Mac OSX and SafeNet iKey tokens
I finally managed to get my hands on the SafeNet iKey token drivers for Mac OSX. For reasons I still don’t entirely understand, SafeNet have seen fit to make the Windows drivers freely available – but the Mac drivers need $$ spent and CDs shipped from the United States.
The driver CDs that I ordered finally made their way to my desk today – was entertained by the amount of packaging they deemed necessary; 5 CDs came in individual envelopes inside a box that could have easily held 100 CDs! Not very environmentally friendly.
Installing the drivers is simple enough, but configuring Firefox is a little more complicated (you have to configure the PKCS11 security device in the advanced preferences by hand). Instruction manual reading required.
First attempt to get things going (on an ancient Graphite Power Mac G4) was filled with fail; the token utility program couldn’t see the token I was trying to use. I suspect the problem was more related to dodgy USB ports than anything else, but no way to test properly. Second installation attempt on my MacBook Core Duo worked properly – token was now recognised, but I couldn’t do anything with it. Pro tip #1: use a token that isn’t damaged.
Once configured, the token needs to be removed and reinserted before Keychain Access can see it and interact with it. Pro tip #2: don’t expect much from Keychain Access. You can’t import PKCS12 files to the token and it crashes if you look at it the wrong way. 
Use Firefox instead.
Once configured, Firefox handles certificate imports quite nicely – and enrolling/installing certificates using our regular enrollment pages works properly as well (albeit key generation takes a very long time indeed). During enrollment, you’re first prompted to choose a security level (key size) and then the security device, which will allow you to select the token for key storage (the token label is what appears in the dropdown). During certificate installation, Firefox automagically works out where the certificate should live and asks for the token password if needed.
The one annoyance is that any CA certificates are copied to the browser store and not the token store; Firefox won’t have it any other way. There doesn’t appear to be any method of moving CA certificates to the token on a Mac, whether by using Firefox or the included token utility.
Exciting stuff.
- zac.
I own the SafeNet iKey 2032 token. On SafeNet e-mail support, I was told it’s not possible to download or buy the drivers from them. The only way is to ask your CA and they will provide the drivers.
So I did and I’ve received a CD with drivers within 2 days from my CA. This was in April 2009. Just thought I would let you know…
Anyway, what is your BSEC version? Mine is 1.0.2.0003, 17th November 2008. I think it doesn’t work in Snow Leopard.
I’m going to get the new version from my CA again, this is really ridiculous…
“I’m going to get the new version from my CA again, this is really ridiculous…”
That quite neatly describes my personal dealings with SafeNet. I still haven’t installed Snow Leopard! Long story. As soon as I do, I’m going to test the drivers that I have and write a new post.
- zac.
Please do let us me/us know what is your exact version then.
Thank you very much.
OK, I’ve received the official response. Snow Leopard is not supported and there is no ETA for Snow Leopard drivers. The latest (SL incompatible) version is 1.0.2 from November 2008, which I own already.
Hi All,
I’ve difficulties in solving this probz.. i managed to install the driver to MACs, then it can recognize the token. Then i proceed to do secure email, again it can recognize my certificate inside my token, and can send encrypted mail to other user, and the user can receive my encrypted email and can use their token to decrypt my message. The problem is, when i want to reply from Macs and send to their mail, the message error come out saying that the recipients have problem wit their certificate..
can any1 help me? im stuckkkkk thanx in advance..
The last info I heard regarding Snow Leopard iKey drivers is 1st or 2nd quarter 2010. SafeNet is unifying the iKey and aladdin drivers into one installable package. the iKey 2032 is kindof seen as a deprecated product and are focusing future development on the somewhat newly acquired Aladdin product line.