A very secure way to store grid certificates is on an Aladdin eToken (http://www.aladdin.com/eToken/default.asp). These tokens are so-called smartcards with a USB form factor. They can be used to securely generate and store X509 certificates and/or SSH keys. The public part of an X509 certificate can be accessed by an application, but the corresponding private key can never be copied off an eToken. This, in theory, makes such a device ideal for storing sensitive data such as grid certificates. |
- EPass2003 MAC iOS; ePass2003 Setup Aladdin e-Token Drivers eToken PKI Client x32bit 5.1SP1; eToken PKI Client x64bit 5.1SP1; eToken PKI Client.
- A very secure way to store grid certificates is on an Aladdin eToken. Due to licensing restrictions we cannot supply the eToken drivers and libraries on this site, these need to be downloaded from Aladdin. You can use the eToken PRO on Mac OS X 10.4 and above in the same way as on Linux.
- Aladdin is expected to be fully integrated into SafeNet in the future. Last Drivers HPD1500 DRIVER FOR MAC DOWNLOAD. Aladdin eToken Drivers Download. Aladdin eToken PRO Java 72k latest version PGP KEY eToken DOG KEY.
ETOKEN PRO 64K ALADDIN DRIVER FOR WINDOWS MAC. Firm private ltd, joshua goldman nov, get latest price request, wb222 half mini, legal status firm private ltd, multi factor authentication. Etoken pro driver. HitmanPro 3 64-bit is a second opinion scanner, designed to rescue your computer from malware viruses, spyware, and rootkits. That have infected your computer despite all the security measures. To reset an Aladdin drivers for Windows. ETOKEN PKCS11 DRIVER FOR MAC DOWNLOAD - downloaded 17 times, uploaded on, receiving a 4.76/5 rating by 17 users.
This is an update to the original Aladdin eToken page. The old page can be found here.
|
Platform support
With some tinkering it is possible to use an eToken on
- Windows
- Linux:
- Redhat Enterprise Linux 4 and compatible (Scientific Linux 4, CentOS 4)
- Fedora Core 4 or higher
- Suse 9.3 or higher
- MacOS X
This document tries to explain the tinkering ...
Notes
- not all functions are available on all platforms. Currently, it is not possible to reformat an eToken on Linux. This can only be done on Windows (and perhaps MacOS, but this is untested).
- there is no native 64bit platform support. It is possible to use an eToken on an x86_64 architecture but it requires 32bit versions of all relevant tools (pcsc-lite, openssl, etc)
Downloading the Aladdin eToken RTE software
Due to licensing restrictions we cannot supply the eToken drivers and libraries on this site, these need to be downloaded from Aladdin. You can find the required software on the web:
- Windows: http://www.aladdin.ru/bitrix/redirect.php?event1=download&goto=/upload/iblock/2c0/RTE_3.65.zip
- Linux: http://www.aladdin.ru/upload/iblock/609/eToken_PKI_Client_4_55_Linux.rar
- Mac OS X: http://www.aladdin.ru/bitrix/redirect.php?event1=download&goto=/upload/iblock/973/PKI_3_65_Mac.zip
If you're running Windows XP or Vista you can also use the newer PKI Client 4.5/4.55 software:
- PKI Client 4.55: http://www.aladdin.ru/bitrix/redirect.php?event1=download&goto=/upload/iblock/547/eToken_PKI_Client_4.55_Win.zip
However, you need to make sure that your eToken is initialized in 3.65 compatible mode under the Advanced Settings screen otherwise your token is inaccessible on any other platform than Windows.
(the files on Aladdin's Russian site do not require a password to unpack them, the ones on the US site do...)
To unpack the Linux archive, the rar command is required.
Important
Do NOT install the PKI Client 4.0 software (Windows only)! eTokens initialized with this version of the Aladdin software are completely unusable by older releases. If you want to use your eToken on any other platform than Windows then stick with the RTE_3.65 software release instead.
Installing the Aladdin eToken RTE software
Windows
Unzip the RTE_3.65.zip archive and install RTE_3.65.msi file. After rebooting the operating system should recognize the eToken automatically when it is inserted (a red light will start to glow inside the eToken).
The RTE software is now installed in 'default' mode. To get a few more administration options, including a nifty initialization button in the eToken Properties screen, set/change the registry key
(default value is 0x1).
You can now continue on to Testing the eToken RTE software.
Linux
There are two ways to install the necessary tools:
- manual installation using the Aladdin petoken installation script. You have chosen the difficult path. Instructions can be found in Aladdin eToken PRO Manual Installation.
- install a package for your distribution which does all the hard work for you. There are two flavours: one for RPM based systems, and one for Debian based systems.
The RPM has been tested on- CentOS 4 / Scientific Linux 4 (rhel4), i686 and x86_64 architectures
- Fedora Core 5 (fc5), i686 architecture
- OpenSuSE 10.1, 10.3 (suse10), i686 architecture,
while the Debian package is known to work on - Debian 4.0 stable (codename etch)
- Ubuntu 6.06 LTS
- Ubuntu 7.04
Contents of the pre-built packages
The RPM and Debian packages contain the following.
