RSA
Key Secondary Authentication settings
Setting |
Description |
Always |
Every time
an RSA key is generated, the user is prompted to create a secondary
password for accessing the key. |
If the user
clicks OK, the RSA key is generated, and the password entered
becomes the new key's secondary password.
When using the
certificate, the user must authenticate once using the Token Password.
For each operation that requires the RSA key, the user must authenticate
using the secondary password. |
If the user
clicks Cancel, RSA key generation fails. |
Always prompt user |
Every time
an RSA key is generated, the user is prompted to create a secondary
password for accessing the key. |
If the user
clicks OK, the RSA key is generated, and the password entered
becomes the new key's secondary password.
When using the
certificate, the user must authenticate once using the Token Password.
For each operation that requires the RSA key, the user must authenticate
using the secondary password. |
If the user
clicks Cancel, the RSA key is generated without a secondary password.
When using the
certificate, the user must authenticate once using the Token Password.
No additional authentication is required for operations that
require the RSA key. |
Prompt user on application request |
When using
an RSA key generation application that requires secondary passwords
for strong private key protection (such as Crypto API with a user
protected flag, or the PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute),
the user is prompted to create a secondary password for accessing
the RSA key. |
When using
applications that do not require secondary passwords for strong
private key protection, the RSA key is generated without a secondary
password.
When using the
certificate, the user must authenticate once using the Token Password.
No additional authentication is required for operations that
require the RSA key. |
If the user
clicks OK, the RSA key is generated, and the password entered
becomes the new key's secondary password.
When using the
certificate, the user must authenticate once using the Token Password.
For each operation that requires the RSA key, the user must authenticate
using the secondary password. |
If the user
clicks Cancel, RSA key generation fails. |
Never |
Secondary passwords
are not created for new RSA keys.
When using the
certificate, the user must authenticate once using the Token Password.
No additional authentication is required for operations that require
the RSA key. |
Token authentication on application request |
Secondary passwords
are not created for new RSA keys.
When using the
certificate, the user must authenticate once using the Token Password. |
When using
an RSA key generated by an application that requires secondary
passwords for strong private key protection (such as Crypto API
with a user protected flag, or the PKCS#11 CKA_ALWAYS_AUTHENTICATE
attribute), the user must authenticate using the Token Password
for each operation that requires the RSA key. |
When using
an RSA key that was not generated by an application that requires
secondary passwords for strong private key protection, no additional
authentication is required for operations that require the RSA
key. |