AuthentIC Web

Pack
V 4.0 User Guide

© 2007, Oberthur Card Systems. All rights reserved.

The information contained in this publication is accurate to the best Oberthur Card Systems
knowledge. However, Oberthur Card Systems disclaims any liability resulting from the use of this
information and reserves the right to make changes without notice.
 CONTENTS

PRESENTATION OF THE GUIDE ........................................................................................................ IV

Purpose...................................................................................................................................iv
Audience .................................................................................................................................iv

CHAPTER 1 – PRESENTING THE AUTHENTIC WEB PACK................................................................ 1

What is the AuthentIC Web Pack ............................................................................................. 1
Purpose ............................................................................................................................... 1
Hardware Components ........................................................................................................ 1
Supported Card Readers ..................................................................................................... 1
Main Features...................................................................................................................... 2

CHAPTER 2 – INSTALLING THE AUTHENTIC WEB PACK ..................................................................... 3

System Requirements ............................................................................................................. 3
Hardware ............................................................................................................................. 3
Software .............................................................................................................................. 3
Installing and Uninstalling the Web Pack.................................................................................. 3
Installing .............................................................................................................................. 3
Uninstalling .......................................................................................................................... 3
Configuring your Browser and Mailer ....................................................................................... 4
Configuring Firefox and / or Netscape .................................................................................. 4
Configuring Internet Explorer................................................................................................ 6

CHAPTER 3 – USING THE AUTHENTIC WEB PACK MANAGER ............................................................ 7

Starting/Stopping the AuthentIC Manager ................................................................................ 7
Startup................................................................................................................................. 7
Main Window - Illustration .................................................................................................... 7
Main Window - Description................................................................................................... 8
Quitting the application......................................................................................................... 8
Initializing Your Card ............................................................................................................... 9
Loading a certificate with an associated key pair .................................................................. 9
Generating a key pair......................................................................................................... 10
Adding Key Pairs ................................................................................................................... 11
Procedure .......................................................................................................................... 11
Managing Certificates ............................................................................................................ 12
Main Cases........................................................................................................................ 12
Importing a Certificate ........................................................................................................ 12
Exporting a Certificate........................................................................................................ 14
Removing a Certificate....................................................................................................... 15
Installing a Certificate in the Certificate Store ..................................................................... 16
Querying Card Information..................................................................................................... 17
Information Available.......................................................................................................... 17
Procedure .......................................................................................................................... 18
Changing your Passphrase.................................................................................................... 18

CHAPTER 4 – LINKING YOUR CARD WITH THIRD PARTY APPLICATIONS ............................................... 20

With Netscape and / or Firefox............................................................................................... 20
Reading your certificate ..................................................................................................... 20
Checking your certificate’s validity...................................................................................... 21
Checking your certificate’s permissions .............................................................................. 21
Browsing on a https web site.............................................................................................. 22
With Internet Explorer ............................................................................................................ 23
Reading your certificate ..................................................................................................... 23
Checking your certificate’s validity...................................................................................... 23
Browsing on a https web site.............................................................................................. 24
With Outlook.......................................................................................................................... 25
Selecting the Certificate ..................................................................................................... 25
Sending the Message ........................................................................................................ 26
With Thunderbird ................................................................................................................... 27
Selecting the Certificate ..................................................................................................... 27
Sending the Message ........................................................................................................ 28
PRESENTATION OF THE GUIDE

Purpose
This guide:
• Explains how to install the AuthentIC Web Pack application.
• Describes the overall features of the AuthentIC Web Pack (smart card and AuthentIC
Manager applications).

