Supported middleware

The middleware in the list below is supported by the relevant PKCS#11 module. PKCS#11 is a standardized interface for connecting cryptographic tokens/smartcards to different software. Here, it is used for the communication between cryptographic token/smartcard, the smartcard reader and SafeGuard Enterprise. For more information, see Sophos knowledgebase article 112781.
Manufacturer Middleware
ActivIdentity ActivClient, ActivClient (PIV)
AET SafeSign Identity Client
Aladdin eToken PKI Client
A-Trust a.sign Client
Charismatics Smart Security Interface
Gemalto Gemalto Access Client, Gemalto Classic Client, Gemalto .NET Card
IT Solution GmbH IT Solution trustWare CSP+
Nexus Nexus Personal
RSA RSA Authentication Client 2.x, RSA Smart Card Middleware 3.x
Sertifitseerimiskeskus AS Estonian ID Card
Siemens CardOS API TC-FNMT
T-Systems NetKey 3.0
Unizeto proCertum


Note that the use of the respective middleware for the standard operating system requires a license agreement with the relevant manufacturer. For information on how to obtain the licenses, see Sophos knowledgebase article 116585.

For Siemens licenses, contact

Atos IT Solutions and Services GmbH

Otto-Hahn-Ring 6

81739 Muenchen


The middleware is set in a SafeGuard Enterprise policy of the type Specific Machine Settings under Custom PKCS#11 Settings in the field PKCS#11 Module for Windows or PKCS#11 Module for Power-on Authentication. The relevant configuration package must also be installed on the computer on which the SafeGuard Management Center is running.