Skip to main content

Search this Site

DartPulse Alerts

Chrome Printing Issues


DartPulse Outages

Overall System Status:

Upcoming Scheduled Outages

New to Dartmouth?

Resources for:

Information Security

Connect with ITS

facebook twitter Wordpress Blog

Using eTokens

An eToken with a Public Key Infrastructure (PKI) security certificate provides two-factor authentication, thereby reducing the chances of someone being able to impersonate you. Someone would need both your eToken and your password in order to impersonate you when accessing systems that require eToken authentication.

eTokens allow you to: access the Dartmouth Secure wireless network, identify (authenticate) yourself to some applications, digitally sign e-mail and other electronic documents and transactions,  encrypt data traffic (either on-campus wireless using 802.1x or all traffic when off campus using VPN), and encrypt e-mail and other documents to prevent unauthorized access (note: this is risky because if you lose your key, there is no recovery).

Note: If you have an eToken, you do not need to download a private software certificate to your machine because a certificate will be added to your eToken when it is created for you.

Also see:

About eTokens

An eToken is a device that plugs into a USB port on your computer. It is designed to hold a Public Key Infrastructure (PKI) security certificate, which is an electronic certificate that uniquely identifies individuals to computers. A rough analogy would be that an eToken is part of an electronic Identification Card that is completed or enabled when you enter your password. The eToken is about the size of a house key and can be kept on your key ring.

Top of page

Obtaining an eToken

Faculty and staff should contact the IT Service Desk (Help Desk) at 603-646-2999 and select from the options provided, or call your department's IT support office for more information on getting an eToken.

Top of page

Installing the eToken Software

The eToken software must be installed for your eToken to work on a computer.

Top of page

Configuring Your Web Browser

The eToken is compatible with the Macintosh (Mac OS 10.4 and earlier) Firefox, Safari, Mozilla and Netscape. Other web browsers that support the PKCS#11 interface may also work. There is currently a problem with using Mac OS X 10.5 and an eToken for the Dartmouth Secure wireless network. Dartmouth Secure works on Mac OS X 10.5—just not with an eToken.

Regardless of which browser you use, you will need to have the Dartmouth Root Certificate installed on your computer. If the Dartmouth Root Certificate has not already been installed on your computer, see the instructions for Getting the Dartmouth Root Certificate.

Mozilla's Firefox and Older Versions of Netscape

In addition to installing the Dartmouth Root Certificate, Firefox users and those using older versions of Netscape must also do the following:

  1. In Netscape select Preferences from the Edit menu; in Firefox select Options from the Tools menu. 
  2. In Netscape select the Privacy & Security Certificates section; in Firefox select Advanced
  3. Click the Manage Security Devices button. In Firefox, select the Encryption tab, then click the Security Devices button.
  4. Click the Load button.
  5. In the Module Name field, enter eToken.
  6. To select the Module filename, click the Browse button and navigate to the file C:\Windows\System32\eTpkcs11.dll.
  7. Click the Open button to select the file. then click OK to load the module. Click OK twice to close the alert dialog boxes. Click OK to close the device manager, and click OK to close the preferences window.

Top of page

Acquiring a Private Certificate

To obtain an eToken and have the electronic certificate installed on your eToken, students must first purchase one from The Computer Store at 001McNutt Hall. After purchasing the eToken, go to the Student IT Service Desk (Help Desk) at 178J Baker/Berry. Faculty and staff should contact their department's IT support office. Everyone needing a certificate on their eToken will need to show their Dartmouth I.D. card or other form of picture identification, such as a driver's license or passport, to verify that you are the person whose name is going to be put on the eToken.

Your eToken password is important. For help with selecting a good password, see Selecting a Password. If you want to change the password on your eToken sometime in the future, go to the eToken Properties application in your Programs or Applications listing and change it, but be sure to keep the password strong. This does not affect the value of the private key on the eToken, just access to the other information on the eToken.

Top of page

Acquiring the Dartmouth Root Certificate

To use your personal certificate, you may also need to install the Dartmouth Root Certificate in your web browser’s certificate store. This root certificate helps your computer determine whether Dartmouth-issued certificates are trustworthy.

Go to the Dartmouth Root CA web page and follow the instructions below, depending on which browser and operating system you are using. Note: if you use Firefox or Netscape, you have to import the root certificate for each browser.

