Hardware Frequently Asked Questions

Are there any compatibility issues with ikey 2000 and Internet Explore version 6?

Running under Windows 98, on a VeriSign affiliate website, the CSP failed to generate the keys on the token.
Workaround: Upgrade to iKey2000 software, version 4.5.10.

Does the iKey 20xx support multiple Entrust profiles?

No, according to Datakey (ticket number: 20011221120225) the iKey20xx will only store one profile.

For iKey2000, what is the maximum RSA key size that can be generated onboard?

Currently (as of 02/27/02), the maximum RSA key size that can be generated onboard is 1024-bit for both iKey2000 and iKey2032. In the future we might increase this (RSA keys only) to 2048-bit.

How do I distribute my application to customers if I do not want to send the whole 4.5.10 software?

If you do not want to include the whole 4.5.10 software, you need to go to THOR and download the "iKey driver installer - Driver Only v.3.1.0.27" and distribute that and your application.

How do I get the serial number for iKey2000?

For PKCS#11, the API is C_GetTokenInfo().

For MS CAPI, you can not get the serial number. MS CAPI can only get the container name.

How do I reset the maximum login retry of a key that is locked out?

For the 4.5.10 software, you can not reset this. You will have to re-initialize the token.

I'm using Windows 2000 secure logon. Do I have to re-insert my iKey every time I reboot or restart?

Yes. This is a Windows 2000 security feature. The physical insertion of the hardware token is the trigger for the logon event.

Is ikey 2000/2032 FIPS Compliant?

ikey 2032 contains FIPS 140-1 level 2 certified ASIC and firmware.

Is iKey 2032 certified to be compatible with the Entrust Authority 6.0?

At this time, our ikey 2032 only supports Entrust 5.01, 5.02 and 5.1. We do not support Entrust Authority 6.0.

Is it possible to change the certificate password?

Yes, but only through Cryptoki APIs (not through one of our utilities). First you must login with the old password. Then you can call C_SetPin() to change it to the new password.

Is there an API that would let you control the LED for iKey2000?

Only PKCS#11 and MSCAPI libraries can directly interface with the iKey2000. At this time there are no direct hardware API's exposed, so there are no controls available for the LED.

My iKey2000 Token Manager does not see the token on my Windows 2000 machine. It says "No Readers Detected". What can I try?

For Windows 2000 machines only! Please open up a DOS window and type in: "scardsvr reinstall" and hit Enter. Please re-boot and try Token Manager again.

What slots (i.e. Slot ID) can the iKey 2000 use?

The iKey 2000 can use slots 16-35. Here is a quick run-down on all the available slots:

Slot 0 is no longer used.
Slots 1 - 12 are for serial readers
Slot 13 is for the DKR500
Slots 14 & 15 are no longer used
Slots 16-25 are for PC/SC readers
Slots 26-35 are for USB readers

What versions of Netscape does iKey 2000 software support?

The iKey 2000 software does not support Netscape Communicator versions earlier than 4.0 or later than 4.79. Netscape 6.0/6.1 and later can not be used with iKey 2000 software.

Why does a certificate's validity field look different in a Microsoft application than it does in the iKey2000 software?

The minor difference in the "valid to/from" time is due to Microsoft using GMT (Greenwich Mean Time) and iKey2000 software using local time.

Why does my iKey 2000 or 2032 Token Manager or Token Utilities hang when I try to use it?

In some circumstances the iKey driver can "crash". To resolve this issue, go to the device manager and under Smart Card Readers, right click on the iKey 2000 and select uninstall. You will be asked to reboot your machine. Please do so. After the machine has shut down, remove the iKey 2000. When the machine is fully rebooted, reinsert the iKey 2000 and the OS will detect a new device and resintall the driver correctly. Once this is done you should then be able to use the manager/utility.

Contact Us

Hardware Support

Related Support