IDGo 800 User Tool for

Windows & Mac

User Guide 1.0
All information herein is either public information or is the property of and owned solely by Gemalto and/or its
subsidiaries who shall have and keep the sole right to file patent applications or any other kind of intellectual
property protection in connection with such information.
Nothing herein shall be construed as implying or granting to you any rights, by license, grant or otherwise, under
any intellectual and/or industrial property rights of or concerning any of Gemalto’s information.
This document can be used for informational, non-commercial, internal and personal use only provided that:
• The copyright notice below, the confidentiality and proprietary legend and this full warning notice appear
in all copies.
• This document shall not be posted on any network computer or broadcast in any media and no
modification of any part of this document shall be made.
Use for any other purpose is expressly prohibited and may result in severe civil and criminal liabilities.
The information contained in this document is provided “AS IS” without any warranty of any kind. Unless
otherwise expressly agreed in writing, Gemalto makes no warranty as to the value or accuracy of information
contained herein.
The document could include technical inaccuracies or typographical errors. Changes are periodically added to
the information herein. Furthermore, Gemalto reserves the right to make any change or improvement in the
specifications data, information, and the like described herein, at any time.
Gemalto hereby disclaims all warranties and conditions with regard to the information contained herein,
including all implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In
no event shall Gemalto be liable, whether in contract, tort or otherwise, for any indirect, special or consequential
damages or any damages whatsoever including but not limited to damages resulting from loss of use, data,
profits, revenues, or customers, arising out of or in connection with the use or performance of information
contained in this document.
Gemalto does not and shall not warrant that this product will be resistant to all possible attacks and shall not
incur, and disclaims, any liability in this respect. Even if each product is compliant with current security
standards in force on the date of their design, security mechanisms' resistance necessarily evolves according to
the state of the art in security and notably under the emergence of new attacks. Under no circumstances, shall
Gemalto be held liable for any third party actions and in particular in case of any successful attack against
systems or equipment incorporating Gemalto products. Gemalto disclaims any liability with respect to security
for direct, indirect, incidental or consequential damages that result from any use of its products. It is further
stressed that independent testing and verification by the person using the product is particularly encouraged,
especially in any application in which defective, incorrect or insecure functioning could result in damage to
persons or property, denial of service or loss of privacy.
© 2016 Gemalto. All rights reserved. Gemalto and the Gemalto logo are trademarks and service marks of
Gemalto and/or its subsidiaries and are registered in certain countries. All other trademarks and service marks,
whether registered or not in specific countries, are the property of their respective owners.

Product Version: 1.0

Document Part Number: 007-013397-001, Revision B
Release Date: April 2016

IDGo 800 User Tool for Windows & Mac: User Guide 2
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 Contents

Contents
Preface .................................................................................................................................. 4
Audience ......................................................................................................................................................... 4

1 Prerequisites and System Requirements ......................................................................... 5

Prerequisites ................................................................................................................................................... 5
Supported Operating Systems........................................................................................................................ 5
Supported Gemalto Smart Card Readers ...................................................................................................... 6
Supported Gemalto Smart Cards ................................................................................................................... 6
Localizations ................................................................................................................................................... 6

2 Launching IDGo 800 User Tool ........................................................................................ 7

Launching the IDGo 800 User Tool for Windows ........................................................................................... 7
Launching the IDGo 800 User Tool for Mac ................................................................................................... 7

3 Working with the IDGo 800 User Tool .............................................................................. 8

Certificates Tab ............................................................................................................................................... 8
Viewing Certificate Data ........................................................................................................................... 9
Deleting Certificates ............................................................................................................................... 10
Exporting Certificates ............................................................................................................................. 10
Importing Certificates ............................................................................................................................. 10
PIN Management Tab ................................................................................................................................... 12
Unblocking a User PIN or Signature PIN on Windows and Mac............................................................ 14
Recycling a Card........................................................................................................................................... 18
Selecting a Default Reader ........................................................................................................................... 20
Support Contacts .......................................................................................................................................... 20

IDGo 800 User Tool for Windows & Mac: User Guide 3
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 Preface

Preface
The IDGo 800 User Tool for Windows and Mac is another component that makes up Gemalto’s IDGo 800
Middleware.
It is used to manage the contents of your IDPrime MD and IDPrime .NET smart cards.
Administrators use IDGo 800 User Tool to set smart card policies. Users use IDGo 800 User Tool to perform
basic smart card management functions, such as changing passwords and viewing certificates on the smart
card. In addition, IDGo 800 User Tool provides users and administrators with a quick and easy way to import
digital certificates and keys between a computer and a smart card.
The User Tool also provides information about the smart card, including its identification and capabilities. It has
access to information stored on the card such as keys and certificates, and enables management of content,
such as password profiles.

