USB Token, Digi-Token™

What USB token should you use?

There are two types of USB devices on which private keys and public key certificates can be stored, a USB cryptographic device and a USB flash memory device. Each device can support a different key and digital certificate storage formats.

The correct and most secure method is to store the private key and public key certificates on a USB cryptographic device (also commonly referred to as a security token, hardware token or a cryptographic token). A Digi-Token™ is a cryptographic token.

Digi-Token™ & other Cryptographic USB Tokens

The USB security token is an equivalent of a reader-less smart card with advanced onboard cryptographic processor and physical tamper protected memory for personal information storage (such as private keys and digital certificates). The advantage of using a USB security token is naturally a very high level of security and protection of personal information, safe on-board key generation and high assurance, that key material remains on the token at all times and can not be exported or copied by unauthorized parties. According to EU directives, this is the only acceptable way to generate, store and use qualified digital certificates, as requested in the document.

A USB security token is many times more expensive than an ordinary USB flash memory device because it has many security features (within both hardware and software layer) to protect the user's personal information. Aladdin offers good price for USB security tokens.

Using USB flash drives & PKCS#12

The other method of storing private keys and digital certificates is to use a software implementation of PKCS#12 standard, which introduces Personal Information Exchange Syntax in a form of password protected information stored in a software data file. PKCS#12 file is like any other software file (MP3, .DOC, .XLS, .PDF, etc) and can be stored on a standard USB flash memory device.

If you store private key and digital certificate as a software PKCS#12 file on a USB flash memory device, it is very simple and easy for an unauthorized party to copy the file and relatively easy to an experienced attacker to attempt to break password security, that is used to protect the user's personal information such as private key, so this is many times less secure than USB security tokens and does not introduce any hardware protection mechanisms. And as you know, USB flash memory devices can be purchased for a few cents.