Guide
Copyright 2011 SafeNet, Inc. All rights reserved.All attempts have been made to make the information in this document complete and accurate.SafeNet, Inc. is not responsible for any direct or indirect damages or loss of business resultingfrom inaccuracies or omissions. The specifications contained in this document are subject tochange without notice.SafeNet and SafeNet Authentication Client are either registered with the U.S. Patent andTrademark Office or are trademarks of SafeNet, Inc., and its subsidiaries and affiliates, in theUnited States and other countries. All other trademarks referenced in this Manual aretrademarks of their respective owners.SafeNet Hardware and/or Software products described in this document may be protected byone or more U.S. Patents, foreign patents, or pending patent applications.Please contact SafeNet Support for details of FCC Compliance, CE Compliance, and ULNotification.Date of publication: October 2011Last update: Tuesday, October 04, 2011 6:44 pm
iiiSupportWe work closely with our reseller partners to offer the best worldwidetechnical support services. Your reseller is the first line of supportwhen you have questions about products and services. However, ifyou require additional assistance, you can contact us directly at:TelephoneYou can call our help‐desk 24 hours a day, seven days a week:USA: 1‐800‐545‐6608International: 1‐410‐931‐7520EmailYou can send a question to the technical support team at the followingemail address:[email protected] can submit a question through the SafeNet Support nal DocumentationWe recommend reading the following SafeNet publications: SafeNet Authentication Client 8.1 SP1 Administrator’s GuideSafeNet Authentication Client 8.1 SP1 ReadMe
iv
Table of Contents1. Introduction. 1Overview. 2SafeNet Authentication Client Main Features. 2Supported Tokens. 2Supported Localizations . 32. SafeNet Authentication Client User Interfaces. 5Overview of SafeNet Authentication Client User Interfaces . 6SafeNet Authentication Client Tray Icon . 6Starting SafeNet Authentication Client . 7Closing SafeNet Authentication Client. 7Opening the Tray Menu . 7SafeNet Authentication Client Tray Menu Functions. 7SafeNet Authentication Client Icon Functions (BSec-Compatible Mode). 8SafeNet Authentication Client Tools. 9SafeNet Authentication Client Tools Toolbar . 10Opening the Simple View. 11Opening the Advanced View. 143. Token Management.29Selecting the Active Token . 31Viewing and Copying Token Information. 32Logging On to the Token as a User. 34Renaming a Token. 35Changing the Token Password . 36Unlocking a Token by the Challenge-Response Method. 39Unlocking an iKey Token . 42Deleting Token Content . 44Importing a Certificate onto a Token . 46Exporting a Certificate from a Token . 50Viewing Supported Cryptographic Providers . 51
viSetting a Certificate as KSP or CSP.52Setting a Certificate as Default or Auxiliary .54Clearing a Default Certificate.56Deleting a Certificate.57Logging On to the Token as an Administrator .59Changing the Administrator Password.60Unlocking a Token by an Administrator .62Synchronizing Passwords.64Working with IdenTrust .65Using the Identity PIN (Legacy).65Reader Settings .664. Token Initialization.69Overview of Token Initialization .70Configuring Initialization Settings.70Configuring Advanced Initialization Settings .73Setting the RSA Key Secondary Authentication Field .77Changing the Token Initialization Key.79Configuring Common Criteria Settings.815. SafeNet eToken Virtual .83Overview of SafeNet eToken Virtual Products .84Connecting a SafeNet eToken Virtual.84Disconnecting or Deleting a SafeNet eToken Virtual Product.85Using a SafeNet eToken Virtual to Replace a Lost Token .87Unlocking a SafeNet eToken Virtual.87Generating a One-Time Password (OTP).88Using a SafeNet eToken Virtual on an External Storage Device.89Using an Emulated SafeNet eToken Virtual .906. Client Settings.91Setting Password Quality.92Copying User Certificates to a Local Store .93Copying CA Certificates to a Local Store .94Enabling Single Logon.95Allowing Password Quality Configuration on Token after Initialization .96Allowing Only an Administrator to Configure Password Quality on Token .97Showing SafeNet Authentication Client Tray Icon.97Defining Automatic Logoff.98
viiEnabling Logging. 997. Token Settings.101Setting Token Password Quality . 102Setting Private Data Caching Mode. 106Setting RSA Key Secondary Authentication . 1088. Licensing.111Viewing and Importing Licenses.112
viii