NOTE: Do not remove the card from the reader during operation. This may cause
corruption of data on the card.

Audience
This document is targeted to system integrators who want to integrate the software with other applications and
for end-users.
It is assumed that users are familiar with IDPrime smart cards and smart card reader technology, as well as
computer hardware and software.
It is assumed that the user of the IDGo 800 User Tool has administrative privileges for the computer on which
the IDGo 800 Minidriver will be installed.

IDGo 800 User Tool for Windows & Mac: User Guide 4
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 1 – Prerequisites and System Requirements

1
Prerequisites and System Requirements

This chapter provides information on what’s required before installing the IDGo 800 User Tool, and which
Operating Systems and Smart Cards are supported.

Prerequisites
IDGo 800 Minidriver must be installed first.

Supported Operating Systems

The IDGo 800 User Tool is designed to be used on the following Windows operating systems:
• Windows 7 SP1 (32-bit, 64-bit)
• Windows 8.1 (32-bit, 64-bit)
• Windows 10 (32-bit, 64-bit)
The IDGo 800 User Tool is designed to be used on the following Mac operating systems:
• OS X 10.11 (El Capitan)
• OS X 10.10 (Yosemite)
• OS X 10.9 (Mavericks)

NOTE: The screen captures in this document were taken on a Windows OS. The
IDGo 800 User Tool for Mac (screens and functionality) is identical to the Windows
version.

IDGo 800 User Tool for Windows & Mac: User Guide 5
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 1 – Prerequisites and System Requirements

Supported Gemalto Smart Card Readers

The IDGo 800 User Tool operates with any PCSC reader, and has been validated with the following PCSC
readers:
• IDBridge CT 30
• IDBridge CT 40
• IDBridge CT510
• IDBridge CT700/710

NOTE: PIN Pad capabilities are not supported on IDBridge CT700 and CT710
readers.

Supported Gemalto Smart Cards

The IDGo 800 User Tool is designed to be used with the following Gemalto smart cards:
• IDPrime MD 8840
• IDPrime MD 3840
• IDPrime MD 3810
• IDPrime MD 840
• IDPrime MD 830
• Optelio / Desineo D72
• Optelio R7
• IDPrime .NET range

NOTE: The recycle feature is not available for IDPrime MD 840/3840/3841/8840

smart cards (Common Criteria).

Localizations
IDGo 800 User Tool for Windows and Mac support English and Brazilian Portuguese.

IDGo 800 User Tool for Windows & Mac: User Guide 6
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 2 – Launching IDGo 800 User Tool

2
Launching IDGo 800 User Tool

IDGo 800 User Tool is a standalone application. It can be downloaded, copied and launched by users without
administrator privileges.

Launching the IDGo 800 User Tool for Windows

To download and launch IDGo 800 User Tool from Gemalto.com:
1. Go to: http://www.gemalto.com/products/idgo_800_generic/resources/development.html.
2. Click the IDGo 800 User Tool Windows link.
The relevant .zip file is downloaded.
3. On a Windows operating system, double-click the IDGo800UserTool_v1.0.exe file and then click Run.
IDGo 800 User Tool opens automatically.

Launching the IDGo 800 User Tool for Mac

To download and launch IDGo 800 User Tool from Gemalto.com:
1. Go to: http://www.gemalto.com/products/idgo_800_generic/resources/development.html.
2. Click the IDGo 800 User Tool Windows link.
The relevant .dmg file is downloaded.
3. On a Mac operating system, double-click the UserTooIOSX.dmg file and then double-click the IDGo800
User Tool icon.
IDGo 800 User Tool opens automatically.