- Aladdin eToken RTE 3.65 software (in binary form only).
- the mkproxy script to generate grid proxies (see Using an Aladdin eToken PRO to generate grid proxies for details).
- pkcs11-tool command from the opensc package ( http://www.opensc-project.org/ )
- a patched version of the engine_pkcs11 module, also from the opensc package ( http://www.opensc-project.org/ ). This patch allows for PINs longer than 11 characters.
- a patched version of openssl v0.9.8d to allow the user to generate short-lived proxies (the patched file is x509.c; the patch has been submitted to the openssl-dev mailing list).
- system /etc/init.d startup scripts to correctly start the etokend and etsrvd daemons at system startup.
- hotplugging scripts to allow the correct hotplugging of your USB eToken device. These hotplugging scripts work on all Linux 2.6+ kernels, including 2.6.16 and above.
- PC/SC-lite pcscd Smart Card daemon v1.3.1, plus system startup script.
All binaries are installed in /opt/etoken-pro. The system startup and configuration scripts are installed in their appropriate location.
Debian packages
Instructions for obtaining and installing the software for Debian based systems can be found here.
RPM packages
Instructions on how to build and install the etoken-mkproxy rpm are here.
For Nikhef, SARA and IGTF members the following will also work:
Manual installation
Instructions on how to manually install the Aladdin eToken software using the petoken install script can be found inAladdin eToken PRO Manual Installation.
Differences between manual and packaged installations
There are some differences between manual installations and installation of the pre-built packages above:
Manual installation:
- Most of the files end up in /usr/local/bin, /usr/local/lib and /usr/local/sbin.
- the mkproxy script is not included in the manual installation. You can download it separately, including all required binaries by following the instructions in Using an Aladdin eToken PRO to generate grid proxies.
Package installation:
- Most of the files end up in /opt/etoken-pro, with a single symlink in /usr/local/lib.
- the package includes a patched version of the openssl x509 command which allows you to specify short-lived certificates/proxies, much like the grid-proxy-init tool:
This patched version of the openssl command is now also included in the mkproxy tarballs.
Mac OS X
You can use the eToken PRO on Mac OS X 10.4 and above in the same way as on Linux. Just download and install the Aladdin drivers and the etoken_mkproxy package (universal binaries).
The latest 4.55 package for MacOSX is also at at Aladdin.ru
The software installs into
by default.
Testing the eToken RTE software
Windows
You can access your eToken using the software installed by the RTE_3.65.msi installation package (usually in Start->Programs->eToken).
If you have installed Cygwin ( http://www.cygwin.com/ ) and the Mkproxy-cygwin.tar.gz tarball you can also access your eToken using the pkcs11-tool command:
- start a Cygwin shell
- go to the directory where you have unpacked the Mkproxy-cygwin.tar.gz tarball
- type
to list all inserted tokens.
Note This works only if you are logged in locally on the Windows machine. This will not work when logging in remotely using either a Cygwin sshd service or Remote Desktop.
Linux
If you have installed the etoken-mkproxy RPM you can access your eToken using the pkcs11-tool command:
which should return
If you have performed a manual installation then you can find the pkcs11-tool in the tarball for your platform (or in the opensc toolkit):
- FC5: Mkproxy-fc5.tar.gz
- RHEL4: Mkproxy-rhel4.tar.gz
- Suse10: Mkproxy-suse10.tar.gz
Then
- go to the directory where you have unpacked the Mkproxy- tarball
- type
- then type
which should return
Congratulations, your eToken is ready for use!
Mac OS X
If you have installed the eToken PRO mkproxy package and the Aladdin drivers, you can open a terminal window with a command prompt and type (with the token inserted, of course):
which should return:
If this succeeds, your eToken is ready for use.
Why not use the OpenSC tools?
The OpenSC project ( http://www.opensc-project.org/ ) also provides driver software for Aladdin eTokens. Versions up to and including 0.11.2 did not support the CardOS version used on our eTokens.
Update: As of opensc-0.11.3 CardOS version 4.2B is supported!
The OpenSC cardos-info command still gives
but you can access the token using the opensc-explorer and pkcs15-* commands.
However....
it seems you can either use an eToken using the OpenSC software or (XOR) use Aladdin's proprietary software, that is, information stored on an eToken using the OpenSC is not visible to the Aladdin software and vice versa. Also, as the OpenSC software has no notion of 'FIPS compliant' it will (probably) not be possible to put the eToken in FIPS-compliant mode.
Thus, we stick with Aladdin's eToken software and our mixed set of utilities for now...
Initializing your eToken (Windows only)
Aladdin Etoken Driver Windows 10
Note Currently you can only initialize your eToken on the Windows platform. It will not work on Linux, especially changing the SOPIN is not working. This is most likely due to missing functionality in the Linux Aladdin RTE software.
