This article details how to install and use the RSA SID800 Token with Symantec Encryption Desktop. The RSA SID800 Token is compatible only for credential storage. SecurID is not compatible.
You can use a token with Symantec Drive Encryption for an extra layer of security. Symantec Encryption Desktop can be utilized to create a PGP keypair on a smart card or token, or to copy a PGP keypair to a smart card or token. Both options give you an extra layer of security in that you can keep your PGP keypair with you, on your smart card or token, instead of leaving it on your system.
Some RSA Smart Card installations may require you to install an update to the Microsoft Base Smart Card Cryptographic Service Provider before installing the software for your RSA Smart Card. For more information on installing this software, see the following article on the Microsoft Support site.
Generate a PGP Key on a RSA SID800 Token
Symantec Encryption Desktop optional setting: Before adding keys to the token, update the smart card synchronization. This is accomplished by opening the PGP Options by clicking the Symantec Encryption Desktop Tray icon and then selecting the Keys tab. Place a checkmark for the option to Synchronize keyring with tokens and smart cards and change the drop down menu from Automatically to from RSA. |
Encrypt Using a key on a RSA SID800 Token
After encryption is complete, the token can be used for pre-boot authentication. You can plugin the token before turning on the system or when the PGP BootGuard screen displays. At the PGP BootGuard authentication screen, enter the token's PIN, and press CTRL + ENTER. This will verify authentication, and proceed to boot the system to Windows.
Warning: Using a keypair on a token to authenticate to a disk or partition encrypted using Symantec Drive Encryption increases your security, but if you lose the token you can no longer authenticate to the PGP BootGuard login screen, and all the data on the disk or partition is lost. For this reason, consider adding other users (passphrase, token, or both) to a disk or partition encrypted using Symantec Drive Encryption. If your token is lost or stolen, those additional users can authenticate and unlock the disk or partition for you. |
Once booted, you will need to stop the device, and remove the token. If you want to remove keys in Encryption Desktop, then you will need to plug it back in, open Encryption Desktop, and choose smart card keys.