Creating a PGP Key on a smart card or token gives you an extra layer of security in that you can keep your PGP keypair with you instead of leaving it on your system: a PGP keypair on a smart card or token is less vulnerable than the same keypair stored on your computer because you can keep the smart card or token with you.
You can use only keypairs stored on the token. You must either create a keypair on the Aladdin eToken, or send an existing keypair to the token by choosing Add To from the right-click shortcut menu.
When you create a keypair on a token, or when you send an existing keypair to the token, the passphrase to the private key of that keypair changes to the PIN of the token. For an Aladdin eToken, the default PIN is 1234567890. Because this is a well-known default PIN, you should immediately change the PIN using Aladdins configuration tools so that the security of the keypair is not severely reduced.
|Warning: Using a keypair on a token to authenticate to a disk or partition encrypted using PGP Whole Disk Encryption increases your security, but if you lose the token you can no longer authenticate to the PGP BootGuard login screen, and all the data on the disk or partition is lost.
For this reason, consider adding other users (passphrase, token, or both) to a disk or partition encrypted using PGP Whole Disk Encryption. If your token is lost or stolen, those additional users can authenticate and unlock the disk or partition for you.