In addition to being used for strong addition, ArcotID PKI can also be used to securely store the Open PKI keys and certificates. These keys are typically used for different applications or operations such as, email signing (S/MIME), document signing, and certificate-based authentication (open PKI).
The location where the open PKI keys and certificates are stored in the ArcotID PKI is called key bag or key vault. The key to access the secure key bag is referred to as Key Authority Key (KA Key) and is stored in the AuthMinder database.
To use the private keys that are stored in the key bag, the ArcotID PKI Client makes a request for the KA Key to the AuthMinder Server by signing the request with the camouflaged ArcotID PKI password. The AuthMinder Server authenticates the request, and then sends the KA Key to the client, which uses this key to open the key bag and access the private keys. This mode of accessing the private keys is known as accessing keys Online.
From this release, ArcotID PKI Client enables users to access their private keys offline, which means, to access the private keys, the ArcotID PKI Client need not connect to the AuthMinder Server to authenticate users. This feature helps users to use their private keys even if they do not have access to the network. For example, a roaming user with no connectivity to their corporate network.
To support this feature, the ArcotID PKI Native Client is shipped with the Arcot Offline Tool, which is a utility that is used for accessing the private keys offline. This tool is installed as part of ArcotID PKI Native Client installation, and is available in the system tray of the user’s computer.
This chapter contains the following topics:
|
Copyright © 2013 CA.
All rights reserved.
|
|