TrustKey Tool User Manual

(1)

(2)

List of Figures

Figure 1 Installation... 8

Figure 2 Installation Successful...9

Figure 3 Trust Key Tool Main Menu...10

Figure 4 Running Label of TrustKey Tool... 11

Figure 5 Trust Key Tool Exit...14

Figure 6 Setting up User PIN... 15

Figure 7 Set PIN Successful and Warning... 16

Figure 8 Device Selection...16

Figure 9 Label Change Dialogue box...16

Figure 10 PIN Verification... 17

Figure 11 Wrong PIN entered warning... 17

Figure 12 PIN Locked...18

Figure 13 PIN Modification... 18

Figure 14 PIN Modified Successfully...19

Figure 15 View Certificate...20

Figure 16 Certificate Registered... 21

Figure 17 Certificate Unregistered Successfully... 21

(4)

Figure 20 Importing certificate by entering PIN... 23

Figure 21 Imported Certificate in the token... 24

Figure 22 Certificate Published Successfully...24

Figure 23 Reset PIN prompting Admin PIN...25

Figure 24 Format Token prompting Admin PIN...26

Figure 25 Warning before Formatting Token... 26

Figure 26 Token Formatted Successfully... 26

Figure 27 Initialization Window... 27

Figure 28 Device Information... 28

Figure 29 Trust Key Support... 29

(5)

1 Introduction

With the development of Internet and fast development of network technology a vast majority

of people communicate with each other online, instead of traditional methods of face to face

meeting. Due to this security authentication becomes vital for the network security, also the

bank transactions and fund transfer becoming online it is very important to protect data. The

USB tokens provide a secure way to store the Digital Signature Certificate.

(6)

2 TrustKey Product

In internet applications, like business, government, network communication and

e-transaction, it is very important to ensure the information security. TrustKey Product is

developed as a solution of this security problem. It provides a convenient and reliable secure

environment for customers.

2.1 TrustKey Tool

High in security

1. Supporting 2048 bits RSA asymmetric cryptographic algorithms and SHA2.

2. Supporting password and hardware authentication.

3. Hardware device provide secure memory space which can be used to store password,

private key and other secret data. The secret data is not exportable; the hardware

device is not replicable.

4. Secure and reliable. All encryptions and decryptions are operated inside the TrustKey

device.

Uniformity specification

1. Following the worldwide universal standards: PKCS#11 v2.1 specification and Microsoft

CSP 2.0 specification.

2. Completely realized the security communication functions supported by SSL and S/MIME.

The specification covers application and storage of digital certificate, digital signature

and verification, encryption/decryption, etc.

3. Using standard interface to connect with browsers, the communications is strictly

abiding browser’s secure communication operating regulations.

4. Supporting certificate’s interoperability between CSP and PKCS#11.

5. Supporting certificate application and secure email exchange in the environment of

IE/Outlook, Foxmail, NetScape, Mozilla and Firefox/Thunderbird.

6. Supporting X. 509 v3 certificate storage.

Excellent compatibility

1. No need to install special TrustKey driver, the driver integrated inside the Windows

Operating System is used there by eliminating the driver installation.

(7)

4. Uniform interfaces is used for UDK devices. One suite can supports both HID and UDK

devices.

5. The UI is supported in Windows/ME/2000/2003/XP/Vista/Windows7/Windows 8 and

Windows 8.1/ Linux Operating Systems are all supporting.

Flexible design

1. Using modularized design to meet customer’s dedicated requirements.

2. A convenient platform for user’s certificates management is provided.

3. UI (User Interface) is designed up to customer’s requirements.

4. Secondary development interface is provided.

2.2 TrustKey function modules

TrustKey network security suite includes the following 5 modules:

CSP module:

1. It is a basic interface module based on Microsoft CSP2.0 specification.

2. It is configured at registry.

3. It can be used in IE browser, Outlook and Foxmail for certificate application, security

website visitation and security email service, etc.

PKCS#11 Module:

1. Supporting PKCS#11 v2.1 interface.

2. It is applicable in NetScape/Mozilla browser and ThunderBird email server.

Administrator’s tool:

It provides functions of key initialization, certificate operation and PIN operation, etc.

User’s tool:

It provides not only PIN operations of verification and modification, but also certificate

operations of checking and installation/uninstall.

Background:

At the time of TrustKey plug in and out, certificate registration/revocation will be

automatically done, and application programs will automatically start and end.

2.3 TrustKey using environment

The supporting operating systems are shown as below:

WIN XP SP2 and above

WIN 2000/2003/2008 Server

WINDOWS 7, 8, 8.1

The supporting software includes:

IE/Mozilla/Netscape/ browsers.

(8)

3 TrustKey Tool Installation

The TrustKey comes with the Autorun supported ND (No Driver) feature. User can install the TrustKey tool just by plugging the token into the USB slot, the installation and details of the TrustKey tool is explained in detail below.

3.1 TrustKey Tool Installation

To begin with the installation just plug in the token into the USB slot of the Laptop or PC, the Autorun supported product will automatically install TrustKey tool on the system

1. Once the token is plugged into the USB slot the Autorun features asks for the installation of the token management tool as shown in the Figure 1, just click the install button to proceed with the installation of the software.

