Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated to "Certificate Manager" in the title instead of "CM"

This article describes how to pre-personalize a batch of smart cards in Smart ID Certificate Manager, using the Key Generation System (KGS). 

KGS is not supported on Linux.

Smart card reader

To use a smart card reader to pre-personalize smart cards is only recommended for small scale production, and a smart card reader can only be used for electrical pre-personalization.

Smart card printer

For large volume production and surface printing on the cards, a smart card printer is required.

Prerequisites

Expand
titlePrerequisites

The following prerequisites apply:

  • The KGS is running
  • A card reader or a card printer is configured.
  • If a batch card is required an associated batch card reader must be configured.
  • An appropriate card profile exists.
  • A file containing the PIN encryption key exists.

Step-by-step instruction

Expand
titleProduce smart cards

If you are using a printer with a card feeder, you may control the number of cards to produce in two different ways:

  • Put the exact number of cards in the feeder.
    OR
  • Specify the number of cards in the KGS Start window.


Note

If you have configured a card reader instead of a card printer, it is not possible to specify the number of cards. Then only one card will be pre-personalized. If you use a card reader, repeat the procedure for each card.

A pre-personalization in progress may be interrupted. This possibility is described in “Stopping a Pre-personalization” in Certificate Manager Key Generation System Operator's Guide.

To pre-personalize smart cards:

  1. If you use a card printer with feeder, specify the number of cards in either of the following ways:
    1. Collect as many cards you want to pre-personalize and put them in the card feeder.

      OR
    2. Put any number of cards in the card feeder.
      Later in the procedure, you need to specify the Number of card(s) in the KGS Start dialog box.

      OR
    3. If you use a card reader, put a card in the target card reader.
    Note

    The smart cards must be inserted and positioned according to the instructions in the printer manufacturers’ manuals. Sometimes it is also good practice to add a few extra cards to avoid problems that may occur when the last cards are fed into the printers. These extra cards should be turned upside down to prevent them from being processed.


  2. If the current card type requires a batch card, insert the batch card in the card reader.
  3. Start the KGS by clicking Start on the taskbar. Select Programs > Certificate Manager – KGS. The Start dialog box will appear.
  4. In Card profile, browse to select the appropriate card profile (extension .cpf).
    Card profiles are located in the directory: <install_root>\cardprofiles
    For more information about card profiles, see “Card Profiles” in Certificate Manager Key Generation System Operator's Guide.
  5. In PIN encryption certificate, browse to select the appropriate certificate (extension .crt). Select a certificate delivered by the current CA.
    The certificate files are normally located in the directory: <install_root>\certs
    For more information about the PIN encryption key in certificates, see “PIN Encryption Key” in Certificate Manager Key Generation System Operator's Guide.
  6. If you use a card printer with feeder, specify the Number of card(s) if needed.
  7. Click Start. The Generate seed window will appear.
  8. To generate a seed required for key generation, move the cursor over the window until the box disappears.
    If you stop moving the cursor too soon, you will get a warning.
  9. When the seed has been generated, the pre-personalization starts.
    During the process, the Status window is displayed.