Specifications
Tokens
106 |
Endpoint Encryption Connector Manager G2 for Active Directory is necessary. For
documentation about the Endpoint Encryption Connector Manager, please contact your
McAfee representative.
Also, be mindful that the Generic PKI token only works with Endpoint Encryption for
Files and Folders and not any other Endpoint Encryption product, e.g. Endpoint
Encryption for PC. Please see the documentation for other Endpoint Encryption
products regarding token support for each.
In order to get the Generic PKI token to work, the CSP from the corresponding smart
card manufacturer must be properly installed on the client side. Also, the exact name
of the CSP must be known and entered into a configuration file in the Generic PKI
token file group.
There is a separate White Paper that describes the Generic PKI token more in detail,
e.g. what INI file to edit. Please contact your Endpoint Encryption representative to
obtain this document.
Installation
This feature is installed by selecting the corresponding entry in the Tokens section
when first installing the Endpoint Encryption central systems. If selected, there will be
a file group in the subsequently created Endpoint Encryption database containing the
Generic PKI token files. This file group will be available as an option when creating the
Endpoint Encryption for Files and Folders installation set. If you want your Endpoint
Encryption for Files and Folders clients to support the Generic PKI token, this file group
must be included in the installation set.
The Generic PKI token requires the exact name of the CSP used on the client side to
be known and entered into an INI file. It may make sense to create copies of the
“Generic PKI token files” file group in the Endpoint Encryption database and edit the
appropriate file in each group to correspond to the CSP it will support, e.g. you may
have one Generic PKI token files – RSA file group and another file group called
Generic PKI token files – Siemens for those deployments where a Siemens PKI
token will be used.
As mentioned, for the Generic PKI token to work, the exact name of the third-party
CSP must be entered into the SbTokCSP.INI file in the Generic PKI token file group,
i.e. manually edit the
INI file outside the database and then import (replace) the
same file into the corresponding file group. Thus, if you have a Generic PKI token file
group aimed at RSA tokens, edit the
SbTokCSP.INI with the name of the RSA CSP
and then import it to the file group Generic PKI token files – RSA. The edit of the