Technical notes for HIGHSEC eid App Middleware



Similar documents
TrustKey Tool User Manual

DIGIPASS CertiID. Getting Started 3.1.0

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

Client System Requirements for Brainloop Secure Dataroom as of Version 8.30

I. Configuring Digital signature certificate in Microsoft Outlook 2003:

Adobe Reader Settings

Shakambaree Technologies Pvt. Ltd.

PROXKey Tool User Manual

Exostar LDAP Proxy / Secure Setup Guide. This document provides information on the following topics:

Code Signing Digital IDs GCC Certificate Installation Guide Rev 1.4

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate (Personal eid) WISeKey 2010 / Alinghi 2010 Smartcards

PersonalSign Digital IDs GCC Certificate Installation Guide Rev. 1.2

Secure Part II Due Date: Sept 27 Points: 25 Points

E-CERT C ONTROL M ANAGER

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

HIGHSEC eid App Administration User Manual

Adding Digital Signature and Encryption in Outlook

SafeNet Authentication Client (Mac)

PKI Contacts PKI for Fraunhofer Contacts

PDF Bookmarks Help Page: When clicking on a Bookmark and Nothing Happens (or sometimes 'File Not Found' Error)

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate on Aladdin etoken (Personal eid)

FAQ. F-Secure Online Backup

User Manual Setting of working place for starting to work in the system Customer

NetIQ Advanced Authentication Framework. FIDO U2F Authentication Provider Installation Guide. Version 5.1.0

Installing a Browser Security Certificate for PowerChute Business Edition Agent

6. Is it mandatory to have the digital certificate issued from NICCA? Is it mandatory for the sender and receiver to have a NIC id?...

Use of any trademarks in this report is not intended in any way to infringe upon the rights of the trademark holder.

FAQ. F-Secure Online Backup 2.1

Backup/Restore Individual Brick Level Backup for Microsoft Exchange Server

Sophos SafeGuard Native Device Encryption for Mac Administrator help. Product version: 7

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

Verification of digitally signed PDFs

2) Remove all the certificates listed by following steps 3-5.

Token User Guide. Version 1.0/ July 2013

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

NetIQ Advanced Authentication Framework - Password Filter. Installation Guide. Version 5.1.0

PGP Universal Satellite Version 2.7 for Windows Release Notes

Open a PDF document using Adobe Reader, then click on the Tools menu on the upper left hand corner.

Internet and Help. Table of Contents:

Guidelines for Developing Cryptographic Service Providers (CSPs) for Acrobat on Windows

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on Mail Tab.

SSL Intercept Mode. Certificate Installation Guide. Revision Warning and Disclaimer

X.509 Certificate Generator User Manual

REMOTELY ACCESS YOUR FILES WITH THE FLAGLER FILECONNECT SYSTEM

Network Connect Installation and Usage Guide

Full Disk Encryption Agent Reference

Procedure for How to Enroll for Digital Signature

Installation Manual for Multi-purpose Ecological Risk Assessment and Management Tool (AIST-MeRAM) For Windows 8

CITRIX TROUBLESHOOTING TIPS

Customised version for ČSOB a.s. - English

Foxit Reader Deployment and Configuration

FTP Over SSL (FTPS) Core FTP LE. Installing Core FTP LE"

Live Maps. for System Center Operations Manager 2007 R2 v Installation Guide

Section 1.0 Getting Started with the Vālant EMR. Contents

Speeding up PDF display in Acrobat

Administration Guide Certificate Server May 2013

DOE VPN Client Installation and Setup Guide March 2011

Backup/Restore Individual Brick Level Backup for Microsoft Exchange Server

Ciphermail for BlackBerry Quick Start Guide

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

MessageGuard 3.0 User Guide

Set Up Setup with Microsoft Outlook 2007 using POP3

DOD INTERIM CREDENTIAL IMPLEMENTATION INSTRUCTIONS BlackBerry Devices

The cloud server setup program installs the cloud server application, Apache Tomcat, Java Runtime Environment, and PostgreSQL.

Installation Guide. (You can get these files from

WA1791 Designing and Developing Secure Web Services. Classroom Setup Guide. Web Age Solutions Inc. Web Age Solutions Inc. 1

Citrix Introduction and FAQs

epass2003 User Guide V1.0 Feitian Technologies Co., Ltd. Website:

Djigzo S/MIME setup guide

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

1. To ensure the appropriate level of security, you will need Microsoft Windows XP or above.

Super Pro Net TM Network Key Installation and Operation

Vtiger CRM Outlook Plugin Documentation

Zarafa S/MIME Webaccess Plugin User Manual. Client side configuration and usage.

