OSX and Aladdin eToken

Thursday

Dec042008

Thursday, December 4, 2008 at 22:00

Due to the nature of my work, and my fondness of Apple products I wasn't able to get my Aladdin eTokens working with OSX. After several months of not trying to crack this I decided to try it again.
The trigger for me was stumbling on the possibility of adding so-called keyfiles to the eToken for accessing TrueCrypt volumes.

First challenge was the eToken PKI software for OSX... Thankfully I'm a Certified eToken guru, so I've got access to their download area (you will have to get your own software). The current version of the eToken software for OSX is v4.55. I installed the Aladdin software on OSX 10.5.5.

This time, the installation of the software was successful, and the software is almost identical to the Windows version (PKI Monitor and eToken Properties software).

eToken PKI Software for OSXAfter the installation you can configure various application to utilize the power of eTokens. I configured FireFox and TrueCrypt (so far) to use an eToken.

FireFox

Open the FireFox Preferences -> Advanced -> Encryption -> Security Devices, and click load.

Add the following information: Load PKCS#11 device Load PKCS#11 device

Module Name: <any name you fancy :) >
Module Filename: /usr/local/lib/libeTPkcs11.dylib

This should add the eToken security device in the Device Manager panel.

Security Devices panelAt this point, you can use your eToken with Firefox. Next TrueCrypt....

TrueCrypt

Open the TrueCrypt preferences, and select the Security tokens 'tab', and add the following location for the library path:

/usr/local/lib/libeTPkcs11.dylib

TrueCrypt Security Tokens library pathAfter adding the library path you can use your eToken to hold your keyfiles for secure access to your private data stored in a TrueCrypt container. Just don't loose your eToken :)

Next mission is to add additional smartcard support (SafeSign based) to the Mac, so I can use my official digital certificates on my Mac for accessing company resources.

UPDATE: The good people of AET Europe contacted me, and mailed me the SafeSign software for OSX. Expect an evaluation soon.

Willem |

6 Comments |

1 Reference |

tagged

FireFox,

SafeSign,

TrueCrypt,

eToken,

keyfiles in

Apple,

Security,

Tips'n Tricks

References (1)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Response: Smart Contract Audit Services

by manoj at Immunebytes on January 4, 2022

Hire a leading Smart Contract Audit Company that has hands-on experience on the various Blockchain frameworks like ETH, BSC, PolkaDot, and others.

Reader Comments (6)

Thanks for posting this! At my company (Oce), we use eToken in combination with Citrix web client to get a vpn connection. I received the eToken software for OS X at my company, and I got it working: I can see my eToken in eToken properties (screen similar to yours), and I can see the certificates there. By letting Firefox load the libeTPkcs11.dylib file like you did, I can log on to our network. However, without the Citrix client for my browser, there's not much I can do with it. I read that the Java client for Citrix does not work with Firefox, but that it does work with Safari:

http://www.scripps.edu/rc/citrix/webbrowser.html

Is there a possibility to let the eToken work with Safari? Any help would be greatly appreciated.

December 15, 2008 |

Bas

Hello Bas,
did you run this through the Aladdin support department? According to http://www.dartmouth.edu/comp/support/library/safecomputing/defenses/authentication/tokens/mac/install.html" target="_blank" rel="nofollow">other sightings Safari should work with the eToken (I have't tested this yet)

Mind you that there are three PKI client versions (limited, minimal, and normal). Perhaps you have a crippled version.

UPDATE: The official http://downloads.quovadisglobal.com/aladdin/mac_os_x/4.55/eToken_PKI_Client_4_55_Mac_README.pdf" target="_blank" rel="nofollow">readme does indeed suggest that OSX Keychain integration should work, but nothing happens on my MacBook when I insert an eToken (with the eToken software installed).

Guess I'll be opening a cause about this..... I'll keep you posted on this.

December 15, 2008 |

Willem

Hi! I have a eToken 64k and I tried to store my passwords etc on the eToken - no way. Software installed, eToken found (in keychains too) but no way to store anything on the token (yes it´s unlocked) Is there a how to or a better manual than the aladdin manual anywhere in the net?

April 2, 2009 |

@ch I don't recall that the web-sign-on part works on the OSX platform (storing usernames and passwords on the eToken). As far as I know only x509/certificate operations are working on the OSX platform.

And I must admit that the regular manuals are insufficient for anything else but certificate management tasks on Windows platforms.

April 2, 2009 |

Willem

Both Solutions (AET and Aladdin) are not working with Snow Leopard...
http://www.drecksblog.de/2009/08/31/drecks-schneeleopard/

September 1, 2009 |

Drecksblog

Aladdin eToken Pro 64K using pkiclient4.55 works fine with OS X Snow Leopard 10.6.6 and TrueCrypt 7.0a following the above directions, for container encryption.

February 8, 2011 |

jcypher

Post a New Comment

Enter your information below to add a new comment.

My response is on my own website »

Author:

Author Email (optional):

Author URL (optional):

Post:

↓ | ↑

Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Comment Moderation Is Enabled
Thanks to your local Internet comment spammer, your comments will be screened before they will be displayed. We're sincerely sorry for the inconvenience, but we're sure that you'll understand. Happy commenting :-)

Notify me of follow-up comments via email.