Audience
This guide is aimed at all people wishing to use the AuthentIC Web Pack to perform secure
electronic communications, transactions, and trading.
CHAPTER 1 – PRESENTING THE AUTHENTIC WEB
PACK

What is the AuthentIC Web Pack

Purpose
The AuthentIC Web Pack is a complete solution allowing you to perform secure online electronic
communications and transactions using the digital identity device from OCS, such as ID-One
Classic cards, authentic cards or an Id-One Token smart USB device smart card. Digital
signatures, encryption and digital certificates ensure authentication, access control and
confidentiality. The AuthentIC Web pack allows you to access IDOne Classic smart card by using
the two following APIs.
• PKCS#11
• CSP (Cryptographic Service Provider)
These two APIs provide any PKCS#11 or CSP compatible application with all the cryptographic
services supported by theIDOne Classic cards.

Hardware Components
The AuthentIC Web Pack requires at least a smartcard PS/SC reader and an Oberthur IDOne
Classic smartcard;

Supported Card Readers

The AuthentIC Web Pack is compatible with the following types of card readers:
Picture Example Type

Desktop card readers such as OmniKey CardMan or any other PC/SC compatible

PIN pad card readers such as OmniKey CardMan 3621 or 3821

USB key card readers such as OmniKey CardMan 6121

Biometric card readers such as Id3 Semiconductor Biothentic USB

Main Features
The main features of the AuthentIC Web Pack include:
• Certificate management
• Key pair generation
• Passphrase management
CHAPTER 2 – INSTALLING THE AUTHENTIC WEB PACK

To take full advantage of the AuthentIC Web Pack, your system must comply with the following
hardware and software requirements:

System Requirements
Hardware
• Pentium Processor
• 32 MB RAM (64 MB recommended)
• 10 MB available disk space, depending on the configuration
• 10 MB temporary free space for the installation

Software
• Windows 98, 2000, NT with Service Pack 3 or later, XP, Vista.
• Netscape Navigator 4.7.x, Firefox 2.0x or Microsoft Internet Explorer 7.x or later
•
*
Thunderbird or Microsoft Outlook 2000 or Express

Installing and Uninstalling the Web Pack

Installing
To install the AuthentIC Web Pack, proceed as follows:
1. Exit all Windows programs prior to installing the Web Pack
2. Insert the CD-ROM in your drive
3. Click the Setup.exe file
4. Follow the instructions of the installation program.

Uninstalling
To uninstall the Web Pack, proceed as follows:
 5. Access the Control Panel and click Add/Remove Programs.
6. Select the AuthentIC Card Manager from the list and click Add/Delete.
7. Click Yes to confirm.
8. Exit the Control Panel.

Configuring your Browser and Mailer

Configuring Firefox and / or Netscape

Note: the following screenshots have been done with Netscape. When configuring with Firefox,
they may slightly differ.

1. Insert the AuthentIC smart card in the reader.

2. Run Firefox or Netscape Navigator.
3. Select Options in the Tools menu.
4. Click the Advanced icon in the top of the frame. The following window displays:
5. Click Security Devices. The Certificate Manager window displays:

6. Click Load.
7. In the following window, enter a name that will be displayed in the Device Manager window
(left frame of the previous screenshot):

8. When done, click Browse.

9. Browse to your system directory and select OCSCryptoki.dll:

10. Click Open.

11. Click OK.
12. A message telling you that a New Security Module has been loaded displays:
13. The new security module now displays in the list under the name you have previously entered:

14. Click OK.

Configuring Internet Explorer

When using IE, no configuration is necessary since the Oberthur Card System library will be
automatically selected when an IDOne Classic smartcard is inserted into the reader.
CHAPTER 3 – USING THE AUTHENTIC WEB PACK
MANAGER

The AuthentIC Web Pack Manager is a tool that allows you to manage data (i.e.: keys and/or
certificates) stored in a smartcard. It also allows you to modify or unblock access codes - PIN -).

The following topics are covered in this chapter:

• Starting and stopping the AuthentIC Manager
• Initialising your card
• Managing certificates
• Generating key pairs
• Querying card information
• Changing the passphrase

Starting/Stopping the AuthentIC Manager

After the installation procedure is complete, select Start > Programs > AuthentIC Web Pack >
AuthentIC Manager.

The application then runs in the background and the icon appears in the system tray.