BlackBerry Business Cloud Services. Administration Guide

PrivateServer HSM Integration with Microsoft IIS

Business mail 1 MS OUTLOOK CONFIGURATION... 2

1 Backup/Restore Files

Setting up secure communication with Ericsson. Guideline for Ericsson partners

Electronic Signature Instructions

Managed Services PKI 60-day Trial Quick Start Guide

Remote Access VPN SSL VPN Access via Internet Explorer

How To Send An Encrypted In Outlook 2000 (For A Password Protected ) On A Pc Or Macintosh (For An Ipo) On Pc Or Ipo (For Pc Or For A Password Saf ) On An Iphone Or

Global Image Management System For epad-vision. User Manual Version 1.10

Set Up Instructions

MED ACCESS USER INSTRUCTIONS FOR INSTALLING THE CITRIX RECEIVER FOR ACCESS TO ALBERTA NETCARE VIA PLB

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on. User Information

User Guide May Using Certificates in Outlook Express

FrontDesk. (Server Software Installation) Ver

Using etoken for Securing s Using Outlook and Outlook Express

Symantec Encryption Satellite for Windows Version 3.3 Release

Installing Sage Accpac ERP CGA 5.6A

Access to Front Office services

Secure User Guide

Yale Software Library

USER GUIDE WWPass Security for (Outlook) For WWPass Security Pack 2.4

Quick Start Guide v4.0 Client Outlook Connection

Secure Outgoing Mail (SMTP) Setup Guide

Outlook Web Access 2003 Remote User Guide

Transcription:

Technical notes for HIGHSEC eid App Middleware Version 2.1 February 2014. 1

Contents 1 Technical Notes... 3 1.1 All Operating Systems... 3 1.1.1 Slowing down of the cards while pairing... 3 1.1.2 Load PKCS#11 into PGP Desktop... 3 1.1.3 Web Browser Plugins detection for eid... 3 1.1.3.1 Internet Explorer... 3 1.1.3.2 Mozilla Firefox... 5 1.1.4 Detect PKCS#11 library in client applications... 5 1.1.4.1 Internet Explorer... 5 1.1.4.2 Mozilla Firefox... 6 1.1.4.3 Mozilla Thunderbird... 8 1.1.5 PGP Desktop key generation... 9 1.1.6 Online authentication using Internet Explorer... 9 1.1.7 File decryption using Abobe Acrobat... 11 1.1.8 Admin application and PGP Desktop... 11 1.1.9 Windows logon and PGP desktop... 11 1.1.10 Firefox/Thunderbird extensions for (new) users... 11 1.1.11 Windows logoff/shutdown and user certificates... 11 1.2 Windows XP SP3 x32... 11 1.2.1 Word 2003 issue... 11 1.2.2 Internet Explorer 7... 11 1.2.3 Internet Explorer 8... 11 1.2.4 Mozilla Thunderbird... 12 1.3 Windows 7 and Windows Vista... 12 1.3.1 Office 2010... 12 1.3.2 Windows Live 2011... 12 1.3.3 Mozilla Thunderbird... 12 1.3.4 CAN/PIN Dialog focus issue... 12 1.4 Windows 8 and Server 2012... 12 2

1 Technical Notes 1.1 All Operating Systems Install latest updates and service packs for your operating system. 1.1.1 Slowing down of the cards while pairing If several different cards are already paired on one computer, the pairing will be slower and slower. Solution: in HSMW-GUI find option delete all current pairings and delete them all. 1.1.2 Load PKCS#11 into PGP Desktop To be able to use HSMW in PGP Desktop load PKCS#11 module first. 1. Install eid App Middleware. 2. Open PGP Desktop. 3. Select the Tools > PGP Options menu. 4. Select the Keys tab and change the synchronize with smart cards and tokens option to the Other and then choose your PKCS#11 module. You will find it in HSMW installation folder, hsmwp11_x86.dll. 5. Press OK and return to PGP Desktop root window. 6. Press Tools > Options > Keys. 7. Wait and PGP Desktop Import Certificate Assistant will be shown. 8. Press Cancel. 9. Restart PGP Desktop. 10. A good indication that you have been successful is whether or not a new keyring (e.g. All Keys, My Private Keys) within PGP Desktop called Smart Card Keys is now displayed. 1.1.3 Web Browser Plugins detection for eid 1.1.3.1 Internet Explorer Start Internet Explorer and click on Tools, Manage add-ons. 3

Picture 1: Click on Manage add-ons In Manage add-ons dialog change Show option to All add-ons. 4 Picture 2: All add-ons in Show option

Picture 3: Installed eid App plugin 1.1.3.2 Mozilla Firefox Start Firefox and open Add-ons Manager. Picture 4: Open Firefox menu and click on Add-ons In Add-ons Manager click on Plugins and find HIGSEC eid App Plugin Picture 5: HIGSEC eid App plugin in Firefox 1.1.4 Detect PKCS#11 library in client applications 1.1.4.1 Internet Explorer Internet Explorer does not use PKCS#11 library because it is CSP application. 5

1.1.4.2 Mozilla Firefox Start Mozilla Firefox and open options menu. Picture 6: Options in Mozilla Firefox In Options windows click on Advanced tab, Encryption tab inside Advanced tab and then on Security Devices button below. 6

