UniToken Integration Guide FreeOTFE Keyfile

From SecuTech Wiki
Jump to: navigation, search


Install the PKI Package

This section explains how to install the PKI package that can be found inside the UniToken SDK. The End User package can be found inside the folder "Redist/Enduser/".

1 Right-click on the PKI package installation file and choose [Run as administrator].Execute the file with an account that has administrator rights on this computer. Bitlocker img01.jpg
2 Click on [Next] in the InstallShield Wizard welcome screen. Bitlocker img02.jpg
3 Input your User Name and Company Name and click on [Next]. Bitlocker img03.jpg
4 Select [Complete] and click on [Next]. Bitlocker img04.jpg
5 Click on [Install] to begin the installation of the PKI package. Bitlocker img05.jpg
6 Verify that the InstallShield Wizard completed successfully and click on [Finish]. Bitlocker img06.jpg

Configure PKCS Support in FreeOTFE

1 In the main menu, go to [Settings], [Security Tokens].
Freeotfe img01.jpg
2 In the [Options] window, under the [PKCS#11] tab, check [Enable PKCS#11 support] and locate and select the library file. By default, the PKI package will install this file in the Windows\System32\ directory. Choose where to save the settings in the field [Save above settings to] and click on [OK] to apply the settings. Freeotfe img02.jpg

Create an Encrypted Volume with FreeOTFE

1 To create a new encrypted volume under FreeOTFE, click on [New]. Freeotfe img03.jpg
2 On the FreeOTFE Volume Creation Wizard welcome page, click on [Next] to begin the volume creation procedure. Freeotfe img04.jpg
3 You can choose to store the encrypted volume as a file or to encrypt a whole partition/disk. Choose the option that best fits your purposes. In this example, we have chosen to store the encrypted volume as a file. Click on [Next] to continue. Freeotfe img05.jpg
4 Choose where you want to store the volume and click on [Next] to continue. Freeotfe img06.jpg
5 Choose the size of your encrypted volume and click on [Next] to continue. Freeotfe img07.jpg
6 Select the encryption algorithm you wish to use to best fit your needs, otherwise continue with the default option. Click on [Next] to continue. Freeotfe img08.jpg
7 Choose the elements used to secure your volume. The more number of options you select, the more you can secure your volume.

We have chosen to use the "Microsoft CryptoAPI" and "PKCS#11 token" options. Click on [Next] to continue.

Freeotfe img09.jpg
8 Check that you have selected the right UniToken device and click on [Next] to continue. Freeotfe img10.jpg
9 Input a password for your encrypted volume. This password doesn’t have to be the same password used on your UniToken. Click on [Next] to continue. Freeotfe img11.jpg
10 Check that the details for the new volume are correct and click on [Finish] to create the volume. Freeotfe img12.jpg

Creating and Storing a Keyfile for the Encrypted Volume within UniToken

1 In the main menu of FreeOTFE, click on [Tools], [Create keyfile…]. Freeotfe img13.jpg
2 Choose the type of your encrypted volume, either a file or a partition. In this step, we have chosen "File". Click on [Next] to continue. Freeotfe img14.jpg
3 Indicate where your encrypted volume is located and click on [Next]. Freeotfe img15.jpg
4 Input the password of your volume and change the supplementary options if desired, then click on [Next]. Freeotfe img16.jpg
5 Choose the directory where you wish to store the keyfile (At this step you cannot directly store the keyfile to the token. You must first save it to your computer and then import it onto your token later). Freeotfe img17.jpg
6 Input a password for your keyfile and change the supplementary options if desired. Click on [Next] to continue. Freeotfe img18.jpg
7 Choose the elements that you want to use for password salting and random padding data. We have decided to choose "Microsoft CrytoAPI" and "PKCS#11 Token". Click on [Next]. Freeotfe img19.jpg
8 Check that the correct UniToken is selected and click on [Finish]. Freeotfe img20.jpg
9 In the main menu, choose [Tools], [PKCS#11 token management]. Freeotfe img21.jpg
10 Input the PIN for the UniToken and click on [OK]. Freeotfe img22.jpg
11 In the [Keyfiles] tab in the "Security Token/Smartcard Management" window, click on [Import] and select the keyfile that you just created. Freeotfe img23.jpg
12 When the dialog box [Keyfile imported successfully as: (Name of the keyfile)] appears, importing of the keyfile has finished.

For improved security, you can choose to securely delete the keyfile stored on your computer and keep only the one inside the UniToken.

Freeotfe img24.jpg


Unlock the Encrypted Volume with the Keyfile stored in UniToken

1 You can now use your UniToken to access the encrypted data. Click on [Mount file] (or [Mount Partition] if you encrypted a whole partition) in FreeOTFE.
Freeotfe img25.jpg
2 Select [PKCS#11] in the "FreeOTFE Key Entry" window, and under the "Security Token/SmartCard PIN" dialog box, input your PIN and click [OK]. Freeotfe img26.jpg
3 Input the password for the keyfile in the "Password" field and select the correct keyfile in the PKCS#11 file. Click [OK] to confirm and access your encrypted volume. Freeotfe img27.jpg

Glossary

Public Key Infrastructure (PKI): a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

Microsoft Cryptography API, MS-CAPI: an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography.

PKCS: refers to a group of public-key cryptography standards devised and published by RSA Security.