Startup
To start up the AuthentIC Manager, proceed as follows:
1. Insert your AuthentIC card in the reader.
2. Select the card reader you want to use (providing that you have more than one)

3. Right-click the icon and select AuthentIC Manager.

The reader scans the card and displays the login window.
4. Enter your passphrase and then click the Log in button.

Main Window - Illustration

After successfully entering your passphrase, the following main window displays:
Main Window - Description
The main window displays three tabs as described below:
Tab Description

Information Provides information on the smart card. For more information, refer to the paragraph entitled
Querying Card Information on page 20.
Passphrase Enables you to change your passphrase. For more details, refer to the paragraph entitled Changing
your Passphrase on page 21.
Browser Allows you to view the card content. You can also perform specific operations such as generating a
new key pair (see page 13).

Quitting the application

If you wish to… Then…
Exit the main window, but leave the AuthentIC Click the black cross in the top right-hand corner of the
Manager in the system tray window.
Shut down the AuthentIC Manager Right-click the icon in the system tray and select Exit.
Initialising Your Card
If you are using your IDOne Classic card for the first time or if the card is blank, you must initialise
it, that is either load a certificate with an associated key pair, or generate a key pair.
To do so, proceed as follows:
1. Insert your card in the reader.
2. Run the AuthentIC Manager.
The AuthentIC Manager login window displays.
3. Enter your passphrase.
4. Select the Initialisation tab (this tab only appears when the card is used for the first time).

5. If you have… Then…

Received a .P12 (user profile) or .PFX (Personal Information Check the Import an existing certificate with its
Exchange) file private key box, click Next and go to Loading a
certificate with an associated key pair.
Not received a .P12 file Check the Generate a key pair box, click Next and
go to Generating a key pair.

Loading a certificate with an associated key pair

After clicking Next as shown in step 5 of the Initialising Your Card procedure, the following
window displays:
Proceed as follows:

6. Select the relevant .P12 or PFX file by clicking the icon.

7. Enter the certificate password (if prompted to) and click Load.
After a short while, the certificate and the key pair are loaded.
8. To view the card structure and the file that you have just loaded, click the Browser tab, as
shown below:

Generating a key pair

After clicking Next as shown in step 5 of the Initialising Your Card procedure, the following
window displays:
 Proceed as follows:
9. Check the RSA keys – Signature and encryption box and click Next.
A window displays, informing you that the key pair is being generated.
10. When the key pair has been generated, click Next.

Adding Key Pairs

To perform secure, online operations, a key pair must be loaded on your card.

Procedure
1. Access the main window and select the Browser tab.
2. Double-click the main folder and click the + icon(s) to expand the structure.

3. Left-click the relevant folder to select it, and then click the icon to generate a new key pair:

4. Click OK in the Generate Key Pair window.

The following message displays:

5. Click OK to return to the main window.

6. The new key displays along with the following message: Generated on board.
Managing Certificates
A certificate is a document that certifies that the public key is linked to a person or an
organisation. A certificate must comply with the X0509 standard (and must contain a public key,
an expiry date, and the name of the authority that delivered the certificate). The certificate must be
unique, unforgivable and should specify all authorized operations allowed by the public key.

This section describes the main operations that can be performed on certificates.

Main Cases
The main actions that can be performed using the Card Manager within the scope of this guide
include:
• Importing a certificate
• Exporting a certificate
• Removing a certificate
• Installing a certificate

If you have… Then you must…

Received a certificate from your security Import it (see page 15).

administrator or an external certificate authority
A certificate that you wish to use on another Export it (see page 17) and subsequently import it on the other
system for example system (see page 15).

Importing a Certificate
If you already have a certificate that you use for another application and wish to use in conjunction
with the AuthentIC Web Pack, you can import it from the relevant directory on your system to your
card.
To do so, proceed as follows:
1. Access the main window and select the Browser tab.
2. Double-click the main folder and left-click the + icon(s) next to the items to expand the
structure.
3. Click the folder into which the certificate is to be imported, and then click the Import a
certificate icon, as shown below:

4. Browse to the directory containing the certificate to be imported. Three types of file can be
imported:
• pfx (Personal Information Exchange)

• .p12 (User Profile). A key pair and a certificate.