(9)

2. The token management software installs as shown in the Figure 2 just click the finish button

(10)

4 TrustKey Tool

4.1 Launching TrustKey Tool

The TrustKey tool can be launched using the short cut icon created on the desktop during

installation, or can be found by clicking Start menu on windows and then finding the Trust Key

Tool can selecting it, the Trust Key Token tool has a easy user Interface as shown in Figure 3.

(11)

During TrustKey administrator’s tool running, the label of the tool will display in the right

bottom corner as Figure 4.

Figure 4 Running Label of TrustKey Tool

4.2 TrustKey Tool Overview

As shown in Figure 3 there are 5 operation available in the main menu for the TrustKey tool

which include the

1. Device Operation

2. Pin Operation

3. Certificate Operations

4. Admin

5. Options

4.2.1 Device Operations

：It enables device selection when several Trustkeys are available.

(12)

: This function exits the administration tool

4.2.2 PIN Operations

：

PIN verification can identify the TrustKey holder for embezzle resistance.

：It is used to modify the PIN.

4.2.3 Certificate Operations

：It is used to view the certificates in the TrustKey.

：

_{It can be used to install the selected certificate in IE.}

：It is useful for uninstall the selected certificate from IE.

：It is used to delete the selected certificate from the TrustKey.

：

It provides the function of import a certificate.

(13)

4.2.4 Admin

: It is used to reset the PIN

: It is used to format the token completely

4.2.5 Options

(14)

4.3 Exit TrustKey tool

 Click the ‘close’ button at upper right corner to exit TrustKey Administrator Interface.

 Can go to Device operations and can exit or

 Go to File and exit

 One can find the File and Help Icons on the top left had corner of the tool, the file Icon

can be used to close the TrustKey Tool, upon clicking the File icon an Exit icon can be

seen as shown in Figure 5

(15)

4.4 Device Operations

4.4.1 Set User PIN

The token has to be entered a user defined PIN, once the TrustKey tool is installed. The length

of the PIN should be between 6-32 (Alpha Numeric). The token prompts Set Pin once the

installation is completed; where in the user need to define his/her PIN (this will be one time

and may be needed if the token is formatted). Figure 6 shows the Set User PIN prompt and

Figure 7(a) shows the successful PIN set.

Figure 6 Setting up User PIN

If the PIN is entered exceed the range of 6 to 32 characters, a warning window like Figure 7(b)

will out to tell you PIN for the token requirements.

(16)

(b)

Figure 7 Set PIN Successful and Warning

4.4.2 Device Selection

When more than one TrustKey tokens are plugged in, you can select a device as needed. It is

illustrated in Figure 8 that there are two available TrustKey tokens: Trust_USB_token(1) and

Trust_USB_token(2).

Figure 8 Device Selection

2.4.3 Change Label

Change Label provides administrators with the interface of change the label of user’s device. It

is shown in Figure 9.

(17)

4.5 PIN Operations

2.5.1 Verify PIN

PIN verification is designed for confirm TrustKey holder’s identity and avoid embezzlement

(theft). The PIN verification interface can be seen in Figure 10.

Figure 10 PIN Verification

Maximum User PIN error counter is set by default to 10 so the user can try to verify the

password a maximum 10 times in case if the user is not fully aware or forgotten his PIN and

wants to guess his PIN. As shown in Figure 11 user gets 10 attempts by default in case of

forgotten PIN. However if the user still not able to verify the set PIN after 10 guess attempts the

token gets locked as shown in Figure 12. The user needs to contact the Trust Key customer care

in case he/she has forgotten the PIN.

(18)

Figure 12 PIN Locked

2.5.2 Modify PIN

The function of PIN modify is provided by the interface like Figure 13.

(19)

The user can modify his User PIN by entering his currently used User PIN and then typing

his/her new user PIN and then confirming the user PIN, in case the token is formatted the

default user PIN would be set to 88888888.

Once the PIN is modified the window as shown in Figure 14 will appear.

(20)

4.6 Certificate Operations

Certificate operation contains 6 functions which are view certificate, install certificate, uninstall

certificate, delete certificate, import certificate and publish certificate.

4.6.1 View Certificate

After entered the certificate operation interface, all available certificates are listed in text area

at upper-right side of TrustKey tool. Choose a certificate as you want, click ‘View’ button at tool

bar or click ‘View certificate’ at the menu bar, a certificate window like Figure 15 will display

and provides all the information about this certificate.

(21)

4.6.2 Register Certificate

Select a certificate you want to install and then click ‘Register’ on the registration a dialogue as

Shown in Figure 16

Figure 16 Certificate Registered

4.6.3 Unregister Certificate

All the available certificates are listed inside the certificate text area please choose a certificate

and press unregister for unregistering once it is successfully done a window appears as shown

in Figure 17.

.

(22)

4.6.4 Delete Certificate

This function enable administrators delete the selected certificate from the token. For safe, a

confirmation is required as shown in Figure 18 and then the certificate is deleted.

Figure 18 Delete certificate

4.6.5 Import Certificate

Click on import certificate and choose the certificate as shown in Figure 19

(23)

Once the certificate is chosen then user needs to enter the password as shown in Figure 20 (a)

Certificate Password (b) Token Password, the certificate gets imported into the token as shown

in the Figure 21.

(a)