UniToken Integration Guide FreeOTFE Secretfile

From SecuTech Wiki
Jump to: navigation, search


Install the PKI Package

This section explains how to install the PKI package that can be found inside the UniToken SDK. The End User package can be found inside the folder "Redist/Enduser/".

1 Right-click on the PKI package installation file and choose [Run as administrator].Execute the file with an account that has administrator rights on this computer. Bitlocker img01.jpg
2 Click on [Next] in the InstallShield Wizard welcome screen. Bitlocker img02.jpg
3 Input your User Name and Company Name and click on [Next]. Bitlocker img03.jpg
4 Select [Complete] and click on [Next]. Bitlocker img04.jpg
5 Click on [Install] to begin the installation of the PKI package. Bitlocker img05.jpg
6 Verify that the InstallShield Wizard completed successfully and click on [Finish]. Bitlocker img06.jpg

Configure PKCS Support in FreeOTFE

1 In the main menu, go to [Settings], [Security Tokens].
Freeotfe img01.jpg
2 In the [Options] window, under the [PKCS#11] tab, check [Enable PKCS#11 support] and locate and select the library file. By default, the PKI package will install this file in the Windows\System32\ directory. Choose where to save the settings in the field [Save above settings to] and click on [OK] to apply the settings. Freeotfe img02.jpg

Create an Encrypted Volume with FreeOTFE

1 To create a new encrypted volume under FreeOTFE, click on [New]. Freeotfe img03.jpg
2 On the FreeOTFE Volume Creation Wizard welcome page, click on [Next] to begin the volume creation procedure. Freeotfe img04.jpg
3 You can choose to store the encrypted volume as a file or to encrypt a whole partition/disk. Choose the option that best fits your purposes. In this example, we have chosen to store the encrypted volume as a file. Click on [Next] to continue. Freeotfe img05.jpg
4 Choose where you want to store the volume and click on [Next] to continue. Freeotfe img06.jpg
5 Choose the size of your encrypted volume and click on [Next] to continue. Freeotfe img07.jpg
6 Select the encryption algorithm you wish to use to best fit your needs, otherwise continue with the default option. Click on [Next] to continue. Freeotfe img08.jpg
7 Choose the elements used to secure your volume. The more number of options you select, the more you can secure your volume.

We have chosen to use the "Microsoft CryptoAPI" and "PKCS#11 token" options. Click on [Next] to continue.

Freeotfe img09.jpg
8 Check that you have selected the right UniToken device and click on [Next] to continue. Freeotfe img10.jpg
9 Input a password for your encrypted volume. This password doesn’t have to be the same password used on your UniToken. Click on [Next] to continue. Freeotfe img11.jpg
10 Check that the details for the new volume are correct and click on [Finish] to create the volume. Freeotfe img12.jpg

Create a Secret File within UniToken to Secure a Volume

1 Under FreeOTFE, select [Tools], [PKCS#11 token management]. Freeotfe img28.jpg
2 In the "Security Token/Smartcard PIN" window, input your User PIN of your UniToken device and click on [OK]. Freeotfe img29.jpg
3 In the [Secret Keys] tab, click on [New]. In the [New PKCS#11 Secret Key] window, input a name for your Secret Key and click on [OK]. Freeotfe img30.jpg
4 A confirmation window will appear confirming that the Secret Key was successfully created. Click on [OK] to close window. Freeotfe img31.jpg
5 Select the Secret File that you created and click on [Secure]. Freeotfe img32.jpg
6 Click on the icon corresponding to your type of volume (file or partition) and select the volume that you want to protect with the Secret Key. Click on [OK] to confirm. Freeotfe img33.jpg
7 A pop-up window will appear asking to confirm the volume you have selected to protect. Click on [Yes] to confirm the selected volume. A dialog pop will appear to confirm that the volume has been correctly protected. Freeotfe img34.jpg

Mount the Encrypted Volume

1 Under FreeOTFE, click on [Mount file] and select your volume.
Freeotfe img35.jpg
2 Enter the password for the volume, then click on [Advanced]. Freeotfe img36.jpg
3 In the "Security Token/Smartcard PIN" window, input your User PIN of your UniToken device and click on [OK]. Freeotfe img37.jpg
4 Select the corresponding Secret Key for the volume and click on [OK] to mount the volume. If the incorrect password is entered or incorrect key is selected, you will not be able to access the volume. Both the corresponding password for the volume and the secret key stored within UniToken are required to access the volume. Freeotfe img38.jpg

Glossary

Public Key Infrastructure (PKI): a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

Microsoft Cryptography API, MS-CAPI: an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography.

PKCS: refers to a group of public-key cryptography standards devised and published by RSA Security.