...
Depending on your License, you will have to decide if you want SmartCard supported decryption (Enterprise only) or software. Once you setup everything click the save button and the configuration will be available for all tools.
Software
Software Decryption uses a private key that is available in the file system.
...
If you do not have a private key, simply click generate and the tool will create a new RSA Keypair and ask you where to save it. Alternatively you can simply load a private key you already saved previously.
Smart Card
This is the most secure way to handle your private key. The key is generated and stored on a smart card (PKCS#11 compatible with 2048bit RSA support) and cannot be exported onto the computer and thus also never be compromised unless you loose the smart card or dongle.
...
- Gemalto: "C:\Program Files (x86)\Gemalto\IDGo 800 PKCS#11\IDPrimePKCS11.dll"
- OpenSC (i.e. YubiKey): "C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll"
If the card is not detected automatically click on the "Check Card" button.
| Info |
|---|
Depending on your driver and key you can automatically generate certificates. Most setups require a seperate utility to generate a certificate. Make sure it is RSA2048 |
In case no key has been identified you can use the "Create Key" Button.
| Info |
|---|
Autodetection works by having a certificate with the rsa 2048 key with an X509EnhancedKeyUsageExtension OID of 1.3.6.1.5.5.7.3.4 (id_kp_emailProtection) |
Once you selected a key, make sure to test encryption once to see if en- and decryption work.