Chapter 1IntroductionSafeNet Authentication Client enables token operations and theimplementation of token PKI‐based solutions.In this chapter: Overview SafeNet Authentication Client Main Features Supported Tokens Supported Localizations
2OverviewSafeNet Authentication Client is Public Key Infrastructure (PKI)middleware that provides a secure method for exchanginginformation based on public key cryptography, enabling trusted third‐party verification of user identities. It utilizes a system of digitalcertificates, Certificate Authorities, and other registration authoritiesthat verify and authenticate the validity of each party involved in aninternet transaction.SafeNet Authentication Client provides easy‐to‐use configurationtools for users and administrators.SafeNet Authentication Client Main FeaturesSafeNet Authentication Client incorporates features that weresupported by previous releases of eToken PKI Client and SafeNetBorderless Security (BSec). It provides a unified middleware client fora variety of SafeNet smart cards, SafeNet iKey tokens, and SafeNeteToken devices.Full backward compatibility means that customers who have beenusing eToken PKI Client or SafeNet Borderless Security Client (BSec)can continue to use deployed eToken and iKey devices.Supported TokensSafeNet Authentication Client 8.1 SP1 supports the following tokens: SafeNet eToken 5100/5105SafeNet eToken 5200/5205SafeNet eToken 4100SafeNet eToken PROSafeNet eToken PRO AnywhereSafeNet eToken PRO SmartcardSafeNet eToken NG‐OTPSafeNet eToken NG‐Flash
Supported Localizations SafeNet eToken NG‐Flash AnywhereSafeNet eToken Virtual FamilySafeNet iKey: FIPS and non‐FIPS 2032, 2032u, 2032iSafeNet Smartcard: FIPS and non‐FIPS SC330, SC330u, SC330iSafeNet Smartcard SC400SafeNet iKey 4000Supported LocalizationsNote:Localizations are not supported in the BSec utility applications.SafeNet Authentication Client 8.1 SP1 supports the followinglanguages: Chinese (Simplified)CzechEnglishFrench (European)French uanianPolishPortuguese (Brazilian)RomanianRussianSpanishThaiVietnamese3
4
Chapter 2SafeNet Authentication ClientUser InterfacesThis section describes the SafeNet Authentication Client userinterfaces.Note:If a customized version of SafeNet Authentication Client is installed,the graphics you see may be different than those displayed in thisguide.In this chapter: Overview of SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tray Icon SafeNet Authentication Client Tools
6Overview of SafeNet Authentication ClientUser InterfacesSafeNet Authentication Client provides two user interfaces: SafeNet Authentication Client Tray Icon for quick access to many of the functions in the application SafeNet Authentication Client Tools provides information about each connected token, includingits identification and capabilities has access to information stored on each connected token,such as keys and certificates enables management of token content, such as passwordprofilesSafeNet Authentication Client Tray IconThe SafeNet Authentication Client tray icon offers a shortcut menu tomany of the application’s functions.Note:To display the icon if it is hidden, see Showing SafeNet AuthenticationClient Tray Icon on page 97.When SafeNet Authentication Client is closed, the tray icon is notdisplayed.In the standard SafeNet Authentication Client installation, the trayicon is displayed as:In the BSec UI compatible SafeNet Authentication Client installation,the tray icon is displayed as:(token connected)(token disconnected)
SafeNet Authentication Client Tray Icon7Starting SafeNet Authentication ClientTo start SafeNet Authentication Client: From the Windows taskbar, select Start Programs SafeNet SafeNet Authentication Client SafeNet Authentication Client.Closing SafeNet Authentication ClientTo close SafeNet Authentication Client: Right‐click the SafeNet Authentication Client tray icon, and fromthe shortcut menu, select Exit.Opening the Tray MenuTo access the shortcut menu from the SafeNet AuthenticationClient tray icon: Right‐click the SafeNet Authentication Client tray icon.SafeNet Authentication Client Tray MenuFunctionsThe following functions can be accessed quickly from the tray menu: Change Token Password: opens the Change Password window forthe selected token.Select token: allows you to select one of the connected tokens tobe the active token. This function is available only when morethan one token is connected.Tools: opens SafeNet Authentication Client Tools.About: displays product version information and licenseinformation, and enables license import.Exit: closes SafeNet Authentication Client and the tray icon.
