Test Plan - Charismathics
Contents
1. To change your PIN insert the old PIN followed by the new PIN which must be entered a second time as confirmation The minimum length of the User PIN is four characters and the maximal length is ten characters Click on the button Change PIN and you receive a window with the confirmation IMPORTANT After three consecutive wrong inputs the User PIN will be locked Please choose a PIN which you can remember well but which cannot be easily guessed Avoid birthdays or simple sequences of numbers like 1234 or 1111 20 Card label citrix test Here you can unlock the PIN of your Smartcard SO PIN New PIN Confirm the New PIN Alphanumeric Numeric Hexadecimal Untock PIN To unlock your PIN enter the SO PIN followed by the new PIN which must be entered a second time as confirmation The minimal length of the User PIN is four characters and the maximal length is ten characters Click on the button Unlock PIN and a confirmation window opens 4 3 Change Token SO PIN e a Charismathic ecurit ntertac tility deem f es a rca xoti rte Saad Mato fed sds ER Change Token PIN Unlock Token PIN Change Token SO PIN Card label citrix test Here you can change the SO PIN of your Smartcard SO PIN New SO PIN Confirm the New SO PIN 9 Alphanumeric Numeric CO Hexadecimal e Change SO PIN To change the Token SO PIN enter the SO PIN followed by the new SO PIN which must be2. entered a second time as confirmation The minimum and maximum length of the SO PIN is dependent on the card OS Click on the button Change SO PIN and a confirmation window opens 21 6 1 Configuring Firefox 5 Configuring Application with PKCS 11 Note a Make sure to have a card reader connected before configuring FireFox and Thunderbird b Some version of the Firefox Browse button is not working correctly and gives a garbled path It requires you to type manually the full path in the path field To prevent mistyping it is recommended to follow the instructions below Open Mozilla Firefox Go to Firefox toolbar Preferences Go to Advanced tab Encryption tab Click Security Device The Device Manager window will open Click on Load Leave the Module Name s default value which is New PKCS 11 Module Browse the path of libcmP11 dylib to the Module filename The file path should be Application Charismathics libcmP11 dylib Click OK 9 A Confirm dialog will prompt Just click OK SK Y mo oe 9 gw p eo 10 An Alert window will prompt A new security module has been installed This means that you have successfully loaded the libcmP11 dylib module Just press OK and you are done Device Manager Security Modules and Devices Details Value Y NSS Internal PKCS 11 Module Generic Crypto Services Softw 72 77 5 Maien Vv BuiltinR L 9 6 2 Configuring Thunderbird
3. Gemalto TOP DL protiva PIV applet V1 55 Gemalto TPC DM 72K PIV Gemalto TOP DL V2 protiva PIV applet V1 55 Gemalto TOP DL GX4 144K FIPS GEMALTO GCX4 72K DI Gemalto TOP DM GX4 72K FIPS GemXpresso PRO 64K R3 FIPS V2 2 Gemalto TOP DL GX4 PIV GoldKey PIV Token Oberthur ID one Cosmo V5 PIV applet V1 08 Oberthur Oberthur ID One Cosmo 64 V5 2 AI PIV End Point Applet Oberthur ID One PIV Type A Large ID One PIV applet Suite2 3 2 Oberthur ID One Cosmo V5 2 AI PIV End pont applet Oberthur ID One Cosmo V7 0 n PIV Oberthur ID One Cosmo V7 0 n type A Standard D ID one PIV applet suite 2 3 2 Oberthur ID One Cosmo V7 0 type B Large D ID one PIV applet suite 2 3 2 Oberthur ID One Cosmo 128K v5 5 2 Oberthur ID One V5 2a Dual Oberthur CosmopolIC 64K V5 2 Fast ATR 1 SIPRNet token 2 3 Supported Smart Card Readers Please make sure your PC SC smart card reader has been installed according to the producer s specifications and is fully operational The following smart card readers have been tested for CSSI Mac Omnikey Cardman 3621 USB Omnikey Cardman 3821 USB SCM SCR 3311 USB SCM SCR 3310 USB SCM SCR 532 serial USB Additionally a great number of smart card readers not explicitly mentioned above but built upon compatible hardware are supported Note PC SC drivers are supported If RSA 2048 bit key shall be used then the smart card reader must support the extend
4. Selfsigned Certificate In order to use the smart card for digital signatures or encryption you need a key pair i e private key and corresponding public key The public key is made accessible to communication partners via a certificate Certificates can be generated and managed by the Token Configurator These options help you to manage certificates Create Selfsigned Certificate The certificate is signed with your private key This means it is not issued from a well known Certificate Authority CA and each user of this certificate has to manually specify it is trusted Create Certificate Request Generate CSR Well known CAs are usually already preset as trusted certificate issuers on most operating systems that means the certificate will be trusted without any further interaction In order to generate the certificate request you enter the data into the corresponding fields In case of a certificate request you create a file to send it to the authority that should sign the certificate e g trust center Therefore you store the request as a p10 file in a directory and follow the instructions of the corresponding authority intended to sign the certificate Once the certificate has been returned by the issuer you have to import the certificate by going to File Import Please refer to Chapter 3 1 2 File Menu Import on how to Import certificates 17 Rebuild Profile It is possible to delete an existing profile on a card and s
5. digital signing and encryption
6. tab will be displayed Selecting the tab will display the information of the token The left panel contains the Label Certificates Container Symmetric Keys and Data icons Selecting the icon displays the parameters and its associated values on the left panel 3 1 1 Token Configurator Menu Token Configurator File lit Token Window About Token Configurator Charismathics Token Configurator ied OmniK Pref se n0100 references E Card Internals for test Services gt Manufacturer Siemens E Hide Token Configurator 3H Maximum Sessions 100 z E Mechanisms 19 items ni vu AX vices CA 1 ou Internz Min SO Length 6 t pti ZA ou OISTE Foundat CreatableProfiles 3 items E Quit Token Configurator Q CA ou International Pras Memory 9 Free Private Memory 33089 i 2 containers Sessions O E 2e2315e7 b7f3 4f02 b931 be1a863370b9 messis Card Internal Time Ed cfacd591 0b53 47c8 835c fffbfab4c035 Maximum PIN length 10 R Symmetric Keys Private Memory 33089 0 keys Flags 1037 Data Flags CKF_RNG CKF LOGIN REQUIRED CKF USER PIN INITIALIZED CKF_TOKEN_INITIALIZED a 0 notes Max SO Length 10 Installed Profile CORPORATE Label test Mode CardOS V4 3B Minimum PIN length 4 About Token Configurator Shows a window that contains further information about the Token Configurator application Preferences This gives you the option to view and add smart cards with new ATR value Viewing supported cards To view the
7. 0 notes Max SO Length 10 installed Profile CORPORATE Label test Model CardOS V4 38 Minimum PIN length 4 SerialNumber 11 Memory 1 RW Sessions 1 Delete Allows you to delete a certificate or key To do this just highlight the certificate or key and go to Edit Delete 3 1 4 Token Menu Login EL Logout OmniKey CardMan 5121 00 00 Charismathics toke U Change User PIN rnals for test Change SO PIN turer Siemens Certificates Reset PIN tions 100 3 certificates isms 19 items E cn WiSeKey CertifyID Advanced Ser Generate Key 38K ngth 6 Lj en OISTE WiSeKey Global Root GA Input DES Key ofiles 3 items j Create Certificate Request mory 0 EJ en WiSeKey CertifylD Advanced G1 q il Container Create Selfsigned Certificate mory 33089 i tions 0 dosi Rebuild Profile tions 10 E ae2315e7 b7f3 4f02 b931 belal E El cfacd591 0b53 47c8 835c fffbfab Refresh Content WR jon 10 Symmetric Keys Private Memory 33089 0 keys Flags 1037 Data Flags CKF RNG CKF LOGIN REQUIRED CKF USER PIN INITIALIZED CKF TOKEN INITIALIZED i O notes Max SO Length 10 Installed Profile CORPORATE Label test Model CardOS V4 3B Minimum PIN length 4 SerialNumber 11 Memory 1 RW Sessions 1 13 Login PIN means Personal Identification Number It is a unique personal code or password which is often used to authenticate the user and gain access to various systems such as credit and debit cards bank and comp