To initialize your eToken for the first time you can use either the Windows client software (Start->Programs->eToken->eToken Properties) or you can use pkcs11-tool :
where Your_New_SO_PIN is the new Security Officer Password. You will be prompted for the existing SOPIN (through a pop window). The default value for the SOPIN is '1234567890'After typing in the correct (old) SOPIN you will see a message like this:
You can now use
to view the status of your eToken:
As you can see it remains in the status 'uninitialized' but it is ready for use.
Initializing your user PIN
After initializing or reformatting your eToken you must initialize the user password ('PIN') before you can store any data on it. Initializing the user PIN can be done on both Windows and Linux.
Note
On Windows
On Linux
The user PIN is initialized using
Please choose your user PIN carefully. It must be between 6 to 12 characters long. If your PIN is more than 12 characters then you will not be able to access your eToken using openssl commands , nor will you be able to generate grid proxies using your eToken!
Using your eToken in Firefox
A very easy method for importing (or removing) keys in your eToken is to add the eToken as a Security Device in Firefox.
This is explained in Using an Aladdin eToken with firefox.
Generating or storing a grid certificate on the eToken
Now that you have initialized your eToken you can either generate a new certificate/private key pair on the eToken itself (very secure!) or you can load your existing grid certificate onto the eToken.
This is explained in Storing your grid certificate on an Aladdin eToken.
Generating grid proxies using an eToken
It is also possible to generate a grid proxy using the eToken.
This is explained in Using an Aladdin eToken PRO to generate grid proxies.
Using an eToken in Java
Sun's Java SDK has pretty good support for external PKCS11 libraries. Seehttp://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html for details.
To use your eToken create a configuration file, e.g. /tmp/java-pkcs11.cfg:
Aladdin Etoken Drivers For Mac Windows 10
Now you can use the Java keytool to access your eToken:
To avoid having to type
you can statically configure the java.security file: add a line
to the $JAVA_HOME/jre/lib/security/java.security file and now you can use
to get the same output as before.
Firmware version is 5. Wallis and Futuna Western Samoa There are 1 items available. The following fields are optional and should only be modified by the system administrator. Only certificates that can be imported on to the eToken are listed. Thank you for your interest in our products.
Uploader: | Gardashura |
Date Added: | 20 February 2006 |
File Size: | 27.77 Mb |
Operating Systems: | Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X |
Downloads: | 44188 |
Price: | Free* [*Free Regsitration Required] |
FM' engine 'pkcs11' set. Updated versions of etokdn utility may be available by visiting the web site www. Be sure that SELinux is disabled or permissive. See other items More To configure advanced settings, click Advanced. Any international shipping and import charges are paid in part to Pitney Bowes Inc. We will review your inquiry and respond as soon as possible.
Watch list is full. These tokens are so-called smartcards with a USB form factor. The eToken Advanced Settings dialog box opens. Wallis and Futuna Western Samoa There are 1 items available. We like to feature links to these articles, with your permission, on our Web site.
The eToken Initialization Parameters dialog box opens. Please allow additional time if international delivery is subject to customs processing.
This is explained in Storing your grid certificate on an Aladdin eToken. Maximum Token Password retries: Disconnect eToken Virtual – disconnects the eToken Virtual with an option for deleting it. Your message has been reported and ppro be reviewed by our staff.
USB Token Drivers-Aladdin | Athena | e-Pass & Root Chain
Incorrectly editing the registry may severely damage your system. Inside each VO two types of files can be found:.
However, you need to make sure that your eToken is initialized in 3. Before to start, please check if pcsc- packages are already installed on your server. Back to Top Contact Us Thank you for your interest in our products.
You may also configure additional settings on the eToken by changing settings by clicking the Etoen button. Up to 2 attachments including images can be used with a maximum of If you have installed Cygwin http: View eToken Info – provides detailed information about the eToken; 5.
HOW TO INSTALL AND CONFIGURE THE ETOKEN & THE MYPROXY SERVLETS — csgf latest documentation
After inserting the eToken, an eToken icon will now appear below the Local Machine icon. Otherwise, the token is initialized without an eToken password, and it will not be usable for eToken applications.
Select etokn the certificate to import is on your personal computer store on the computer, or on a file. SafeNet PKI USB tokens offer a single solution for strong authentication and applications access control, including remote access, network access, password pdo, network logon, as well as advanced applications including digital signature, data and email encryption. Login or create an account to post a review.
eToken PRO 32K (4.2B)
If your PIN is more than 12 characters then you will not be able to access your eToken using openssl commandsnor will you be able to generate grid proxies using your eToken! The server must be registered to the DNS with direct adn reverse resolution; Please set a human readable server hostname for your server e.
This document provides an in-depth overview of the light-weight crypto library, a standard-based solution developed by INFN Catania for central management of robot credentials and provisioning of digital proxies to get seamless and secure access to computing e-Infrastructures supporting the X. New other see details: