Using a token and smart card with Authentication Agent
A token or smart card can be used for authentication when accessing encrypted hard drives. To do so, you must add the file of a token or smart card electronic certificate to the command for creating an Authentication Agent account.
Use of a token or smart card is available only if the computer hard drives were encrypted using the AES256 encryption algorithm. If the computer hard drives were encrypted using the AES56 encryption algorithm, addition of the electronic certificate file to the command will be denied.
To add the file of a token or smart card electronic certificate to the command for creating an Authentication Agent account, you must first save the file using third-party software for managing certificates.
The token or smart-card certificate must have the following properties:
- The certificate must be compliant with the X.509 standard, and the certificate file must have DER encoding.
If the electronic certificate of the token or smart card does not meet this requirement, the administration plug-in does not load the file of this certificate into the command for creating an Authentication Agent account and displays an error message.
- The
KeyUsageparameter that defines the purpose of the certificate must have the valuekeyEnciphermentordataEncipherment.If the electronic certificate of the token or smart card does not meet this requirement, the administration plug-in loads the file of this certificate into the command for creating an Authentication Agent account and displays a warning message.
- The certificate contains an RSA key with a length of at least 1024 bits.
If the electronic certificate of the token or smart card does not meet this requirement, the administration plug-in does not load the file of this certificate into the command for creating an Authentication Agent account and displays an error message.
