Setting RSA Key Second Authentication Mode

To set RSA key second authentication mode:

  1. To open eToken PKI Client Properties, do one of the following:

The eToken PKI Client Properties window opens.

  1. Click the Advanced View icon .

The Advanced View window opens.

  1. In the left pane of the eToken PKI Client Properties Advanced View window, expand the required eToken and select Settings.

  2. In the right pane select the Advanced tab.

  3. In the RSA key second authentication mode field select one of the following options:




Every time an RSA key is generated, you are prompted to enter a secondary password for accessing this key. Clicking OK generates the key and uses the entered password as the secondary RSA password for that key. Clicking Cancel causes key generation to fail.

Always prompt user

Every time an RSA key is generated, a secondary password for accessing this key is requested. However, the user can choose to dismiss the prompt (by clicking Cancel), and key generation will continue without using a secondary password for the generated RSA key.

Prompt on application request

This enables applications that use secondary authentication for RSA keys to make use of this feature on the eToken (when creating the key in Crypto API with a user protected flag).


Secondary passwords are not created for any RSA key and the authentication method uses only the eToken password to access the key.

  1. Do one of the following:


See Also:

eToken Settings