Symmetric key backup for SecureLogin in case the smart card is lost

  • 7940491
  • 19-Aug-2009
  • 26-Apr-2012

Environment

SecureLogin SSO

Situation

In NSL v6 and later there is an option to encrypt data with a symmetric key that is stored on the smart card. Is this key backed up in case the smart card is lost, stolen, or damaged?

Resolution

If the option to encrypt using the symmetric key on the smart card is implemented, it is recommended using a passphrase as a backup method of decrypting SSO data in case the smart card is lost, stolen, or damaged.

If other measures are not taken and you only use a key stored on the smart card for encryption and the smart card is lost (or damaged), you will no longer be able to decrypt your SSO credentials or use SecureLogin.


Additional Information

SecureLogin encrypts SSO data to protect a user’s credentials from unauthorized use. Depending on the version of ASL you are running, there are a number of options available. In version 6 and later of SecureLogin, credentials can be encrypted using a randomly generated key stored on the smart card (or PKI, or a passphrase etc.).