8. 00 Charismathics token 01 00 T Card i Key Type RSA Keypair B i Key Size Q Certificates 3 certificate Ml fast Si2bits secure Lj en WiSeKey CertifyID Advanced Services CA 1 ou Internz M EEE TO cn OISTE WiSeKey Global Root GA CA ou 0ISTE Foundat i Label MyPersonalKey Cj en WiSeKey CertifylD Advanced G1 CA ou International 9 y Container va Cancel Generate EX ae2315e7 b7f3 4f02 b931 be1a863370b9 ER cfacd591 0b53 47c8 835c fffbfab4c035 a T D Symmetric Keys le Memory 33089 Da ags 1037 Data ags CKF RNG CKF LOGIN REQUIRED CKF USER PIN INITIALIZED CKF TOKEN INITIALIZED file CORPORATE CardOS V4 38 4 ber 11 y 1 i 1 In principle there are two possibilities 1 You can generate keys key pairs comprising private and public keys and secret keys with the ad ministration tool of Charismathics Smart Security Interface 2 You already own a key and or key pair Then you can import the key pair if necessary together with certificate as a PFX file Please refer to Chapter 3 1 2 File Menu Import on how to Import keys Use of these functions requires that you are logged into the smart card go to Token Login and enter your User PIN The generation of a key pair private and public key is accessed from the Token Generate Key Once the generation process is finished you can view these keys in the left panel under Container or Symmetric Keys Create Certificate Request and Create
9. 1 Configuring Mall rastrear ice pee need ea kno nu hk n ariana dele lies a Ea eaa RE 24 6 2 Configuring Entourage saena aaeeea nere a AAE AEAN A REP T ARV T RR PERRA DIRAS 24 1 Introduction Thank you for purchasing the Charismathics Smart Security Interface CSSI for Mac CSSI for Mac provides modules that are needed in order to integrate different smart cards and USB tokens into your applications The functionality ranges from administration of the card to modules supporting the operating system to use token The following file structures profiles are supported Charismathics corporate profile PKCS 15 profile AET profile PIV profile IAS ECC profile CNS profile Fineld profile CSSI for Mac User Edition is comprised of the following modules ScardUtility app Information on how to use this tool is described in Chapter 4 Smart Security Interface Utility Installed in the following location Applications Charismathics libcmP1i1 dylib e Information on how to use this library and configuring its supported applications is explained in Chapter 5 Configuration of Applications supported by libcmP11 dylib e Installed in the following location Applications Charismathics CSSI tokend Information on how to use this module and configuring its supported applications is explained in Chapter 6 Configuration of Applications supported by CSSI tokend Installed in the following location Library Security
10. Configuring libcmP11 dylib in Thunderbird is just the same as Firefox Please refer to 4 1 Configuring Firefox 23 7 Configuring Applications with tokend 7 1 Configuring Mail Prerequisites When Mail app is launched a token needs to be inserted that has a valid certificate for one of the email accounts and its corresponding private key After launching Mail app it will not search again for certificates 1 Open Mail 2 Click New Message 3 Click on the Sign and Encrypt button for signing and encrypting emails View Mailbox Message Format Window Hel Aa AA Get Mail Delete Junk Reply Reply All Forward New Message Subject o 7 2 Configuring Entourage Open Entourage Go to Entourage Account Settings Double click on your email account In the Edit Account dialog select Mail Security tab In the Digital Signing area click the Select button DA UE SS MPs Select your Digital Signing certificate from the list 24 Accounts ex 62 New Delete Make Default Account Settings Options MaibSecurity Digital Signing Mail News Directory Service Signing a message by using a certificate digital ID helps the recipient verify the authenticity of the message iu tplan gmx de POP Signing certificate lt No certificate selected gt Select gt Choose the certificate digital ID that you will use to digitally sign messages fr