Picture 7: Encryption tab into Advanced options Then Device Manager will be shown. On the left side of the window you will find listed Security Modules and Devices. HIGHSEC eid App PKCS#11 Module will be in this list. 7

1.1.4.3 Mozilla Thunderbird Picture 8: HIGHSEC eid App PKCS#11 Module Click on Tools > Options > Advanced > Certificates and then on Security Devices button. Picture 9: Options menu in Thunderbird 8

Then Device Manager will bew shown. On the left side of the window you will find listed Security Modules and Devices. HIGHSEC eid App PKCS#11 Module will be in this list. 1.1.5 PGP Desktop key generation Picture 10: Device Manager window PGP Desktop cannot be used to generate key pair on smart card, because it tries to create a key pair for encryption and digital signing, and that is not allowed by smart card. 1.1.6 Online authentication using Internet Explorer In order to access web sites with online authentication using Internet Explorer, user have to add the web site to the trusted web sites list in Internet Explorer. When Internet Explorer is started, select Tools > Security, then select Trusted Sites and click button Sites. 9

Picture 11: Security tab in Internet Options window New dialog will open. Enter the name of the site (e.g https://www.eidusecase.com) and click Add. The name of the website will appear in the Websites section of Trusted sites dialog. Close the dialog and apply the changes. 10 Picture 12: Trusted sites window

1.1.7 File decryption using Abobe Acrobat If user tries to open a pdf document encrypted by Adobe Acrobat, Adobe Acrobat will ask user to enter smart card PIN twice. 1.1.8 Admin application and PGP Desktop PGP deskop services cause problems concerning exclusive smart card access, which is required by eid App Administration application for some operations. In this case Administration application can report that CAPI or PKCS#11 sessions are active. In order to use Administration application fully functional, PGP Desktop should be uninstalled. 1.1.9 Windows logon and PGP desktop If PGP Desktop is installed and user tries to logon on windows operating system, windows logon dialog can remain frozen until user enters CTRL+ALT+DELETE sequence. In order to prevent this behaviour PGP Desktop should be uninstalled. 1.1.10 Firefox/Thunderbird extensions for (new) users Every user has to enable eid App extensions for it s use. Firefox and Thunderbird extensions are disabled for users which have not yet enabled extensions. Also the extensions are disabled for users which are created after eid App was installed. 1.1.11 Windows logoff/shutdown and user certificates Windows does not allow modification of user certificate store after shutdown and/or logof have been started. Therefore, eid App cannot uninstall end-entity certificates from user certificate store and they will be still available after Windows logon/startup even if card is not available anymore. 1.2 Windows XP SP3 x32 1.2.1 Word 2003 issue Due to a Word 2003 issue, for digital signatures MS Word 2003 uses only certs and keys that have KeySpec value set to AT_KEYEXCHANGE. Certificates with KeySpec value AT_SIGNATURE are not processed (ignored). Solution: use newer versions of MS Word program (e.g. Word 2007) which takes into account certificates with AT_SIGNATURE KeySpec. 1.2.2 Internet Explorer 7 Provided web applications may require cipher suits for SSL that IE7 does not support. If SSL is turned off plugin works OK. 1.2.3 Internet Explorer 8 Provided web applications may require cipher suits for SSL that IE8 does not support. If SSL is turned off plugin works OK. 11

1.2.4 Mozilla Thunderbird Root CA certificates or other CA certificates in the chain should be set as trusted in Thunderbird Authorities Certificate Store. If any of the certificates in the chain is not set as trusted, Thunderbird will not be able to validate user certificate. 1.3 Windows 7 and Windows Vista 1.3.1 Office 2010 Latest Word 2010 and MS Office 2010 updates and service pack should be inslalled. If user does not install latest updates and service pack, Word 2010 will try to use CNG Key Storage Provider in order to get private key associated to esign certificate from smart card and user will not be able to sign the document. Solution is to run MS Office 2010 in comaptibility mode for Windows XP SP3 or to install latest updates. Hotfix kb2412320 for Office 2010. If user do not install latest service pack and updates and if certificate used for email encryption does not posses SMIME capabilities, Outlook 2010 will use RC2 encryption algorithm instead of 3DES (as it is set on Outlook e-mail security settings for particular account), so decryption will not be possible on Outlook 2010. Hotfix kb2475877 for Outlook 2010. 1.3.2 Windows Live 2011 Windows Live 2011 uses RC2 encryption algorithm instead of 3DES. 3DES should normally be used as it is set in account settings. Card is not usable. 1.3.3 Mozilla Thunderbird Root CA certificates or other CA certificates in the chain should be set as trusted in Thunderbird Authorities Certificate Store. If any of the certificates in the chain is not set as trusted, Thunderbird will not be able to validate user certificate. 1.3.4 CAN/PIN Dialog focus issue User must first click on CAN/PIN dialog and then enter CAN/PIN. It is not possible to steal focus in Windows Vista and later OS because this functionality is disabled in OS. 1.4 Windows 8 and Server 2012 Install latest updates and service packs for your operating system. 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information