IDGo 800 User Tool for Windows & Mac: User Guide 7
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 3 – Working with the IDGo 800 User Tool

3
Working with the IDGo 800 User Tool

The IDGo 800 User Tool for Windows and Mac is compatible with IDPrime MD & IDPrime .NET smart cards. The tool
allows users and administrators to change a PIN, unblock a PIN, as well as to access and manage information stored
on a connected smart card, such as keys and certificates.

Certificates Tab
If the smart card contains certificates, a list of the appropriate certificates on the card is displayed in the Certificates
Tab.
The following can be viewed in the Certificates Tab:
• Card Type
• Card Unique Identifier (GUID)
• Card Serial Number (CSN)
• CA/Root Certificates
• User Certificates with Private Keys

IDGo 800 User Tool for Windows & Mac: User Guide 8
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 3 – Working with the IDGo 800 User Tool

The following functions are available from the Certificates Tab:

Table 1: Certificates tab functions

User Description
Function

View details about your certificates.

See Viewing Certificate Data on page 9.

Delete specific certificates from the card, without removing all deletable objects from the card using
the Recycle feature. See Deleting Certificates on page 10.

Export certificates from the smart card.

See Exporting Certificates on page 10.

Import certificates to the smart card.

See Importing Certificates on page 10.

Connect to the smart card using the Minidriver to read the data stored on the card. This process runs
in the background. Nothing is displayed on the screen.
Clicking this button will activate the PIN Management Tab fields. See
PIN Management Tab on page 12 for more details.

Viewing Certificate Data

To view certificate data:
1. Open the IDGo 800 User Tool application.
1. Select the Certificates Tab, and then click the certificate you want to view.
2. Click View.
The Certificate window opens.

IDGo 800 User Tool for Windows & Mac: User Guide 9
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 3 – Working with the IDGo 800 User Tool

3. Use Certificate window to see details about your certificates, modify them, delete them, or request new ones.
4. Click OK to close the Certificate window.

Deleting Certificates
To delete a certificate:
1. Open the IDGo 800 User Tool application.
2. Select the Certificates Tab, and then click the certificate you want to delete.
3. Click Delete.
The Enter User PIN window opens.

4. Enter the User PIN and click OK.

5. All requested certificates are deleted, and a message confirms that the delete process was successful.

Exporting Certificates
To export a certificate:
1. Open the IDGo 800 User Tool application.
2. Select the Certificates Tab, and then click the certificate you want to export.
3. Click Export.
The Save As window opens.
4. Select the location to store the certificate, enter a file name, and click OK.

NOTE: Certificates can be exported in DER-encoded or Base64 formats. PKCS#7

storage format is not supported.

Importing Certificates
When importing a certificate, the private key and corresponding certificate are imported to the smart card. The user is
asked to enter a password that protects the certificate file.
The following certificates are supported:
• User Certificates (.pfx/.p12 files) – Both the private key and certificate are loaded into the card.
• CA/Root Certificates (crt/pem files) – These certificates are loaded into the ‘Root Certificates’ folder on the
card.
To Import a Certificate from a file:
1. Open the IDGo 800 User Tool application.
2. Select the Certificates Tab, and click Import.
IDGo 800 User Tool for Windows & Mac: User Guide 10
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 3 – Working with the IDGo 800 User Tool

3. Select the relevant certificate to import, and click Open.

The Password window opens.

4. Enter the certificate password, and click OK.

The Enter User PIN window opens.

NOTE: If an incorrect PIN is entered more than a pre-defined number of times, the
smart card becomes blocked.

5. Enter the User PIN and click OK.

6. All requested certificates are imported, and a message confirms that the import was successful.

IDGo 800 User Tool for Windows & Mac: User Guide 11
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 3 – Working with the IDGo 800 User Tool

PIN Management Tab

Gemalto IDPrime MD and IDPrime .NET smart cards are supplied with an initial default PIN. In most organizations,
the initial PIN is 0000, and is defined using a Card Management System (CMS).

NOTE: Administrators can define several PIN quality parameters. Contact your
Gemalto sales representative for more details.

