본문 바로가기
카테고리 없음

Pki Token Driver For Mac

guelodamadiven 2021. 4. 29. 11:36

OpenSC is supposed to work with any supported smart card (see SupportedHardware for a list) if you have a driver for your card reader or USB token. If you’re unsure, you need a PC/SC driver, which 99.9% of vendors provide for at least Windows platform.

This page contains information about installing the latest Aladdin eToken driver downloads using the Aladdin Driver Update Tool. Aladdin eToken drivers are tiny programs that enable your Authenticator hardware to communicate with your operating system software. Home » USB Token Device Use the links on this page to download the latest version of USB Token Device drivers. All drivers available for download have been scanned by antivirus program. Aladdin eToken PRO. Aladdin offers the eToken PRO, an USB crypto token with 32k or 64k memory and support for RSA keys up to 2048bit key length. The eToken PRO is fully supported by OpenSC and is well tested. Two-Factor Authentication you can Trust. SafeNet eToken 5110 is a portable two-factor USB authenticator with advanced smart card technology. Certificate-based technology generates and stores credentials-such as private keys, passwords, and digital certificates inside the protected environment of the smart card chip. EPass2003 User Guide. V1.0 Feitian Technologies Co., Ltd. 1.2 Preparing for installing ePass2003. The token must be PKI initialized before use.

OpenSC targets smart cards, not smart card readers. So to use your smart card, you need a working smart card reader first.

OpenSC is supposed to work with any supported smart card (see SupportedHardware for a list) if you have a driver for your card reader or USB token. If you’re unsure, you need a PC/SC driver, which 99.9% of vendors provide for at least Windows platform. CT-API drivers are also supported (only if required and a driver is available from reader vendor, CT-API is a deprecated interface) and OpenCT (on Linux/BSD, if the reader or token does not work with pcsc-lite).

USB

Most common connector type for smart card readers is USB.

CCID

Almost all recent USB smart card readers follow the CCID specification. But not all. For USB dongles, a driver is needed for the USB connection if the token uses a proprietary protocol.
For a list of CCID smart card readers supported by libccid see https://ccid.apdu.fr/ccid/section.html. If you are planning to buy a smart card reader, be sure to check for CCID compliance (and extended APDU support if you want to be somewhat future-proof)

Some readers claim “CCID compatible” in marketing material but are not compliant (don’t work with operating system provided CCID drivers) in real life. Readers known to do this are:

  • ACS ACR83
  • ACS APG8201

USB tokens (PC/SC)

  • Schlumberger/Axalto e-gate pcsc-lite driver: see Using-Schlumberger-e-gate-on-Linux

USB tokens (OpenCT)

  • FIXME List of tokens supported by OpenCT
Driver

PIN pad readers

  • Notes about CT-API and PinpadReaders

Bluetooth readers

If someone has experience with any of these, please comment.

Epass 2003 Token Driver For Mac

  • https://ftsafe.com/products/reader/BluetoothSDK available at Github(bR301 and bR301BLE(Bluetooth 4.2) , including for Android, iOS and Windows, Specification Detail)
  • https://www.apriva.com/mobile-security/apriva-reader/ (SDK available under NDA/license, including for Android)
  • https://baimobile.com/baimobile-readers-1 ?
  • https://www.hidglobal.com/products/readers/omnikey/2061 End-of-life (Windows-only PC/SC driver, proprietary/NDA low level protocol)
  • http://images.telos.com/files/external/BT200_Slick.pdf (not reachable)

Information on using existing PC/SC reader over bluetooth on Android: https://github.com/seek-for-android/pool/wiki/BTPCSC

Aladdin offers the eToken PRO, an USB crypto token with 32k or 64k memory and support for RSA keys up to 2048bit key length.

The eToken PRO is fully supported by OpenSC and is well tested.

Note: some 72k Java cards do not work.

Models

The precise model of your token can be determined from the text moulded in the plastic enclosure.

Pki Token Manager

Unsupported models

There is a rare version of the Aladdin eToken PRO with a G&D Starcos smart card inside. This version never went into mass production as far as we know, and is not supported by OpenSC.

Also there are some smart cards with the “Aladdin eToken” Name on them too. These cards are too old, they are not supported by OpenSC, as they lack some required features.

eToken R1 and R2

Those were the first generation of tokens produced. They use a proprietary protocol for communication between the host and token.

  • USB IDs: 0529:030b through 0529:042a
  • Memory: (?)
  • Maximum RSA key size: (?)
  • Crypto chip: (?)
  • On-Chip OS: (?)

eToken PRO 4.2B

This is the second public release of the device, that use a proprietary protocol for communication. These can still (2009) be found on the cheap on EBay or otherwise.

  • USB IDs: 0529:0600
  • Memory: 32k
  • Maximum RSA key size: 2048 bits (it takes a long while to generate one such key, and the LED turns black while it does. Don’t panic!)
  • Crypto chip: Infineon
  • On-Chip OS: Siemens CardOS M4.2B

Aladdin eToken PRO 64k

  • USB IDs: 0529:0600 Vendor=0529 ProdID=0600 Rev=01.00
  • Memory: 64k (46506 Free)
  • Maximum RSA key size: 2048 bits
  • Crypto chip: (?)
  • On-Chip OS: CardOS V4.2B © Siemens AG 1994-2005
  • ATR: 3B F2 18 00 02 C1 0A 31 FE 58 C8 09 75
  • Vendor Site:http://www.safenet-inc.com/aladdin-content/etoken/devices/pro-usb/

eToken PRO v4.29

  • Microcontroller:Atmel AT90SC25672RCT-USB Revision D
  • Memory: 72KB EEPROM (64~67KB usable?; ~8KB reserved for firmware/patches?)
  • Software (default): GlobalPlatform v2.1.1, Java Card v2.2.2, Athena OS755 IDProtect v0106.×.x, Aladdin eToken Applet v1.x
  • USB IDs: 0529:0620
  • ATR: 3B D5 18 00 81 31 3A 7D 80 73 C8 21 10 30
  • FIPS:140-2 Level 2 for USB and smart card versions. Level 3 for HD (hardened) USB versions.

