Video Screencast Help

A question-based authentication token

Created: 19 Mar 2013 • Updated: 20 Mar 2013 | 7 comments
This issue has been solved. See solution.

 

First of all, I apologize for my bad English.
 
I am currently using PGP WDE encryption of the system partition.
Authentication is a USB token (Aladdin eToken PRO 72k) which works perfectly. I did not want to set a user password.
With that, I run the risk of disappearing USB token or simply fail one day.
 
I have a question I can not find a clear answer anywhere.
 
The question is: If the USB token fail one day and buy a new one and re-export the key for him will be able to access the system again?
 
 
Operating Systems:

Comments 7 CommentsJump to latest comment

Alex_CST's picture

Yes, you can just assign that token to the user again as you did originally with the first one.  You can have many tokens to one user

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

ti26's picture

Alex, I can make this process of re-export the key to a new token using another computer?

Tom Mc's picture

An eToken is secure - you cannot export any private keys from it.  So, to have the private key on more than one eToken, you must generate your key in PGP Desktop and then import it to the eToken.  You can them export/import it from your PGP Desktop as much as desired.  And after having all the secure backups you want, you can delete if from your computer keyring if you wish.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

ti26's picture

 

I forgot to add in my last comment that I have a backup of my private key in another location.
So if the eToken fails ... I can export this key backup to a new eToken using a different computer and regain access to my?
Tom Mc's picture

I would expect this to work.  Although it has been a very long time since I've seen this discussed, I recall at least one person reporting problems with doing this.  So, I would suggest that you actually give it a try to confirm there is not a problem for you.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

SOLUTION
ti26's picture

 

Perhaps the serial number of the token somehow connected PGP WDE authentication. But it is only a guess.
I read the entire manual and did not find any reference to this.
 
I only intended to use this form of authentication. The advantage of this is the immediate destruction of data, if I want to get rid of the token.
 
I would use only the token-based authentication. I do not like password. A good password would take thousands of years for a possible violation. But I would totally eliminate that possibility.
 
I would feel more comfortable that way.
 
The downside of all this is that the device (token) were to disappear someday would lose my data forever.
 
That's why I have doubts about my question.
 
 
 
 
 
Tom Mc's picture

Understandable.  I would again suggest personally testing it on your equipment, to make sure.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &