Registry Configuration
The registry entries documented here are those created by default when ProtectToolkit-M is installed unless otherwise noted.
This section contains the following entries:
>Safenet RSA Full Cryptographic Provider
>Safenet RSA SChannel Cryptographic Provider
>Default RSA SChannel Cryptographic Provider Type
>Default RSA Full Cryptographic Provider Type
>Silent User Keyset Login Password
Disclaimer
The ProtectToolkit-M registry configuration, as documented in this appendix, should only be modified by personnel who are competent at making changes to the Windows registry using the regedit utility. Changing the registry incorrectly can leave a system in an unrecoverable state and Thales cannot be held responsible should this occur. If you are unfamiliar with editing the registry, it is strongly advised that you refer to your Windows documentation or seek help from a qualified systems administrator before attempting any changes.
ptkcRuntime
Key Location
HKEY_LOCAL_MACHINE\SOFTWARE\SAFENET\ProtectToolkit M\ptkcRuntime
Type
REG_SZ
Values
The ProtectToolkit-M product relies on the ProtectToolkit-C product. This is a string value which is used to record the version of the ProtectToolkit-C runtime installed in the ProtectToolkit-M installation directory.
CryptokiPath
Key Location
HKEY_LOCAL_MACHINE\SOFTWARE\SAFENET\ProtectToolkit M\CryptokiPath
Type
REG_SZ
Value
This string value is the path to where ProtectToolkit-M is installed. This path is used to locate the required cryptoki.dll file.
debugLevel
Key Location
HKEY_LOCAL_MACHINE\SOFTWARE\SAFENET\ProtectToolkit M\debugLevel
Type
REG_DWORD
Values
Valid values are 0 through 5. If turned on, debug output is saved in the ptkm.log file in the root directory of the current drive. Each level includes the output of all preceding levels.
>0: no debug output
>1: log the invocation of CSP related methods and if an error occurs, their return code
>2: Internal errors are converted to NTE_SYS_FAIL. This debug level logs the internal error at the point of conversion.
>3: CSP function input and output parameters - but NOT user related data (such as encrypted or clear text, or data to hash).
>4: Other information not covered by the preceding levels - but NOT user related data.
>5: Lists the Cryptoki function calls, by name only.
Note that the debug level is read when a process loads the ProtectToolkit-M library file. This means that in order to change the debug level, you must first stop any ProtectToolkit-M applications.
The log file ptkm.log is cleared during initialization of the ProtectToolkit-M library.
Safenet RSA Full Cryptographic Provider
Key Location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Safenet RSA Full Cryptographic Provider
Description
This is the registry key (and contained values) which defines one of the CSPs installed by the ProtectToolkit-M product.
Safenet RSA SChannel Cryptographic Provider
Key Location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Safenet RSA SChannel Cryptographic Provider
Description
This is the registry key (and contained values) which defines one of the CSPs installed by the ProtectToolkit-M product.
Default RSA SChannel Cryptographic Provider Type
Key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 012
Description
This is the registry key which defines the default “RSA SChannel” provider. This provider is used by applications which request RSA SChannel services, but do not specify which provider (such as IIS).
Value
Name of the default provider, after installing ProtectToolkit-M. This should be “Safenet RSA SChannel Cryptographic Provider”.
Default RSA Full Cryptographic Provider Type
Key Location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001
Description
This is the registry key which defines the default “RSA Full” provider. During the logon process, this provider is used to validate the entered password.
NOTE The logon process requires a particular key pair to exist. This key pair does not exist in the “SafeNet RSA Full” provider. Therefore, the default should NOT be set to “SafeNet RSA Full Cryptographic Provider”
Value
Name of the default provider. This should NOT be “SafeNet RSA Full Cryptographic Provider”
Silent User Keyset Login Password
Key Location
HKEY_CURRENT_USER\Software\SafeNet\ProtectToolkit M
Description
This entry is NOT created by default. Create it manually if silent User keyset login is required. See Silent User Keyset Login for further information.
Value
Enter the password as clear text for key entry “UserKeysetPassword”.
