Security with usb stick with an eIDAS security certificate

Submitted by fabienphilipp on #1

Hi,

I use USB stick with an eIDAS security certificate with your product . A provider of these keys would like to know if security is ensured between your client and your server. For example, is the connection between the server and the key encrypted?

Here are some links 

1) type of usb key

https://www.qscd.eu/eidas-usb-tokens/gemalto-safenet-etoken-5110-cc/

2)Discovery of eIDAS

https://digital-strategy.ec.europa.eu/en/policies/discover-eidas#:~:text=eIDAS%20stands%20for%20electronic%20Identification,country%20they%20take%20place%20in.

Best regards,

Submitted by Michael on Mon, 2024/01/29 - 07:36

#2

Hi Fabian, i sent an email before, no its not encrypted unless you use SSL 

But it doesn't matter with the security dongle. The private key is always kept on the dongle and never gets transmitted so its impossible to intercept the key anyway even if its clear text.

Submitted by fabienphilipp on Mon, 2024/01/29 - 17:15

#3

Hello Michael,
Thank you for your answer. As the usb stick is just storage space without computing power, I thought that the private key was transmitted from the virtualhere server to the virtualhere client. And that this private key could be intercepted by a sniffer on the local network.

At the commercial level and not to worry my customer, I will test the client server with a ssl connection.

I found this link on your site, is it still up to date?
https://www.virtualhere.com/ssl_setup

Best regards,

Fabien

 

 

Submitted by Michael on Mon, 2024/01/29 - 17:53

#4

Yes that ssl link is correct