11. MIEKA CRI Achancea S Expires Tuesday January 18 2011 2 41 53 PM Germany Time E cn WiSeKey Certifyl vanced Services ou Intern O thi nica da Lj cn OISTE WiSeKey Global Root GA CA ou OISTE Foundat Details EJ en WiSeKey CertifylD Advanced G1 CA ou International Container 2 containers ER ae2315e7 b7f3 4f02 b931 be1a863370b9 ER cfacd591 0b53 47c8 835c fffbfab4c035 Symmetric Keys Okeys Data 0 notes Import Allows you to import RSA keys and certificates from an cer pfx or p12 file You may also drag the file from the finder to the left content list of the token Export Allows you to export certificates in to your computer 12 3 1 3 Edit Menu Undo Z Redo 362 OmniKey CardMan 5121 00 00 Charismath Cut sx d Internals for test Copy 38C Manufacturer Siemens Paste 38V timum Sessions 100 Scenes Delete ESG Mechanisms 19 items cn WiSeKey CertifylD Adv Select All 36A Min SO Length 6 cn OISTE WISeKey Global FeatableProfiles 3 items cn WiSeKey CertifylD Advani Find gt Free Memory O E 3 Private M 33089 Container E rivate Memory iui pra Special Characters XT Semlons T ER ae2315e7 b7f3 4f02 b931 be1a863370b9 e e Sessions 10 ER Card Internal Time cfacd591 0b53 47c8 835c fffbfab4c035 ii FI ag 1 Symmetric Keys Private Memory 33089 0 keys Flags 1037 Data Flags CKF RNG CKF LOGIN REQUIRED CKF USER PIN INITIALIZED CKF TOKEN INITIALIZED fl
12. O PIN PIN of the system operator i e system administrator and the Card PIN The term Card PIN is used for USB Tokens as well Please note that not all cards and tokens support changing all PINs The CSSI for Mac supports alphanumeric PINs and is not restricted to numeric digits in general The User PIN must be entered to write on the card e g key generation storing a certificate delete objects or to use cryptographic functions e g signing or decryption Refer to the table below regarding the default User PIN and User PIN length IMPORTANT After three consecutive wrong inputs the User PIN will be locked A locked User PIN can be unlocked or reset by the SO PIN which is also known as the PUK Refer to the table below regarding default SO PIN and SO PIN length The SO PIN is required for unlocking the User PIN 15 IMPORTANT After ten consecutive wrong inputs the SO PIN will be locked Constraints for PIN lengths PIN default Charismathics Profile PKCS 15 Profile CNS Profile User PIN 11111111 4 8 4 8 4 8 SO PIN 1111111111 8 10 8 10 4 8 Reset PIN As a security measure a token will be locked if a user enters a wrong PIN three times in a row This provides security since an unauthorized person could otherwise check all possible PINs by trial and error if you lost your smart card or USB token or it has been stolen os TVE Mon625PM Q Token Configurator File Edit Token Window Hel
13. S2IUjeuJ Table of Contents 1 htroduction eure dine ede fiie Pete i ied reiecit et 3 2 Supported Hardware and Software Applications eene eeee eene nsen neen nern rennes 4 2 1 Supported Applications asini a eadi ete 4 2 2 Supported Smart CardS sehier ecien nr tunel a i a i 4 2 3 Supported Smart Card Readers eerrereracaa nana enne nennen nnn nn nnne nnn 7 3 Administration Tool Token Configurator s seen 8 3 1 User Interface E i e aA aaa Foe EE nen ERR ER RES 8 3 1 1 Token Configurator Menu esses nennen tnter nnn 10 3 1 2 sms T 12 3 1 3 Edit MEN ee 13 3 1 4 UI saaadassE 13 3 1 5 Lila aufs 19 4 User Tool Charismathics Smart Security Interface Utility eeeeesess 20 4 1 Change PIN aisian a ERA DARE DRRR DR bean Dis ANDA ADR RRMRTDXERRAPR DER a nda Fa dhs 20 4 2 WinlockePIN ER EE 21 4 3 Change Token SOQ PIN idereizieeen teta eu niche kunt eth pug 4 ERR RR dias Dadas SRREKRERRAERRaADRaAR 21 5 Configuration of Applications supporting Charismathics PKCS 11 Library 22 5 1 Configuring Firefox 2 3 2 2 ses cect ia araa Sica cais RA De LER E TRAE CER RA TRRPDR nena artes 22 5 2 Configuring Thunderbird ainen aaa eee g eoa euet aaa aia 23 6 Configuration of Applications supporting Charismathics tokend 24 6
