Download a Key for an Existing User

This detail page provides information about creating a token key configuration for use in client software. Key configurations include user data and settings as well as the user’s token key. Attaining the key is referred to as downloading a key on the server side, and importing a key on the client side. While it is usually more efficient for users to provision their own devices through the HOTPin User Website, it may not be possible. You can create a token key configuration in the web UI for users who cannot download a key directly. After downloading, the token key configuration will need to be transferred to the user device for import to HOTPin client software.

The Download Key function offers three options, creating a Key Configuration File or a Key Configuration String, or scanning a Quick Response (QR) code. See the following sections for information.

Note: The key download feature is disabled for accounts that have been assigned an external key.

File:

The key configuration file must be transferred to a location the user device can access. Complete the following:

  • Passphrase – add an optional encryption key to protect the token key configuration file. The passphrase is case sensitive and, if entered, must be provided to the user for key import to client software.
  • Require key passphrase on client software – click to require the user to create a passphrase in client software during token key import.
    • Note: The user will be prompted for this passphrase each time they open HOTPin or when they load the encrypted key. This passphrase is different from the file encryption passphrase described in thePassphrase item above; it can protect the key from being accessed by anyone other than the user who imported it.
  • Clear key file after import – click to force client software to overwrite and/or delete the key configuration file after the key has been imported to the client. This helps to prevent both access by a malicious program and later reimporting the key (when it would be out of sync with the server application).
  • Download File – click the button to save the configuration file locally.

Note: The default settings for the Require key passphrase and Clear key file after import properties are set on the HOTPin Settings page but can be overridden on the Download Key page. If a user imports the key configuration from a network connection to HOTPin, then the default settings (HOTPin|Settings|Client Software) are used.

Next the file will need to be imported to the client software.

QR Code:

The QR code import process requires a device with a camera through which client software can scan the code during import. Complete the following:

  • Passphrase – to maintain a secure process, you will need to create a passphrase to encrypt the configuration. The passphrase will then be used during import to the client application. The configuration will not be usable without the passphrase.
  • Confirm – re-enter the passphrase.
  • Code size – select an image size based on the size of the screen you are viewing and the device’s field of focus.
  • Require key passphrase on client software – click to require the user to create a passphrase in client software during token key import.
    • Note: The user will be prompted for this passphrase each time they open HOTPin or when they load the encrypted key. This passphrase is different from the file encryption passphrase described in thePassphrase item above; it can protect the key from being accessed by anyone other than the user who imported it.
  • Generate QR Code – click to create the image.

Next you will scan it into the client application through the camera on the device.

 

String:

The key configuration string is a cut/paste or manual entry option. The string is usually sent by email or text message to the user device. Complete the following:

  • Require key passphrase on client software – click to require the user to create a passphrase. The user will then be prompted for this passphrase each time they open HOTPin or when they load the encrypted key.
    • Note: Note: The user will be prompted for this passphrase each time they open HOTPin or when they load the encrypted key. This passphrase is different from the file encryption passphrase described in the Passphrase item above; it can protect the key from being accessed by anyone other than the user who imported it.
  • Space out string – select to add blank spaces at regular intervals to the string. This makes it easier for users who need to manually enter the string in client software.
  • Key configuration string – displays the string after it’s been created; you will copy the string from this field.
  • Create String – click to generate the key configuration.
  • Copy to Clipboard – available on Windows systems.

Next the file will need to be imported to the client software.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)