Aloaha Software

Some settings in <installdir>UserPass.ini are essential to control the look and feel and behavior of the Credential Tiles and/or the GINA.

[Generic]

Enable/Disable Username Field in Credential Provider Tile or Gina
One value should be always 1 and one value 0
DisableUserName=1
EnableUserName=0

AllowUP controls wether the Aloaha Service should enable or disable other credential tiles. AllowUP=0 disables ALL other credential tiles! If you want to use group policies please have a look at: http://blog.aloaha.com/2012/08/20/how-to-hide-credential-providers-from-the-windows-logon-user-interface-using-windows-group-policy/
AllowUP=1

The Kerberos Section defines which Smartcards are considered as PKI/Kerberos Cards
If the value the Middleware Name or Smartcard Name is 1 the Smartcard is not considered as Encryption Token but als pure PKI Card!
The value 1 should NEVER be used in stand alone machines but ONLY in domain machines!

[Kerberos]
aloaha_3BDB18FFC080B1FE751F035A43372E352052455620416F=1
Aloaha Cryptographic Provider=1
Datakey M 330=1
eToken Base Cryptographic Provider=1

The idea of Aloaha Smartlogin is to support all types of Logon Tokens. For example Memory Sticks, Memory (i2c) Smartcards, PKI Smartcards, Mobiles, etc.

Depending on the type of card used the Aloaha GINA Logon Screen will look different.

PKI or Kerberos Smartcards are Smartcards which are supported by Windows. Either native or via 3rd Party Smartcard Middleware or Minidriver.

For Aloaha to be able decide to treat a smartcard as PKI card or just as Encryption token it requires an entry in the <Installdir>UserPass.ini.

The Middleware- or Smartcard Name has to be set in the Kerberos Section as shown below. The example enables Safenet and Aloaha Smartcard as PKI Token.

PLEASE NOTE: PKI Token can be ONLY used for Domain Users! It is not possible to use them for stand alone machines!

[Kerberos]
aloaha_3BDB18FFC080B1FE751F035A43372E352052455620416F=1
Aloaha Cryptographic Provider=1
Datakey M 330=1
eToken Base Cryptographic Provider=1

A number of tokens is hardcoded as PKI Token in Aloaha. Should you whish to add another token please contact info@aloaha.com

As soon Aloaha detects as PKI Token the Logon GINA will look like:

Aloaha GINA PKI Card Logon

When Aloaha Smartlogin is used in PKI/Kerberos- or I2C Card Mode there is a grace period before the screen is locked after the card- or reader removal. This allows the User to quickly re-insert the card in case he removed it by accident.

Per default this grace period is 10 seconds. In case it should be longer it can be changed via registry key: LogOffTimeOut

Furthmore this grace period can be extended with a simple click on the botton at the right lower corner.

Aloaha Smartlogin can be downloaded from http://www.aloaha.com/download/smartlogin.zip

Aloaha Smart Login grace period screen

Strictly speaking it should be impossible for any PDF Reader to display encrypted PDF Documents since they are encryped. But thats not the case – so how is that possible?

Basically when encrypting a PDF Document with a password the encryption key is generated as explained in the PDF specification. This key is then encrypted with the user specified password.

Like that the PDF Reader can decrypt and display the document with the encryption key and without having to know the password.

Now what happens if you loose the PDF Password? Pretty easiy. The Aloaha PDF Editor (included in the Aloaha PDF Suite) allows the user to set or remove the permission password. Aloaha just decrypts the document with the decryption key and then re-crypts the key with with the new permission password.

This shows that the only way to secure PDF Documents is to encrypt them with certificates (for example with the Aloaha PDF Crypter) and NOT just with passwords!

NEW: The new Aloaha PDF Reader is also capable of removing unknown PDF encryption passwords. Just open the document with the Aloaha PDF Viewer and then save as decrypted!
More details on: http://blog.aloaha.com/2012/05/03/aloaha-releases-one-of-the-worlds-smallest-portable-pdf-viewer/