• .cer, .crt or .p7c (Certificate)

5. Select the relevant certificate and click the Open button, or simply double-click the certificate.
Note - You may have to enter a passphrase if the file to be imported is protected.
 A confirmation window displays, informing you that the certificate has been successfully
imported.
6. To view the folder structure and the file that you have just imported, click the Browser tab, as
shown below:
Exporting a Certificate
If you have a certificate on your card that you wish to use for another application for example, you
can export it from the card to the relevant directory on your system.
To do so, proceed as follows:
1. Access the main window and select the Browser tab.
2. Double-click the main folder and left-click the + icon(s) next to the items to expand the
structure.
3. Click the certificate to be exported.
The certificate is highlighted:

4. Click the Export the selected certificate icon, as shown above.

5. From the following screen, browse to the target directory and enter a name for the certificate
and then click Save.
The certificate is exported to the selected directory, and you are returned to the main window.
Removing a Certificate

To remove a certificate that you no longer wish to use, proceed as follows:

1. Access the main window and select the Browser tab.
2. Double-click the main folder and left-click the + icon(s) next to the items to expand the
structure.
3. Click the certificate to be removed.
The certificate is highlighted.

4. Click the Delete the selected item icon as shown above.

You are then asked to confirm whether or not you wish to delete the certificate.
5. Click Yes.

Installing a Certificate in the Certificate Store

To perform secure, online operations as described in Chapter 4, you must ensure that the
appropriate certificates are installed in the certificate store. If the OCS synchronizer utility is
running or if you are under Microsoft Windows XP, all personal certificates stored in the card will
be automatically copied into the certificate store. Removing the smart card will remove the
certificates from the certificate store.
 To install a third-party certificate, proceed as follows:1. Access the AuthentIC Manager main
window and select the Browser tab.
2. Double-click the certificate that you wish to install.
The Certificate window displays:

If the certificate displays with a red cross, this means that is not certified by a certification authority.

3. Click the Install Certificate button.

The Certificate Manager Import Wizard displays.
4. Click Next.
5. Check the Automatically select the certificate store based on the type of certificate box,
and click Next.
6. Click Finish.
A confirmation window appears, informing you that the import was successful.

Querying Card Information

This section describes how to access information stored in the smart card.

Information Available
The following information is available, as described below:
 Field Provides the…

Label Name of the smart card inserted.

Model Model of the smart card inserted.
Manufacturer Details of the smart card manufacturer.
Serial number Smart card serial number.
Free memory Amount of memory available in bytes.
AuthentIC Manager version Version of the AuthentIC Manager.

Procedure
To access the smart card information, log into the AuthentIC Manager as described in the
paragraph entitled Startup on page 10.
The Information tab on the main window is automatically displayed.

Changing your Passphrase

To change an existing passphrase, proceed as follows:
1. Access the main window as described in the paragraph entitled Startup on page 7.
2. Click the Passphrase tab.
The window below displays:

The passphrase can be a combination of letters and digits.

3. Enter your current passphrase in the Current passphrase text box.

4. Enter the new passphrase in the New passphrase text box.
5. Confirm your passphrase in the Retype new passphrase text box.
6. Click Change.
Your new passphrase has been applied. From now on, you must log in using your new
passphrase.
 CHAPTER 4 – LINKING YOUR CARD WITH THIRD PARTY
APPLICATIONS

This chapter provides all the information required to use the IDOne Classic card with your browser
or mailer or any other application compliant with the PKCS#11 or CSP standard.

With Netscape and / or Firefox

Note: the following screenshots have been done with Netscape. When configuring with Firefox,
they may slightly differ.

Reading your certificate

This section describes how to read your certificate within your browser.