8The following functions may be displayed, depending on theconfiguration of the system: Open eToken SSO: launches the eToken Single Sign‐Onapplication. This function is available only if eToken SSO isinstalled.SAM Agent: launches the SAM Desktop Agent application. Formore information, see the SafeNet Authentication Manager User’sGuide.Delete Token Content: removes the deletable data from theselected token.Generate OTP: generates an OTP on the selected SafeNet eTokenVirtual token. This function is available only if the selected SafeNeteToken Virtual is configured to support this function.SafeNet Authentication Client IconFunctions (BSec-Compatible Mode)The following functions can be accessed quickly from the tray menu: Change PIN: opens the Change PIN window for the selectedtoken.Disable Event Notifications: disables the Event Notificationfunction.Enrollment: opens the Enrollment feature in the SafeNet TokenManager utility application.Enrollment Update: opens the Enrollment Update feature in theSafeNet Token Manager utility application.Certificate Information: opens the Token Certificate Informationwindow.Select Token: allows you to select one of the connected tokens tobe the active token. This function is available only when morethan one token is connected.About: displays product information.Exit: closes SafeNet Authentication Client and the tray icon.
SafeNet Authentication Client Tools9SafeNet Authentication Client ToolsAdministrators use SafeNet Authentication Client Tools to set tokenpolicies. Users use SafeNet Authentication Client Tools to performbasic token management functions, such as changing passwords andviewing certificates on a connected token. In addition, SafeNetAuthentication Client Tools provides users and administrators with aquick and easy way to transfer digital certificates and keys between acomputer and a token.SafeNet Authentication Client Tools includes an initialization featureallowing administrators to initialize tokens according to specificorganizational requirements or security modes, and a passwordquality feature which sets parameters to calculate a Token Passwordquality rating.CAUTION:Do not disconnect a token from the USB port, or a smart card from thereader, during an operation. This may cause corruption of the data onthe token or smart card.SafeNet Authentication Client Tools includes two viewing options: Simple view: to perform common tasks.See Opening the Simple View on page 11.Advanced view: for extensive control over SafeNetAuthentication Client and your connected tokens.See Opening the Advanced View on page 14.Each view displays two panes: The left pane indicates which token (Simple view) or which object(Advanced view) is to be managed. The right pane enables the user to perform specific actions to theselected token or object.A toolbar at the top of the window enables certain actions to beinitiated in both views.Note:If a customized version of SafeNet Authentication Client is installed,the graphics you see may be different than those displayed in thisguide.