14. eKey CertifylD Advanced Services CA 1 ou Internz Ej n OISTE WiSeKey Global Root GA CA ou OISTE Foundat leProfile ice ve ERES 5 cn WiSeKey CertifyID Advanced G1 CA ou International ee Memory ype vus f Container i 2 containers Cancel mole El ae2315e7 b7f3 4f02 b931 be1a863370b9 s E cfacd591 0b53 47c8 835c fffbfab4c035 Max gth 10 R Symmetric Keys Private Memory 33089 O keys 1037 Data ags CKF RNG CKF LOGIN REQUIRED CKF USER PIN INITIALIZED CKF TOKEN INITIALIZED 0 notes th 10 ile CORPORATE el test CardOS v4 38 gth 4 er 11 y 1 1 amp Token Configurator File Edit Token Window Help NAS Charismathics Token Configurator Omnikey CardMan 5121 00 00 Charismathics token 01 00 Change the SO PIN PUK m t Card Int Manuf som G Certificates Maximum Sq 3 certificates E en WiSeKey CertifylD Advanced Services CA 1 ou Internz lin S E e E cn OISTE WiSeKey Global Root GA CA ou OISTE Foundat Creatablef Verify New PIN eo E en WiSeKey CertifylD Advanced G1 CA ou International Free N aq oe EL E E ae2315e7 b7f3 4102 b931 be1a863370b9 a Ej cfacd591 0b53 47c8 835c fffbfab4c035 isa is ca um D Symmetric Keys Private Me y 33089 T 0 key s 1037 Data a CKF RNG CKF_LOGIN_REQUIRED CKF_USER_PIN_INITIALIZED CKF_TOKEN_INITIALIZED O notes M wigeh 30 Profile CORPORATE nel test O i E VE Mon625PM Q CardOS V4 38 th 4 u y 1 T Usually there are 3 PINs on a token the User PIN the S
15. ed APDU 3 Administration Tool Token Configurator Token Configurator offers functions to manage smart card content initialize smart cards manage PINs generate and manage keys and certificates Note After changing the contents of the smart card you need to remove and reinsert the smart card to see the changes in other applications This also applies when you perform Create Profile Generate Key and Imports functions 3 1 User Interface After opening Token Configurator you will see the following interface Token Configurator with no card reader or token inserted Charismathics Token Configurator Token Configurator with smart card smart card reader or token inserted OmniKey CardMan 5121 00 00 Charismathics token 01 00 Certificates 3 certificates Ej en WiSeKey CertifyID Advanced Services CA 1 ou Internz EJ cn OISTE WiSeKey Global Root GA CA ou OISTE Foundat E en WiSeKey CertifyID Advanced G1 CA ou International Container 2 containers Ej ae2315e7 b7f3 4f02 b931 be1a863370b9 E cfacd591 0b53 47c8 835c fffbfab4c035 2 Symmetric Keys 0 keys Data Flags CKF_RNG CKF LOGIN REQUIRED CKF USER PIN INITIALIZED CKF TOKEN INITIALIZED 0 notes 1 10 CORPORATE test CardOS V4 38 4 e The top tabs display the smart card readers that are connected to the system Smart card readers and virtual USB token readers are displayed in the same window Once a token has been inserted an additional
16. em on the drop down list Click on Add E cS Ee rator File Edit Token Window d Que Token Configurator Preferences jor OmniKey CardMan 512 Additional Card To Support E Name Historical Bytes Certificates Oberthur Cc 3 3 certificati Cosmo vd Type COP E en WiSeKe Oberthur Cc Ej en OISTEY Oberthur Cc Ej en WiSeKe Oberthur ID Cancel Add Container NetKey TCC ui 2 containers Telesec TCOS 2 00640514020231809000 Ej ae2315e74 NetKey E4 2000 00640560020331809000 Ej cfacd591 TCOS USB Crypt Token 00640561020331809000 A Symmetri Telesec TCOS 2 x 00640578020331809000 9n O keys JCOP 20 00644A100432059000 Data Micardo P2 1 0068D276000028FF051E3180009000 Bleu o 0 mui maso Hors Micardo EC 2 3 0068D276000028FF05233180009000 CardOS V4 2 CNS 00680508C806011101434E53103180 CardOS V4 2 CNS 00680508C806012101434E53103180 CardOS V4 3 CNS 00680508C807011101434E53103180 CardOS V4 3 CNS 00680508C807012101434E53103180 CardOS V4 3B CNS 00680508C808011101434E53103180 CardOS V4 3B CNS 00680508C808012101434E53103180 FE Done The newly added card can now be viewed on the Supported Cards list Quit Token Configurator Quits the Token Configurator application 11 3 1 2 File Menu Close OmniKey CardMan 512100 00 Chi Import 8 B om Export SE Certificate Certificates Page Setup OP WiSeKey CertifyID Advanced Services CA 1 3 certificates Print sp Intermediate certificate authority
17. et up a new profile with the Card PIN The Card PIN will be determined during the initialization and can only be changed afterwards by creating a new profile The length of the Card PIN is exactly ten characters amp Token Configurator File Edit Token Window Help 2 E 4 E Mon6 29PM Q na Charismathics Token Configurator OmniKey CardMan 5121 00 00 Charismathics token 01 00 Card Profile CORPORATE 1 Label Charismathics Certificates s Serial Number 123 e p Container pa Card PIN 0987654321 Qj Symmetric Keys R A SO PIN coccsvenoo pus Verify SO PIN eee eese eee User PIN eeeeeees Verify User PIN esee Ges CRE rap 7c11250c75152115 0 Smart card with profile If there is already a profile on the card and you want to create a new one the existing profile will be deleted as a first step To erase the profile you need to enter the Card PIN used to initialize the card The default Card PIN is 0987654321 Empty Smart Card During initialization the Card PIN the SO PIN the User PIN and a Serial Number are required Additionally a Label for the token can be assigned IMPORTANT After ten consecutive wrong inputs the PIN is locked and the card cannot be deleted anymore i e if the Card PIN the SO PIN and the User PIN are locked the token is useless 18 3 1 5 Window Menu Minimize Zoom Certificates 3 certificates EJ en WiSeKey CertifylD Advanced Services CA 1 ou Intern EJ e
18. list of supported cards just go to Token Configurator Preferences Supported Cards OmniKey CardMan 512 Supported Cards Logging F Name Historical Bytes Certificat p 0031C06477E30300829000 g cen 0031C06477E91000019000 Ej cn Wisel Oberthur Cosmo ID one V5 4 0031C06490E31100829000 5 cos Oberthur CosmopollC 64K V5 2 0031C06480F31000019000 Ej cn Wsel Oberthur ID one Cosmo V7 0 0031C06480FC1000019000 Container NetKey TCOS V2R1 0064050A020131809000 ui 2 containers Telesec TCOS 2 00640514020231809000 E ae2315e7 NetKey E4 2000 00640560020331809000 Ej cfacds91 TCOS USB Crypt Token 00640561020331809000 Symmetril 00640578020331809000 okeys 00644A100432059000 Data 0068D276000026FF051E3180009000 LPIN_INITIALIZED CKF_TOKEN_INITIALIZED 0 notes E 0068D276000028FF05233180009000 00680508C806011101434E53103180 CardOS V4 2 CNS 00680508C806012101434E53103180 CardOS V4 3 CNS 00680508C807011101434E53103180 CardOS V4 3 CNS 00680508C807012101434E53103180 CardOS V4 3B CNS 00680508C808011101434E53103180 d 8 00680508C80801210 4 03180 N 5 Adding supported cards Token Configurator can be used to associate smart card operating systems with new ATRs 10 Follow these steps to make a new ATR Card OS association Go to SmartCard Admin Preferences Supported Cards Tab Click on the sign found in the lower left corner Enter the Historical Bytes Select the Type of the smart card operating syst
19. n OISTE WiSeKey Global Root GA CA ou OISTE Foundat Ej en WiSeKey CertifylD Advanced G1 CA ou International Container 2 containers ER ae2315e7 b7f3 4f02 b931 be1a863370b9 ER cfacd591 0b53 47c8 835c fffbfab4c035 Symmetric Keys 0 keys Data notes Minimize Bring All to Front Mechanisms Min SO Length CreatableProfiles Free Memory Free Private Memory Sessions Max RW Sessions Card Internal Time Maximum PIN length Private Memory Flags Flags Max SO Length Installed Profile Label Model Minimum PIN length SerialNumber Memory RW Sessions est v Charismathics Token Configurator 10 33089 1037 CKF RNG CKF LOGIN REQUIRED CKF USER PIN INITIALIZED CKF TOKEN INITIALIZED 10 CORPORATE test CardOS V4 38 4 1l 1 1 Minimizes the Token Configurator window Zoom Maximizes the Token Configurator window 19 4 User Tool Charismathics CSSI This tool exposes all relevant functions if you acquired Charismathics Smart Security Interface in the user edition Insert your smart card in the reader and open Charismathics Smart Security Interface Utility by following the path Applications Charismathics ScardUtility app 4 1 Change PIN Change Token PIN nlock Token PIN Change Token SO PIN Card label citrix test Here you can change the PIN of your Smartcard Old PIN J 4 New PIN Confirm the New PIN 9 Alphanumeric Numeric Hexadecimal Change PIN