Safari for Macintosh

Under the "Download certificates" section of the Dartmouth Root CA web page, click the Dartmouth CertAuth1 CA (Dartmouth Root CA) link. The Downloads window will open showing that DartmouthCA.cer has been downloaded to your default download location. Drag and drop the certificate file onto the Keychain Access icon in the Applications/Utilities folder. The Keychain Access application opens and you are prompted to add the certificates from the file to a Keychain. For Mac OS X 10.4 and earlier, select the X.509 Anchors keychain. For Mac OS X 10.5, select the System keychain. Keychain Access will now contain the Dartmouth College Root certificate. Quit the Keychain Access application.

Firefox for Macintosh

Under the "Download certificates" section of the Dartmouth Root CA web page, click the Dartmouth CertAuth1 CA (Dartmouth Root CA) link. A Downloading Certificate box will open. Put a check mark beside each of the three options in the center of the box, then click OK.

Top of page

Using Your eToken

For normal use, insert the eToken into a USB port on your computer before you start your applications. The red LED light on the eToken will flash while loading, then stay on once loaded. When an individual application requires the use of a certificate in the eToken, a box will appear asking for the password for the eToken. Each separate application requires entering the password to unlock your certificate on the eToken. Most applications will only ask for the password once per session.

When you are finished using your eToken, simply unplug it from the computer’s USB port.

You will select a password when configuring the eToken. It is not related to any other password, and should be different from your DND password. Do not forget the password or enter the wrong password more than 15 times in a row. If you do, the eToken will become unusable and require reformatting (you will need to go to the IT Service Desk (Help Desk) to have it reformatted or you can contact your department's IT support office). This is a security feature that prevents misuse of lost or stolen eTokens. You may, however, change the password by using the eToken Properties program, which has to be installed on your computer for the eToken to work.

Helpful hints:

  • If the USB slot is in an inconvenient location on your computer, USB extension cables are available at The Computer Store in 001 McNutt Hall. If you do not have a USB slot or you run multiple computers, the IT Service Desk can assist you.
  • Occasionally, laptops may not provide enough power to their USB ports to operate the eToken. In this case, the LED on the eToken will not light up and the computer will not recognize the device is present. To solve the problem, get an external USB hub that uses an independent power supply.
  • We do not recommend you encrypt e-mail messages or files with your eToken as you may lose the ability to decrypt that data if you lose your eToken or your eToken fails.

Top of page

What Can Be Done with an eToken

With your eToken, you can:

  • Access the Dartmouth Secure wireless network with the exception of Mac OS 10.5.
  • Access protected web pages or central systems that are protected by eToken access. Currently, BannerStudent and Blackboard allow, but do not require, eToken access.
  • Get VPN access while on or off campus with the exception of Mac OS 10.5 with the Juniper VPN.
  • Sign your e-mail using your Dartmouth PKI certificate that is stored on your hardware token.
  • Encrypt your e-mail with your PKI certificate. Using your eToken for this can be risky, because if you lose your eToken, you may not be able to read any of the encrypted e-mail in your In Box. But, it is quite useful to send somebody a quick note with a password or a note that does not need to be preserved.

Note: Both of the above e-mail applications (sign and encrypt) will work on Macintosh computers. You just need an S/MIME compatible e-mail client, such as Thunderbird. The latest version of BlitzMail for the Macintosh (2.9) is S/MIME compliant.

Top of page

Maintaining Your eToken

You can use the eToken Properties application to change your eToken's password or name, to view the contents of your eToken, and remove keys and certificates from it. If it is not already on your computer, you can download it from the Web; see  eToken Runtime Environment.

If you remove your certificate from your eToken, a new certificate can be installed for you onto your eToken; please contact the IT Service Desk (Help Desk) at 646-2999 and select from the options provided, or call your department's IT support office.

Note: Any e-mail messages or files encrypted with the previous certificate may no longer be able to be decrypted. We recommend you only encrypt a file if you have an unencrypted backup or you do not care whether you lose the document, or if you have a backup of your private key. An example of using encryption might be sending somebody a password; you don't care if you lose your encrypted copy as you can make another and send it.

Try not to get the eToken wet or dirty. If it gets wet, dry it out before using it.

Top of page

Last Updated: 5/13/15