[SBox.KeyRenewalWizardKS]/[SBox.KeyRenewalWizardGP]

Types of accounts

The following table lists the types of accounts available in SDS Enterprise:

 

KS1

Password account with a single key to sign and encrypt.

KS2

Password account with two different keys to sign and encrypt.

GP1

Card account with a single key to sign and encrypt.

GP2

Card account with two different keys to sign and encrypt.

Parameters

The following table details the content for each section based on the account type XXX

Parameter KS GP Type Description
Pkcs12Import # #

The new account’s key (or keys) can be imported from a PKCS#12 file.

  • 0: No (default),
  • 1: Yes.
InternalKeys   #

In smart card or USB token mode (GP1 or GP2), keys are extracted:

  • 0 = by SDS Enterprise, in memory
  • 1 = by the card (default)

NOTE
When keys are generated via smart card, they may be created by the smart card itself, or in memory, depending on the vendor’s implementation or the configuration of the key's PKCS#11 layer.
UsrPwdCharSet #  

Syntax: abc where “abc” are 3 uppercase hex digits (0->F), indicating the minimum number of characters in a password:

  • a: number of alphabetical characters,
  • b: number of numeric characters,
  • c: number of other characters.

Default value: 000.
UsrPwdMinLen #  

Minimum length for a password (decimal). The value must be between 0 (default) and 64. If the value entered is greater than 64, the maximum value (64) is used.
KeepCardObjects   #

Do not destroy non-reused objects check box:

  • 00 : check box unchecked and grayed out (default),
  • 01: box unchecked and accessible,
  • 10: box checked and uneditable,
  • 11: box checked and accessible.
ExportKeys   #

If a key was not extracted by the smart card or token (if <InternalKeys> = 0), SDS Enterprise may display a window offering to save this key in a PKCS#12 file (to save it) or to copy it in the user's keystore (to be used later).

  • 0 : page not displayed (default),
  • 1 : displayed.
NoExtractableK # #

At the time of creation, indicates whether the private keys are marked as not being able to be exported:

  • From the keystore for KS1 and KS2 modes,
  • From the smart card in GP1 and GP2 modes.

Allowed values are:

  • 0: No (default for KS1 and KS2 modes),
  • 1: Yes (default for GP1 and GP2 modes).
DisableCreateSelf # #

Prohibits a self-certified key from being used, whether for creating an account or for renewing a key.

  • 0: Authorizes the extraction of a self-certified key (default),
  • 1: Prohibits the use of a self-certified key.
AutomaticRenewFromCard    

For [SBox.KeyRenewalWizardGP]

With a Card or SSO account, when the new encryption or signature key is already in the card or in the user's Windows certificate store, this option allows automatic renewal of the key when the previous one expires:

  • 0: no automatic renewal (by default),

  • 1: automatic renewal with user confirmation message,

  • 2: automatic renewal without user confirmation message.

IMPORTANT
The value 1 allows the user to refuse renewal. However, after a refusal, the update is not proposed. Therefore, using this value is not recommended.