AP-701 encryption

    In the following article we will cover the following steps to encrypt our AP-701 digital pen

    1. Prerequisites
    2. Steps to encrypt
    3. Verify encryption
    4. Remove encryption


    • Anoto Live Encryption SDK
      • Generate a CA (Certificate Authenticator) text file, along with a public- & private-encryption certificates with this SDK's Anoto Key Management Tool, completing the relevant fields.
      • VERY IMPORTANT - Save the CA text file with the number, in a safe place. Encryption cannot be removed from the pen without this number.

    • penDirector (2.10 or above)
      • Ensure that the PenKeyLoaderPro feature is enabled within the penDirector 'Settings Tool' (application restart required after enabling.

    • AP-701 (firmware and above; check that all pens are at the required firmware level before beginning the encryption process)
    • Anoto Live SDK for Windows ( and above)



    Run penDirector and in the General-tab select penKeyLoader.


    Set "Select mode" to “Install certificate authenticator and encryption certificate”


    Paste the string from ca.txt into the “New key” field (leaving the "Old key" field empty), ensuring you don’t take any space characters.


    "Browse..." for the certificate supplied by the Encryption SDK


    Click the “Save as...” button to set the pen registration file output (this file isn’t used, but needs to be set). It will generate an XML file. Save to a location of your choice.


    Dock the pen and select "Apply"


    A message will appear stating the upload was correct.

    To verify pen Encryption


    Access penDirector's General - Support information tab.


    Please see pictures below of how to differentiate between an encrypted pen & a pen that is not encrypted.

    • A pen that is encrypted.
    • A pen that is not encrypted.

    To uninstall encryption from the pen

    NOTE: Please be aware this also deletes all strokes that may be on the pen, so best to retrieve them before proceeding.

    Even though you'll be able to delete the encryption (public) certificate from the pen with penDirector, you will only be able to remove the certificate authenticator (CA) from the pen with our Windows SDK's sample application, Pen Browser.


    With the pen docked, launch Pen Browser and select the Pen Encryption tab.


    Select Remove certificate


    To remove the CA, paste the string from ca.txt into the Old CA key field, ensuring you don’t take any space characters.

    Leaving the New CA key empty, select Set CA.

    If the pen is used without deleting the valid Certificate the pen will vibrate constantly on touching patterned paper.


    Encryption has now successfully been removed from the pen & it should appear as below in Pen Browser.

Was this article useful? Thanks for the feedback There was a problem submitting your feedback. Please try again later.