20. om this account E charismathics cm DEVSERVER CA Gree OD A signed messages Learn about digital signing and encryption Cancel OK 7 Click Choose Select your Encryption certificate from the list Click Choose 10 Once you have selected your certificates set the following options Select Digitally sign all outgoing messages by default Select Send digitally signed messages as clear text This ensures that recipients can read your signed messages It is important if your recipient is using a web based or mobile mail client Select Include my signing and encryption certificates in signed messages This option includes your public encryption key so that someone else can use it to send you encrypted messages 25 Account Settings Options Digital Signing Signing a message by using a certificate digital ID helps the recipient verify the authenticity of the message Signing certificate charismathics e Signing algorithm m Digitally sign outgoing messages by default m Send digitally signed messages as clear text M Include my signing and encryption certificates in signed messages Encryption Other people use your encryption certificate digital ID to send encrypted messages to you Encryption certificate lt No certificate selected Select Encryption algorithm 3DES more compatible b M Encrypt outgoing messages and attachments by default Learn about
21. p ere Charismathics Token Configurator Omnikey CardMan 5121 00 00 Charismathics token 01 00 A Reset the PIN with the SO PIN a Card Int om Jo Certificates i E cn WiSeKey CertifyID Advanced Services CA 1 ou Interne 7 pailap e Verify New PIN o E cn OISTE WiSeKey Global Root GA CA ou OISTE Foundat E en WiSeKey CertifyID Advanced G1 CA ou International y Container are contar Cancel Apply E ae2315e7 b7f3 4f02 b931 be1a863370b9 T E cfacd591 0b53 47c8 835c fffbfab4c035 M i 10 Symmetric Keys te Me y 33089 O keys 1037 CKF RNG CKF_LOGIN_REQUIRED CKF_USER_PIN_INITIALIZED CKF_TOKEN_INITIALIZED 10 CORPORATE jel test CardOS V4 38 Data 1 1 1 But it might happen that you have entered the wrong PIN three times even as a legitimate owner of the smart card In this case the smart card will be locked as well Therefore you can unlock the smart card with the Reset PIN option if you know the SO PIN a Generate Key To use the smart card for digital signatures or encryption you need a key pair which is composed of a private and a public key The private key must be securely stored and the public key must be accessible to communication partners by a certificate These keys and certificates can be generated and managed by Token Configurator 16 f Token Configurator File Edit Token Window Help AA E Mon626PM Q e Charismathics Token Configurator OmniKey CardMan 5121 00
22. smart cards libcmP11 dylib ACOS A Trust Card m ACOS A04 ACOS EMV A03 ACOS A05 ACOS SMARTMX ActivIdentity Card Axalto Cyberflex Access V2c CardLogix Java 2 2 1 Feitian FIPCS COS Feitian FTJCOS Siemens CardOS M4 01 a Siemens CardOS V4 20 Siemens CardOS V4 2B Siemens CardOS V4 2c Siemens CardOS 4 2C DI Siemens CardOS V4 30 Siemens CardOS V4 3B Siemens CardOS V4 4 Gemalto EMV PKI Gemalto TOP IM GX4 Gemalto IAS ECC GemXpresso Pro R3 2 JCOP 20 JCOP 21 JCOP 30 JCOP 31 JCOP 41 JCOP J2 JCOP J3 JCOP J4 jTOP JCX32 36 KONA 10 KONA 132 KONA 25 KONA 26 Keepod Micardo EC 2 x Morpho Orga YPS ID2 Morpho YPS ID3 IAS ECC NetKey E4 2000 Oberthur Cosmopo RSA V5 x Oberthur CosmopolIC 64K V5 2 Oberthur Cosmo ID One V5 2 PIV Oberthur ID One Cosmo V7 0 Oberthur ID One Cosmo V7 0 DI Oberthur ID One Cosmo V7 0 n Oberthur ID One Cosmo V7 0 a Oberthur ID One v7 IAS ECC PAV Card ABACOS Privaris PlusID 60 75 90 Setec SetCard Sm rtCafe Expert 2 0 Sm rtCafe Expert 2 1 Sm rtCafe Expert 3 0 Sm rtCafe Expert 3 1 Sm rtCafe Expert 3 2 Sm rtCafe Expert 64k Sm rtCafe Expert 5 0 StarCOS 3 0 StarCOS SPK 2 3 StarCOS SPK 2 4 StarCOS SPK 3 0 TCOS 2 x Wibu Code Meter Dongle Watchdata TimeCOSPK NetKey PKS 2000 E4 CSSI PIV for Mac is tested with the following PIV CAC cards Cyberflex Access 64K V1 SM 4 1 CosmopollC 64K V5 2 Fast ATR 2 Cyberflex Access 64K V2c