10SafeNet Authentication Client Tools ToolbarA toolbar is displayed at the top of SafeNet Authentication ClientTools, in both Simple and Advanced views. The toolbar contains thefollowing icons:IconActionAdvanced View – switches from the Simple to theAdvanced viewSimple View – switches from the Advanced to theSimple viewRefresh – refreshes the data for all connectedtokensAbout – displays product version information andlicense information, and enables license importHelp – opens the Help featureHome – opens the company website
SafeNet Authentication Client Tools11Opening the Simple ViewWhen SafeNet Authentication Client Tools is opened, the Simple viewis displayed.To open SafeNet Authentication Client Tools:Do one of the following: Right‐click the SafeNet Authentication Client tray icon, and fromthe shortcut menu, select Tools.From the Windows taskbar, select Start Programs SafeNet SafeNet Authentication Client SafeNet Authentication ClientTools.The SafeNet Authentication Client Tools window opens in the Simpleview.When tokens are connected, icons representing each connected tokenare displayed in the left pane. The selected token is marked by ashaded rectangle.
12Token IconsThe icon displayed indicates the type of token that is connected.IconTypeeToken PRO (SafeNet eToken 5100)eToken NG Flash (SafeNet eToken 7100)SafeNet eToken VirtualiKey 4000 (SafeNet eToken 5000)iKey 2032 (SafeNet eToken 1000)eToken PRO Anywhere (SafeNet eToken 5200)eToken NG-OTP (SafeNet eToken 7000)SafeNet eToken Virtual, OTP enabledSafeNet eToken Virtual TempSafeNet eToken RescueSmart card reader – no card connectedSmart card reader – card connected: eToken PRO Smart Card (SafeNet eToken 4100) SafeNet Smart Card SC330 SafeNet SC400
SafeNet Authentication Client ToolsIcon13Type (Continued)Token with corrupted dataUnknown tokenSimple View FunctionsIn the right pane, select an enabled button to perform the actiondescribed:FunctionDescriptionRename TokenSets the token nameChange TokenPasswordChanges the Token PasswordUnlock TokenUnlocks the token and resets the TokenPasswordDelete Token ContentRemoves deletable data from the token(enabled by default)View TokenInformationProvides detailed information about the tokenDisconnect SafeNeteToken VirtualDisconnects the SafeNet eToken Virtual orSafeNet eToken Rescue, with an option to alsodelete it
14Opening the Advanced ViewThe SafeNet Authentication Client Tools Advanced view providesadditional token management functions.To open SafeNet Authentication Client Tools Advanced View:1.Do one of the following: Right‐click the SafeNet Authentication Client tray icon, andfrom the shortcut menu, select Tools. From the Windows taskbar, select Start Programs SafeNet SafeNet Authentication Client SafeNet AuthenticationClient Tools.The SafeNet Authentication Client Tools window opens in the Simpleview.2.Click the Advanced View icon.
SafeNet Authentication Client Tools15The SafeNet Authentication Client Tools window opens in theAdvanced view.The left pane provides a tree view of the different objects to bemanaged. The tree expands to show objects of the connected tokens.Advanced View FunctionsTo access the advanced functions:1.2.In the SafeNet Authentication Client Tools Advanced Viewwindow, expand the tree in the left pane to display the requiredobject.The relevant functions are displayed in the right pane.Do one of the following: In the right pane, click the appropriate icon, or select therequired tab.
16 In the left pane, right‐click the object, and select the requiredfunction from the shortcut menu.Tokens NodeWhen you select the Tokens node, the list of connected tokens isdisplayed in the right pane.
SafeNet Authentication Client ToolsThe following functions are available:FunctionIconReader SettingsRight-Click Menu ItemReader SettingsSee Reader Settingson page 66.Connect SafeNeteToken VirtualConnect SafeNet eTokenVirtualSee Connecting aSafeNet eToken Virtualon page 84.Selected Token NodeThe token names are displayed in the left pane. When you select atoken name, the following occurs: information about the token is displayed in the right panethe name of the token reader is displayed in the tool‐tip17
18The following user functions are availableUser FunctionIconRight-Click Menu ItemInitialize TokenSee Token Initializationon page 69.InitializeLog On to TokenSee Logging On to theToken as a User onpage 34.Log OnImport CertificateSee Importing aCertificate onto aToken on page 46.Import Certificate
SafeNet Authentication Client ToolsUser FunctionChange PasswordIcon19Right-Click Menu ItemChange PasswordSee Changing theToken Password onpage 36.Rename TokenRenameSee Renaming a Tokenon page 35.Disconnect SafeNeteToken VirtualDisconnect(SafeNet eTokenVirtual or SafeNeteToken Rescue only)See Disconnecting orDeleting a SafeNeteToken Virtual Producton page 85.Copy to ClipboardNoneSee Viewing andCopying TokenInformation onpage 32.Some administrator functions are available only if an AdministratorPassword has been set for the token. The administrator icons arelocated on the right of the window, enclosed within a border:Note:Administrator Password functions are not supported by iKey devices.
