It contains your name and other identifying information. The certificate is the public part of your digital certificate. Generated on-board and never leaves the device for signing and encryption operations. They serve as an impenetrable safe for the private key, ensuring that only the intended user has access to it. This is the main benefit of these devices. An impersonator can read eyes-only messages or sign documents as you.Īs a result, it is important to keep the private key secure. Anyone who has access to the private key can impersonate you without detection. Piece of information that uniquely identifies you within the Public Key Infrastructure. There are two parts to a digital certificate: a private key and a certificate. Corporations that produce and manage their own certificates can grant/revoke access to critical applications/data in a matter of minutes.Ī digital certificate is a set of electronic credentials that uniquely identify an individual. The GemPlus site provides an excellent example of the ability to issue a digital certificate online, for access to company protectedĭata using standard browsers. A major advantage is that the RSA private key is generated on the device and never leaves it.ĭigital certificates can be ordered online and placed on the device in a matter of minutes. Vendors have the ability to generate the public/private keys for a digital certificate directly on the device with HTML scripting. Examples of this type of access can be found at the Aladdin eToken site, and of course all the major PKI
The agent has the ability to export the public key of a SSH disk based key, the public key of a certificate, and the certificate itself for uploadingįrom the PKI perspective, the Rainbow iKey2000 in particular has been specifically produced to work with all the main PKI vendors and features the PKCS-11libraries, Entrust libraries, MS-CAPI and is compatible with Baltimore, Entrust,Īdherance to the PKCS-11 and MS-CAPI standards enable access to these devices over the Internet. Protected, the passphrase is requested upon the initial startup of SecureKeyAgent. If a SSH private key or certificate is passphrase SecureKeyAgent supports SSH private keys created by SecureNetTerm, SecureFTP, Putty and those created by the SSH Data Communication SSH client. The agent supports the SSH agent forwarding protocol, thusĪllowing all private keys to reside on the users workstation or within a smart card or USB token. Requests for RSA private key authentication for those keys located on a smart card or USB token in done by the device itself, the private key never leaves the device. It supports disk based SSH keys and well as those contained on smart cards, USB tokens, and within the Microsoft browser certificate store for the TLS,
#Secure netterm software windows#
The key agent runs as a program in the windows tray, and providesĭigital certificate and SSH public/private key authentication support. SecureKeyAgent is a Microsoft Windows application designed to be a private security container for public/private keys used by SecureNetTerm and SecureFTP.