User's Manual

CryptoIdentity User Guide – 1. Introduction to CryptoIdentity and CryptoKit

Page- 9

CryptoIdentity 2048

In addition to all the features of CryptoIdentity5, this model supports:

 RSA keys up to 2048 bit

 EEPROM memory 64KB

Additional CryptoIdentity models (ITSEC I-P-FIPS), are also available.

Please note that this guide and CryptoKit applies ONLY to the

CryptoIdentity4, CryptoIdentity 5 & 2048 models. For details about the

ITSEC models, please visit www.cryptoidentity.eutron.com.

1. 1. 3 CRYPTOIDENTITY DEFAULT PINs

Each CryptoIdentity is protected by a PIN and a Security Officer PIN.

The CryptoIdentity PIN is automatically required every time a private key or a private

object stored into the CryptoIdentity is going to be accessed. For example, the PIN is

required to sign or decrypt a message using a private key stored into the token.

The applications accessing the CryptoIdentity private area must specify in

the source code the CryptoIdentity PIN value when running PKCS#11 or

CAPI functions, otherwise the end-users are asked to enter the PIN when

running the application.

A window appears every time the CryptoIdentity PIN is required:

The PIN is required also during private key generation (for example during a digital

certificate enroll).

The Security Officer PIN is mainly used to allow the CryptoIdentity USB token

initialization. Before starting the initialization process (refer to section “3.3 InitToken”) the

Security Officer PIN is required.

Do NOT forget the Security Officer PIN, because this prevents to initialize

the CryptoIdentity token.