Mac OS X and eToken PKI Client
I’ve also managed to get the Mac drivers for another of the common USB crypto tokens, this time from Aladdin Systems (who are now owned by SafeNet, but that’s neither here nor there).
Installation is about the same, however having a “proper” graphical token management utility (eToken Properties) is much much nicer than having to use a command line based utility. The installer logs you out after it’s done its’ thing, however it took a full reboot before the token was recognised.
I didn’t have the doco handy, so I don’t know if it goes in to detail on how to configure Firefox to use the token; but the process is basically the same as for the SafeNet iKey — go in to the Firefox preferences, Advanced > Encryption > Security Devices > Load, given the module a name (like “eToken PKI” maybe) and point to the following file location:
/Library/Frameworks/eToken.framework/Versions/Current/libeToken.dylib
Restart Firefox just to be sure, but everything should just work. Attempting to use Keychain Access to manage the token is just as pointless an activity as with the iKey token, though at least the Keychain Access app doesn’t crash. In any case, it’s easy enough to use the token management tool to import and delete certificates – that is, unless you’re trying to import CA certificates on to the token, because the only format it can cope with importing is PKCS12 (which is retarded, because the Windows version of the same utility has no problems importing CA certificates). If the PKCS12 file has CA certificates, they do get imported properly.
Key generation is a bit faster than with the iKey token — though whether that is due to better hardware/drivers, I don’t know.
What will be very interesting to see is whether these drivers (and the iKey drivers) work at all with Mac OS X Snow Leopard. I’m guessing they will (at least, with Firefox) – but I’m still waiting on my copy of Snow Leopard to show up, so it’s a bit of a mystery to me for now.
- zac.
Unfortunately, I’m not having any luck with my eToken now that I’ve upgraded to Snow Leopard. Had everything working before, and now that I’ve upgraded the client software just doesn’t recognize the token. I’m hoping they’ll have an update out shortly.
Hey Todd, thanks for the feedback! Sorry to hear that it didn’t work with Snow Leopard; I’ll try my contact at SafeNet and see if they know anything about an updated PKI client.
- zac.
Hello,
Aladdin eToken is not working with 10.6, I also tried a Marx Dongle with TokenLounge from AET, but it is not working too…
http://www.drecksblog.de/2009/08/31/drecks-schneeleopard/
Is there any update on the availability of a fix for 10.6?
Not that I have seen, Mark. It’s like Aladdin doesn’t even care if their software works on Mac or not. I have to believe that the fix to get their Leopard version working on Snow Leopard is probably trivial. Likely as trivial as just recompiling it. And yet they can’t be bothered to fix it.
Makes me really wish my VPN certificate wasn’t locked into their horrid device.
The following was Google Translated from aladdin.ru:
No. Currently PKI Client does not support in Mac OS 10.6
Snow Leopard.
Release of PKI Client with support for Mac OS 10.6 Snow Leopard is scheduled
the first quarter of 2010.
Aladdin pki client support for snow leopard probably will be late than first Q 2010.
Any news about other brands supporting snow?
Not that I have seen, Mark. It’s like Aladdin doesn’t even care if their software works on Mac or not. I have to believe that the fix to get their Leopard version working on Snow Leopard is probably trivial. Likely as trivial as just recompiling it. And yet they can’t be bothered to fix it.
Makes me really wish my VPN certificate wasn’t locked into their horrid device.
Aladdin pki client support for snow leopard probably will be late than first Q 2010.
Any news about other brands supporting snow?
The following was Google Translated from aladdin.ru:
No. Currently PKI Client does not support in Mac OS 10.6
Snow Leopard.
Release of PKI Client with support for Mac OS 10.6 Snow Leopard is scheduled
the first quarter of 2010.