...
- Open Notepad or any other text editor.
- Copy and paste the following information into the file.:
[NewRequest]
Subject = "CN=BitLocker"
KeyLength = 2048
ProviderName = "Aktiv ruToken CSP v1.0"
KeySpec = "AT_KEYEXCHANGE"
...
KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE"
KeyUsageProperty = "NCRYPT_ALLOW_DECRYPT_FLAG"
RequestType = Cert
SMIME = FALSE
[EnhancedKeyUsageExtension]
OID=1.3.6.1.4.1.311.67.1.1- Save the file with the name blcert.txt .
Creating a file with certificate parameters for device recovery
...
- Open Notepad or any other text editor.
- Copy and paste the following information into the file:
[NewRequest]
Subject = "CN=BitLocker DRA"
KeyLength = 2048
ProviderName = "Aktiv ruToken CSP v1.0"
Exportable =
...
TRUE
ExportableEncrypted = FALSE
KeySpec = "AT_KEYEXCHANGE"
...
...
KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE"
KeyUsageProperty = "NCRYPT_ALLOW_DECRYPT_FLAG"
RequestType = Cert
SMIME = FALSE
[EnhancedKeyUsageExtension]
OID=1.3.6.1.4.1.311.67.1.2- Save the file with the name bldracert.txt .
Creating certificates
To create certificates:
- Open the command prompt.
- To create an encryption certificate, type certreq -new blcert.txt. Insert the token and enter the PIN code.
- Save the certificate file.
- To create a recovery certificate, type certreq -new bldracert.txt. Insert Insert the token and enter the PIN code.
- Save the received certificate file.
- In order to verify that the certificates have been successfully created, launch the Rutoken Control Panel and go to the tab Certificates. The list of certificates must contain BitLocker DRA and BitLocker certificates. Make sure that the BitLocker certificate is selected as the default one.
- Use the mmc console to check whether the certificates are registered in the personal storage.