23. tokend CSTC Charismathics Security token configurator for Mac is not included in CSSI User edition tool and has to be purchased separately It is comprised of the following modules Token Configurator app Information on how to use this tool is described in Chapter 3 Administration Tool Token Configurator Installed in the following location Applications Charismathics CSSI for Mac enables you to use additional applications and services that use this standard interface In particular the following applications can be augmented by CSSI Smart card login to Mac SSL Authentication by smart card Mozilla Firefox Safari Google Chrome Email security with cards using Thunderbird Email Security with Office mac 2011 Centrify Smart card login to Active Directory Domain Adobe Acrobat Email security with cards using Mail app and Entourage VPN 2 Supported Hardware Software Applications 2 1 Supported Applications CSSI for Mac supports the following applications Client OS Component Applications Usage Mac OS X 10 5 6 CSSLtokend e Smart card login into Mac and higher Email security with Mail app Safari Google Chrome Email security with Entourage Keychain viewing of certificate and keys VPN Adobe Acrobat Digital Signing Centrify Mac Smart card login to AD Email security with Thunderbird SSL Authentication with smart card in Firefox 2 2 Supported Smart Cards CSSI for Mac is tested with the following
24. uter accounts One common example are Automatic Teller Machines ATMs When the user entered the correct PIN the user is granted access to the system f Token Configurator File Edit Token Window Help D i TEVE Mon6 22PM Q nue Charismathics Token Configurator OmniKey CardMan 5121 00 00 Charismathics token 01 00 0 Card Interna ov Job a dm Certificates Type PIN O SO PIN Cj en WiSeKey CertifyID Advanced Services CA 1 ou Internz t l 5 cn OISTE WiSeKey Global Root GA CA ou OISTE Foundat e C Cancel OK E cn WlSeKey CertifyID Advanced G1 CA ou International 9 Container y 33089 0 El ae2315e7 b7f3 4f02 b931 be1a863370b9 e E cfacd591 0b53 47c8 835c fffbfab4c035 10 Symmetric Keys v emory 33089 Vids 1037 Data CKF RNG CKF LOGIN REQUIRED CKF USER PIN INITIALIZED CKF TOKEN INITIALIZED 0 notes 10 e CORPORATE e test CardOS V4 38 4 1l y 1 1 Prior to operations on the token the user is required to log in with his User PIN or SO PIN Once logged in additional information becomes available both within the left and the right panel Failing to enter the correct User PIN three times in a row locks the card See Reset PIN on how to clear the lock The hardware configuration and user settings determine the initial PIN entry method To change the entry method click on the drop down button and choose an entry method Supported entry methods are ASCII Every character is
25. valid However the card may not support unusual characters Numeric Each character of the PIN needs to be a number 0 9 This can be used to ensure PINPAD compatibility Hex The PIN has to be entered in a hexadecimal format Two digits will be converted to one character of the PIN e g 61 to a 62 to b 63 to c For each digit the valid values are characters 0 9 and a f PINPAD This option is only available when a reader with a pinpad is connected and authentication to the inserted token is possible via secure PIN entry When this option is selected the edit text for the PIN will be disabled and the user must input the PIN from the corresponding Secure PIN Entry SPE reader Logout This item works analogous to the Login option Change User PIN and Change SO PIN 14 These functions work very similar to each other These functions are always available and all require an authorization PIN to make a change The changed value has to be entered twice to avoid mistyping All values are masked with bullets to provide privacy The PIN entry method can be changed the same way as in the login dialog Token Configurator File Edit Token Window Help FE Mon6 amp 24PM Q nos Charismathics Token Configurator OmniKey CardMan 5121 00 00 Charismathics token 01 00 Card Internal mu Job ASCII TECHN Certificates certificate 4 gt li Ej en WiS
Download Pdf Manuals
Related Search