Configuring Advanced Initialization Settings

To configure advanced settings:

  1. In the Initialize Token window click Advanced.

The Advanced Token Initialization Settings window opens.

  1. Complete the fields as follows:

Field

Description

eToken PKI Client 3.65 compatible

Select to maintain compatibility with Token RTE 3.65.

Password quality settings on token

Select to keep password policy on the token device. (This is enabled only when the 3.65 compatible is selected).

FIPS

Select to enable FIPS support.

FIPS (Federal Information Processing Standards) is a US government approved set of standards designed to improve the utilization and management of computer and related telecommunication systems. The Token PRO can be configured in FIPS.

One-factor logon

Default: disabled.

When one factor logon is enabled, only the presence of the token is required to log on to applications. A password is not required.

2048-bit RSA key support

Select to enable 2048-bit RSA key support (on compatible token).

OTP support

Select to enable OTP support (on compatible token).

Private data caching

In SafeNet Authentication Client, public information stored on the token is cached to enhance performance. This option defines when private information (excluding private keys on the Token PRO / NG OTP / Smartcard) can be cached outside the token.

Select one of the following options:

  • Always (fastest): always caches private information in the application memory. This enables fast performance, as certain information is cached on the host machine. However, this option is less secure than if no cache is allowed.

  • While user is logged on: caches private data outside the token as long as the user is logged on to the token. Once the user logs out, all the private data in the cache is erased.

  • Never: does not cache private data.

RSA key secondary authentication

An authentication password may be set for an RSA key. If this option is used, then in addition to having the token and knowing the token's password, accessing the RSA key requires knowing the password set for that particular key.

This option defines the policy for using this secondary authentication of RSA keys.

  • Always: every time an RSA key is generated, you are prompted to enter a secondary password for accessing this key. Clicking OK generates the key and uses the entered password as the secondary RSA password for that key. Clicking Cancel causes key generation to fail.

  • Always prompt user: every time an RSA key is generated, a secondary password for accessing this key is requested. However, the user can choose to dismiss the prompt (by clicking Cancel), and key generation will continue without using a secondary password for the generated RSA key.

  • Prompt on application request: this enables applications that use secondary authentication for RSA keys to make use of this feature on the token (when creating the key in Crypto API with a user protected flag).

  • Never: secondary passwords are not created for any RSA key and the authentication method uses only the token password to access the key.

Manually set the number of reserved RSA keys

Set the number of reserved RSA keys to reserve space in the token memory. This ensures that there will always be memory available for the keys.

Change Initialization Key

The initialization key protects against accidental initialization and requires a separate password to be entered before initialization can occur.

 

  1. If you want to change the token initialization key see Changing the Token Initialization Key, else, click OK to return to the Initialize Token window.

  2. Click Start.

When the initialization process is complete, a confirmation message is displayed.

 

See Also:

Initializing a Token

Changing the Token Initialization Key