1. Insert the AuthentIC smart card in the reader.

2. Run Netscape Navigator or Firefox.
3. Select Options in the Tools menu.
4. Click the Advanced icon in the left frame. The following window displays:

4. Click View Certificates in the right frame. The Certificate Manager window displays the
certificates stored in your card:
Checking your certificate’s validity

6. Click the relevant certificate to select it and click the View button.
The content of your certificate displays:

Checking your certificate’s permissions

7. Select the Details tab.

The permissions of your certificate displays in the Certificate Fields frame:
1. Click Close twice.

Browsing on a https web site

The SSL (Secure Socket layer) protocol allows you to send secured information over the internet
ensuring the authenticity, confidentiality and integrity of the message. To authenticate himself, the
user has to enter his own PIN code. All other operations remain fully transparent.
NB: Most browsers display a padlock or a key icon at the bottom of their window showing you that
the transaction or the page displayed is fully secured.
With Internet Explorer
Reading your certificate
To read your certificate in Internet Explorer, proceed as follows:
1. Insert the AuthentIC smart card in the card reader.
2. Run Internet Explorer.
3. In the Tools menu, click Internet Options.
4. Click the Content tab.
5. In the Certificates area, click the Certificates button to view the certificates installed.
The Certificate Manager window displays:

Checking your certificate’s validity

6. Select your certificate and click View.

The Certificate window displays:
 7. Select the Details tab.
The permissions of your certificate displays in the top frame:

8. Click OK followed by Close.

Browsing on a https web site

•
The SSL (Secure Socket layer) protocol allows you to send secured information over the internet
ensuring the authenticity, confidentiality and integrity of the message. To authenticate himself, the
user has to enter his own PIN code. All other operations remain fully transparent.
NB: Most browsers display a padlock or a key icon at the bottom of their window showing you that
the transaction or the page displayed is fully secured.
With Outlook
In this paragraph, you will see how to first select the appropriate certificate and then use it to sign
and/or encrypt your message.

Selecting the Certificate

To select the certificate, proceed as follows:
1. Run Outlook.
2. In the Outlook menu bar, select Tools and Options.
The Options window displays.
3. Select the Security tab.
The following window displays:

4. Click the Settings button.

The Change Security Settings window displays:

5. Click the appropriate Choose button (depending on whether you want to sign or encrypt a
message).
The Select Certificate window displays:
6. Select your certificate and click OK to return to the Security tab.
7. Click OK to return to the main Outlook window.

Sending the Message

After selecting the certificate as described above, proceed as follows to encrypt and/or sign the
message, and then send it.
8. Write a new message, but do not send it yet.
9. Click Options in the View menu.
The Message Options window displays:

10.
To… Then check…

Encrypt a message The Encrypt message contents and attachments box.

Sign a message The Add digital signature to outgoing message box.
Encrypt and sign a message at the same time Both the Encrypt message contents and attachments and Add
digital signature to outgoing message boxes.

Prerequisites - Before sending an encrypted message, you must have received (by mail) a copy
of the recipient's public key, which is contained in the signature envelope.
11. Click Close.
12. Send your message.
Your message is sent encrypted and/or signed as requested.
With Thunderbird
In this paragraph, you will see how to first select the appropriate certificate and then use it to sign
and/or encrypt your message.

Selecting the Certificate

Selecting the certificate is done just before sending the mail.
1. Run Thunderbird.
2. In the menu, select File and New message.
3. Start writing your mail
4. Select the addressee but do not send the mail.
5. In the same window, click on the black down arrow at the right of the security icon.
6. Select Encrypt this message from the drop-down menu.

The Account Settings window displays:

7.
To… Then click…

Encrypt a message Select in the Encryption area.

Sign a message Select in the Digital Signing area.
Encrypt and sign a message at the same time Select in the Digital Signing and Encryption areas.
Prerequisites - Before sending an encrypted message, you must have received by mail a copy of
the recipient's public key, which is contained in the signature envelope.

Sending the Message

After selecting the certificate as described above, just send your mail.