I use a hardware token for signing. However, the SafeNet Client wants the password for signing to be reentered all 24h or after a reboot.
If I use Signotaur, I can avoid this problem, can I? Signotaur fetches the certificate and there is no need for the SafeNet Client. Whiyxh in turn means, that I can remove the USB token and store it savely.
Is this correct?
tx Bernd
Hi Bernd
Apologies for the slow reply, not sure how I missed your posts.
In the Safenet client, under the token settings, click on the Advanced tab, set the Pin Validity (days) to the maximum (999).
The under the Client Settings, Password Quality, set the min and max usage to 0. Whilst you are there, go to the Avanced tab and make sure the following are checked :
Copy CA certificates to the local store.
Enable single logon
Enable single logon for PKCS#11
Set Automatic logoff to never.
You cannot remove the token, since it contains the private key which cannot be exported - signing actually takes place on the token.
I have a token from Sectigo where I have no Administrator password, only the token password. Changing the PIN validity however requires the password. As the validity now is set to 0, I assume this is ok too?
Hi Bernd
As far as I can tell, Sectigo does not send out the Administration password, however you can ask them for it - it’s needed if you get locked out due to multiple attempts at using the incorrect pin so I would ask them about it. The default safenet admin password is 48 zeros - but I would check with Sectigo first in case they changed it.
The safenet documentation is a bit vague about what 0 means :
Maximum usage period (days) - The maximum period, in days, before which the password must be changed. Default: 0 (none)
It kinda suggests that 0 means infinite but I am not 100% certain about that