We have been calling the smart cards administrator smart cards, but until a smart card has actually been granted administrative privilege through CAT, it is really just a secure container for a key. The next step is to grant administrator privileges to these smart cards.
-
Start by logging in to CAT with enough administrators to reach a 22000000 Login State (just the default ADMIN is enough if this is a new installation).
-
Select the menu option Manage → User:
-
From the User Management window, select Add User:
-
The Add User window provides all the specifications for how this administrator will be authenticated and what privileges they have. Create a name for the admin in the Name of New User field. From the User Profile drop down, select the ADMIN Manager two-person rule. This rule grants the administrator 11000000 privileges—only half of what is required to administer through CAT. The Authentication Mechanism will be Smartcard (ECDSA Signature). Custom String must be left blank.
-
Once the selections are complete, click OK to proceed:
-
In the Choose User Token to Add a New User window, make sure Smartcard Token is selected and click OK.
-
The administrator of the smart card must follow the prompts on the smart card reader to complete the process. Behind the scenes, the smart card will provide its EC public key to CAT. Because the private key is not being accessed no PIN is required.
StrongKey recommends creating at least six (6) administrators in this way.