20AdministratorFunctionIconLog On asAdministratorRight-Click Menu ItemLog On as AdministratorSee Logging On to theToken as anAdministrator onpage 59.Change AdministratorPasswordSee Changing theAdministratorPassword on page 60.Change AdministratorPasswordUnlock TokenUnlockSee Unlocking a Tokenby the ChallengeResponse Method onpage 39.Set Token PasswordNoneSee Unlocking a Tokenby an Administrator onpage 62.Certificates NodesIf the selected token contains certificates, one or two appropriatenodes are displayed in the left pane under the token: User certificatesCA certificatesCC certificates
SafeNet Authentication Client ToolsWhen you select one of these nodes, a list of the appropriatecertificates on the token is displayed in the right pane.Depending on the certificate type, the following functions may beavailable:User FunctionImport CertificateIconRight-Click Menu ItemImport CertificateSee Importing aCertificate onto aToken on page 46.Reset DefaultCertificate SelectionSee Clearing a DefaultCertificate on page 56.Reset Default CertificateSelection21
22Selected Certificate NodeWhen you select a certificate under the User certificates, CA certificates,or CC certificates node, information about the certificate is displayed inthe right pane.The following functions are available:User FunctionDelete CertificateIconRight-Click Menu ItemDelete CertificateSee Deleting aCertificate on page 57.Export CertificateSee Exporting aCertificate from aToken on page 50.Export Certificate
SafeNet Authentication Client ToolsUser FunctionSet as DefaultIconRight-Click Menu ItemSet as DefaultSee Setting aCertificate as Default orAuxiliary on page 54.Set as AuxiliarySet as AuxiliarySee Setting aCertificate as Default orAuxiliary on page 54.Copy to ClipboardSee Viewing andCopying TokenInformation onpage 32.None23
24Settings NodeEach connected token has a Settings node. Select it to open the Settingswindow in the right pane.The Settings window contains two tabs: Password Quality (See Setting Token Password Quality onpage 102.)Advanced (See Setting Private Data Caching Mode on page 106 andSetting RSA Key Secondary Authentication on page 108.)Note:The Advanced tab is not used for iKey devices.
SafeNet Authentication Client Tools25Data Objects NodeTokens used together with Entrust applications contain PKCS#11 dataobjects.To view the contents of a data object:1.2.Expand the Data Objects node.Select a data object.
26The contents of the data object (Value Name and Value Type) aredisplayed in the right pane.To delete a data object:1.Select the value to be deleted.2.Click the Delete Data Object icon.
SafeNet Authentication Client Tools27Client Settings NodeSelect the Client Settings node to open the Client Settings window in theright pane.The changes you make to the Client Settings window will affect alltokens that will be initialized after the changes have been saved.Like the Settings window, the Client Settings window contains twotabs: Password QualityAdvancedSee Client Settings on page 91.
28
Chapter 3Token ManagementSafeNet Authentication Client Tools and the SafeNet AuthenticationClient tray menu enable you to control the use of your tokens.Note:If a customized version of SafeNet Authentication Client is installed,the graphics you see may be different than those displayed in thisguide.