If no CMS was used to define the initial PIN, ensure strong, two-factor security by changing the initial PIN to a private
one as soon as the new card is received.
It is the user’s responsibility to remember the PIN. Without it, the card cannot be used.
If the card is set with an Administrator PIN, then only an administrator can configure or delete the contents of the
card.

NOTE: Users may change the Admin key in cases where the IDPrime card is not
managed by an administrator.

IDGo 800 User Tool for Windows & Mac: User Guide 12
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 3 – Working with the IDGo 800 User Tool

The following functions are available from the PIN Management Tab:
Table 2: PIN Management tab functions

User Description
Function

Saves the changes made to the User PIN, Admin PIN, and Signature PUK.

Connects to the smart card using the Minidriver and reads/updates the card’s contents.
Clicking this activates the PIN Management Tab fields.
The User Tool analyzes the contents of the card and updates the list of PIN roles that can be
changed/unblocked dynamically. If your card has a simple profile with a User PIN and an Admin Key,
the Signature PIN and Signature PUK profiles will not appear in the list of PIN roles.

To change your Gemalto IDPrime MD or IDPrime .NET smart card PIN:

1. Open the IDGo 800 User Tool application.
2. Select the PIN Management Tab.
3. Click Analyze Card to activate the PIN Management Tab fields.
4. Enter the following:

Operation Type Select either one of the following:

• Change – Select this option when changing both the User PIN and
Admin PIN or Signature PIN and Signature PUK.
• Unblock – Select this option if you are unblocking the User PIN,
Signature PIN. If an incorrect PIN is entered more than a pre-defined
number of times, the smart card becomes blocked. Unblocking a smart
card PIN can be used only by administrators. See Unblocking a User
PIN on page 14.

PIN Role Select either one of the following:

• User PIN – Select this option if you are changing the User’s PIN.
• Admin Key – Select this option if you are changing the Administrator’s
24 byte key.
Common Criteria cards have the following PIN Roles:
• Signature PIN – Select this option if you are changing the Signature
PIN.
• Signature PUK – Select this option if you are changing the Signature
PUK.

Old PIN/Old Admin Key Enter the current User PIN/Admin Key.

New PIN/New Admin Key Enter a new User PIN/Admin Key

Confirm new PIN Confirm the new User PIN/Admin Key

IDGo 800 User Tool for Windows & Mac: User Guide 13
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 3 – Working with the IDGo 800 User Tool

5. Click Change.
A message confirms that the PIN was changed successfully.

NOTE: The administrator key must be entered using 48 hexadecimal characters.

Unblocking a User PIN or Signature PIN on Windows and Mac

If you enter an incorrect PIN more than a pre-defined number of times, the smart card becomes locked.
The unblock PIN feature:
• Is protected by a PUK or Admin Key
• Can be unblocked only by administrators

NOTE: Users may unblock their PIN in cases where the IDPrime card is not
managed by an administrator.

To unblock a User PIN on Windows:

1. Open the IDGo 800 User Tool application.
2. Select the PIN Management Tab.
3. Enter the following:

Operation Type Select Unblock.

PIN Role User PIN – Select this option to unblock the User PIN.

Admin Key Enter the current Admin Key.

New PIN Enter a new User PIN

Confirm new PIN Confirm the new User PIN

4. Click Unblock.
A message confirms that the PIN was unblocked successfully.

IDGo 800 User Tool for Windows & Mac: User Guide 14
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 3 – Working with the IDGo 800 User Tool

To unblock a User PIN on Windows using the Admin Key Challenge Response Method:
The scenario below describes how a user can unblock the User PIN on Windows using the Admin Key Challenge
Response method, while speaking to IT Help Desk personnel over the phone.
1. Open the IDGo 800 User Tool application.
2. Select the PIN Management Tab.
3. In the Operation Type field, select Unblock.
4. In the PIN Role field, select User PIN.

5. Leave the Admin Key field empty and enter a New PIN.
6. Click Unblock.
The Please enter the cryptogram window opens.

7. The Card Challenge value displayed must be communicated to the help desk personnel over the phone.
8. The help desk personnel generate a Cryptogram value, which is communicated back to the user over the phone.

