Mac OS X and eToken PKI Client
I’ve also managed to get the Mac drivers for another of the common USB crypto tokens, this time from Aladdin Systems (who are now owned by SafeNet, but that’s neither here nor there).
Installation is about the same, however having a “proper” graphical token management utility (eToken Properties) is much much nicer than having to use a command line based utility. The installer logs you out after it’s done its’ thing, however it took a full reboot before the token was recognised.
I didn’t have the doco handy, so I don’t know if it goes in to detail on how to configure Firefox to use the token; but the process is basically the same as for the SafeNet iKey — go in to the Firefox preferences, Advanced > Encryption > Security Devices > Load, given the module a name (like “eToken PKI” maybe) and point to the following file location:
/Library/Frameworks/eToken.framework/Versions/Current/libeToken.dylib
Restart Firefox just to be sure, but everything should just work. Attempting to use Keychain Access to manage the token is just as pointless an activity as with the iKey token, though at least the Keychain Access app doesn’t crash. In any case, it’s easy enough to use the token management tool to import and delete certificates – that is, unless you’re trying to import CA certificates on to the token, because the only format it can cope with importing is PKCS12 (which is retarded, because the Windows version of the same utility has no problems importing CA certificates). If the PKCS12 file has CA certificates, they do get imported properly.
Key generation is a bit faster than with the iKey token — though whether that is due to better hardware/drivers, I don’t know.
What will be very interesting to see is whether these drivers (and the iKey drivers) work at all with Mac OS X Snow Leopard. I’m guessing they will (at least, with Firefox) – but I’m still waiting on my copy of Snow Leopard to show up, so it’s a bit of a mystery to me for now.
- zac.
Use Firefox instead.