Setting the RSA Key Secondary Authentication Field

The following table explains the options for the RSA key secondary authentication setting.

RSA Key Secondary Authentication settings

Setting

Description

Always

Every time an RSA key is generated, the user is prompted to create a secondary password for accessing the key.

If the user clicks OK, the RSA key is generated, and the password entered becomes the new key's secondary password.

 

When using the certificate, the user must authenticate once using the Token Password. For each operation that requires the RSA key, the user must authenticate using the secondary password.

If the user clicks Cancel, RSA key generation fails.

Always prompt user

Every time an RSA key is generated, the user is prompted to create a secondary password for accessing the key.

If the user clicks OK, the RSA key is generated, and the password entered becomes the new key's secondary password.

 

When using the certificate, the user must authenticate once using the Token Password. For each operation that requires the RSA key, the user must authenticate using the secondary password.

If the user clicks Cancel, the RSA key is generated without a secondary password.

 

When using the certificate, the user must authenticate once using the Token Password. No additional authentication is required for opera­tions that require the RSA key.

Prompt user on applica­tion request

When using an RSA key generation application that requires secondary passwords for strong private key protection (such as Crypto API with a user protected flag, or the PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute), the user is prompted to create a secondary password for accessing the RSA key.

When using applications that do not require secondary passwords for strong private key protection, the RSA key is generated without a secondary password.

 

When using the certificate, the user must authenticate once using the Token Password. No additional authentication is required for opera­tions that require the RSA key.

If the user clicks OK, the RSA key is gen­erated, and the password entered becomes the new key's secondary password.

 

When using the certificate, the user must authenticate once using the Token Password. For each operation that requires the RSA key, the user must authenticate using the secondary password.

If the user clicks Cancel, RSA key generation fails.

Never

Secondary passwords are not created for new RSA keys.

 

When using the certificate, the user must authenticate once using the Token Password. No additional authentication is required for operations that require the RSA key.

Token authentica­tion on application request

Secondary passwords are not created for new RSA keys.

 

When using the certificate, the user must authenticate once using the Token Password.

When using an RSA key generated by an application that requires secondary passwords for strong private key protec­tion (such as Crypto API with a user protected flag, or the PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute), the user must authenticate using the Token Password for each operation that requires the RSA key.

When using an RSA key that was not generated by an application that requires secondary passwords for strong private key protection, no additional authentication is required for operations that require the RSA key.

 

 

SafeNet Authentication Client

© Copyright 2013 SafeNet Inc. All rights reserved.