IDGo 800 User Tool for Windows & Mac: User Guide 15
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 3 – Working with the IDGo 800 User Tool

9. Enter the Cryptogram value and click OK.

As soon as the unblocking process completes, a User PIN unblocked successfully message appears.

To unblock a User PIN on Mac:

1. Open the IDGo 800 User Tool application.
2. Select the PIN Management Tab.

3. Enter the following:

Operation Type Select Unblock.

PIN Role User PIN – Select this option to unblock the User PIN.

Admin Key Enter the current Admin Key.

New PIN Enter a new User PIN

Confirm new PIN Confirm the new User PIN

IDGo 800 User Tool for Windows & Mac: User Guide 16
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 3 – Working with the IDGo 800 User Tool

4. Click Unblock.
A message confirms that the PIN was unblocked successfully.
To unblock a Signature PIN:

1. Open the IDGo 800 User Tool application.

2. Select the PIN Management Tab.

IDGo 800 User Tool for Windows & Mac: User Guide 17
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 3 – Working with the IDGo 800 User Tool

3. Enter the following:

Operation Type Select Unblock.

PIN Role Signature PIN – Select this option to unblock the Signature PIN.

PUK Enter the current PUK.

New PIN Enter a new User PIN

Confirm new PIN Confirm the new User PIN

4. Click Unblock.
A message confirms that the Signature PIN was unblocked successfully.

Recycling a Card
Objects stored on your MD/.NET cards include data objects (profiles), keys, CA certificates, User certificates, and
custom data files including PKCS#11 related files.
The recycle card function removes all deletable objects from the card. Non-deletable objects such as Minidriver base
system files (cardid, cardcf, and cardapps) are not removed from the card.
Only non-Common Criteria smart cards may be recycled.

NOTES:
- If your IDPrime MD card is configured with the Re-init token install parameter
is set to Yes, the card is recycled even if the Admin Key is blocked.
- The recycle feature is not available for IDPrime MD 840/3840/3841/8840
smart cards (Common Criteria).

IDGo 800 User Tool for Windows & Mac: User Guide 18
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 3 – Working with the IDGo 800 User Tool

To recycle your Gemalto IDPrime MD or IDPrime .NET smart card:

1. Open the IDGo 800 User Tool application.
2. Select the Recycle Card Tab.
3. Enter the following:

Admin Key Enter the current Admin Key.

New PIN Enter a new User PIN. The new PIN is saved on the clean card.

Confirm PIN Confirm the new User PIN.

New PUK Administrators must enter a new PUK. Only if relevant.

Confirm PUK Administrators must confirm the PUK.

NOTES:
On a Mac OSX, the recycling feature is supported only if the card profile has a
User PIN and Admin Key.

4. Click Recycle. The recycling process begins.

A message confirms that the card was recycled successfully.
5. Click OK.

IDGo 800 User Tool for Windows & Mac: User Guide 19
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
 3 – Working with the IDGo 800 User Tool

Selecting a Default Reader

The following options are available when selecting the Options menu at the top left of the User Tool:

If more than one Gemalto USB Smart Card Reader is connected, you can select which
reader to work with:
• Choose Reader Automatically – The application will select a reader.
• Select any other Smart Card Reader – Manually select a connected reader.

Select either one of the following languages:

• English
• Brazilian Portuguese

Displays the version number and copyright year.

Closes the IDGo 800 User Tool application.

Support Contacts
If you encounter a problem while installing, registering or operating this product, please make sure that you have read
the documentation. If you cannot resolve the issue, contact your supplier or Gemalto Customer Support. Gemalto
Customer Support operates 24 hours a day, 7 days a week. Your level of access to this service is governed by the
support plan arrangements made between Gemalto and your organization. Please consult this support plan for
further information about your entitlements, including the hours when telephone support is available to you.

Contact Method Contact Information

Address Gemalto
4690 Millennium Drive
Belcamp, Maryland 21017, USA

Phone US 1-800-545-6608

International 1-410-931-7520

Technical Support https://serviceportal.safenet-inc.com

Customer Portal Existing customers with a Technical Support Customer Portal account can log in to
manage incidents, get the latest software upgrades, and access the Gemalto Knowledge
Base.

IDGo 800 User Tool for Windows & Mac: User Guide 20
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.