30In this chapter: Selecting the Active Token Viewing and Copying Token Information Logging On to the Token as a User Renaming a Token Changing the Token Password Unlocking a Token by the Challenge-Response Method Unlocking an iKey Token Deleting Token Content Importing a Certificate onto a Token Exporting a Certificate from a Token Viewing Supported Cryptographic Providers Setting a Certificate as KSP or CSP Setting a Certificate as Default or Auxiliary Clearing a Default Certificate Deleting a Certificate Logging On to the Token as an Administrator Changing the Administrator Password Unlocking a Token by an Administrator Synchronizing Passwords Working with IdenTrust Reader Settings
Selecting the Active TokenSelecting the Active TokenIf more than one token is connected, you can select which token towork with.To use the tray menu to set a token as the active token:1.2.Right‐click the SafeNet Authentication Client tray icon.The SafeNet Authentication Client tray menu opens.Click Select Token.The Token Selection window opens.3.Click the arrow to open the list of connected tokens.4.5.Select the required token from the drop‐down list.Click OK.31
32To use SafeNet Authentication Client Tools to set a token as theactive token:1.2.Open SafeNet Authentication Client Tools. See Opening the Simple View on page 11 or Opening the AdvancedView on page 14.In the left pane, select the required token.Viewing and Copying Token InformationTo view and copy token information:1.To use the Simple View to view token information, do thefollowing:a. Open SafeNet Authentication Client Tools Simple View. See Opening the Simple View on page 11.b. In the left pane, select the required token.c.In the right pane, select View Token Information.d. Continue with step 3.2.To use the Advanced View to view token information, do thefollowing:a. Open SafeNet Authentication Client Tools Advanced View. See Opening the Advanced View on page 14.b. In the left pane, select the node of the required token.c.Continue with step 3.
Viewing and Copying Token Information3.4.5.6.The Token Information is displayed.The information displayed may vary according to the type oftoken.To copy the token information to the clipboard, do one of thefollowing: In the Token Information window, click Copy. In Advanced view, click the Copy to Clipboard icon:To paste the copied token information, click the cursor in thetarget application, and paste the information.Click OK.33
34Logging On to the Token as a UserYou must log on to the token before you can use or change its tokencontent.To log on as a user:1.2.Open SafeNet Authentication Client Tools Advanced View. See Opening the Advanced View on page 14.Do one of the following: In the left pane, select the node of the required token. In the right pane, click the Log On to Token icon: In the left pane, right‐click the node of the required token, andselect Log On from the shortcut menu.Note:If the Log Off to Token icon or the Log Off option is displayed,you are already logged on to the token.3.The Token Logon window opens.4.Enter the Token Password, and click OK.You are logged on to the token.
Renaming a Token35Renaming a TokenThe token name does not affect the token contents. It is used solely toidentify the token.Tip:If you have more than one token, we recommend assigning each one aunique token name.To rename a token:1.To use the Simple View to rename a token, do the following:a. Open SafeNet Authentication Client Tools Simple View. See Opening the Simple View on page 11.b. In the left pane, select the required token.c.In the right pane, select Rename Token.d. Continue with step 3.2.To use the Advanced View to rename a token, do the following:a. Open SafeNet Authentication Client Tools Advanced View. See Opening the Advanced View on page 14.b. Do one of the following: c.In the left pane, select the node
Oct 04, 2011 · Chapter 2 SafeNet Authentication Client User Interfaces This section describes the SafeNet Authentication Client user interfaces. Note: If a customized version of SafeNet Authentication Client is installed,File Size: 2MBPage Count: 122Explore furtherSafeNet Authentication Client Download - It manages .safenet-authentication-client. Download safenet authentication client 10.4 for free (Windows)en.freedownloadmanager.orgSafeSign Download - It integrates smart card or USB Token .safesign.software.informer.c SafeNet Client Software Installation Instructionswww.digicert.comSafeNet Authentication Client (free version) download for PCen.freedownloadmanager.orgRecommended to you b