Supported Cryptographic Services

  • Random Number Generator:DRNG (ANSI X9.31 two key TDES deterministic RNG seeded with the hardware RNG)
  • Message Digests:SHA-1, SHA-256
  • Signatures:RSAPKCS#1 (1024- to 2048-bit in 32-bit increments)
  • Ciphers:TDES (112- and 168-bit ECB and CBC), TDESMAC (vendor affirmed), AES (128-, 192- and 256-bit ECB and CBC), RSA (1024- to 2048-bit in 32-bit increments)
  • On-Card Key Generation:RSAPKCS#1 (1024- to 2048-bit in 32-bit increments)
  • Key Establishment:RSA (1024- to 2048-bit in 32-bit increments [strength 80-bits for RSA 1024 to 112-bits for RSA 2048])

There seems to be three different physical versions available: the regular PRO, the PRO HD (a hardened version offering additional physical security compliant with FIPS 140-1 Level 3 requirements), and the PRO SC (a smart card). However, differentiating between the PRO and PRO HD is difficult, as there is little info specific to the HD version available online, and the image used in the FIPS Security Policy documents is identical for the PRO and PRO HD.

This device (and the others below) are compliant with the USBCCID (Chip/Smart Card Interface Devices) standard (see section “Smart Card Class” on http://www.usb.org/developers/devclass_docs).). As such, they don’t require a proprietary driver to work with OpenSC.

  • USB IDs: (?)
  • Memory: (?)
  • Maximum RSA key size: (?)
  • Crypto chip: (?)
  • On-Chip OS: Siemens CardOS M4.20 (?)

Support

Aladdin is maybe the oldest player in the USB token field, and their hardware and software predates the standards such as CCID and PKCS#15, so you can’t really blame them for not conforming to these standards (especially for older token hardware). See also the Thanks section below, they are a fair player!

Aladdin has an SDK with Documentation on their ftp server for public download, but to implement the OpenSC driver further documentation was necessary (by Siemens and available only under NDA as far as we know).

CardOS-based versions

CardOS versions up to and including M4.20 are supported. (Is CardOS M4.3b also working?) This includes all the CardOS-based token versions listed above except the evaluation boards. In order to make these work with OpenSC, one has to install the proprietary middleware; the proprietary key manager is not needed. See [#InstallationNotes below].

One minor misfeature of the Siemens CardOS M4 is that an RSA key cannot be used for both signing and decryption. OpenSC has implemented a workaround: software key generation and storing that key twice, once marked as decryption key and once marked as signing key. To enable this workaround specify “—split-key” on the command line, when creating the key.

Installation Notes

Aladdin provides their own software, which comprises both the middleware (necessary for all CardOS-based tokens) and the key-management tool (also for Linux (link outdated)) which is not compatible with PKCS#15. (However, as long as enough memory is available on the chip, it is possible to initialize the token with both OpenSC and this proprietary key manager, and thus install files and keys side by side – each software can then only handle their own structures.)

Mac OS X

Download the [ftp://ftp.aladdin.com/pub/etoken/PKI%20Client/PKI_Client_4_55_Mac/eToken_PKI_Client_4_55_Mac.zip PKIClient 4.55 software package]. If you are only interested in the middleware (and not the proprietary key manager), don’t install everything at once; rather, follow these steps:

1. unpack and mount the `pkiclient.4.55.41.dmg` file2. explore the `eToken PKI Client 4.55.mpkg` directory on it (Ctrl-click then “Show package contents”), then open “Contents” and “Packages”3. double-click on the following packages in this order so as to install them:
  • `etokenframework.pkg`: those are the shared libraries (that will go into `/Library/Frameworks/eToken.framework`) needed by all the other packages;
  • `etokendriversleopard.pkg` (for Mac OS 10.5.x) or `etokendriverstiger.pkg` (for Mac OS 10.4.x): this is the middleware, that goes under `/usr/libexec/SmartCardServices/drivers/eTokenIfdh.bundle/` . It consists of an auxillary daemon that will be run by ``pcscd`` in order to perform the necessary USB I/O.

To test this setup, plug your token in, then open a terminal and type the following commands:

`pcscd` should start chatting, and the diode on the token should turn on. If `pcscd` instead says:

it means that the middleware is corectly installed, but `etokenframework.pkg` is not. This happens when one installs the former first (!) In that case, run the `Uninstall eToken PKI Client 4.55` program from the .dmg image and start over.

Linux

The middleware for Linux is available here: ftp://ftp.ealaddin.com/pub/etoken/Linux (link outdated) ; and a third party provides the “key-management tool for Linux” (you don’t need the latter if you just want your token to work with OpenSC).

Thanks

Big thanks to Aladdin, they sponsored an OpenSC workshop in 2003 by donating 30 Aladdin eToken PRO!

Big thanks to Startcom and Eddy Nigg for lots of time and support in adding support
for the Aladdin eToken PRO 64, for lots of testing and for donating one to us.

Big thanks to ASW, they donated two Aladdin eToken PRO 64, so we could test our support for
those Tokens (not yet released, will be included in the next release).

Big thanks to Josef Gillhuber from Aladdin. He donated two eToken PRO (32k and 64k) on LinuxTag 2006.

Thanks to Roman Stahl, he donated two Aladdin eToken PRO 32k (4.2B), so we could verify: they work fine too.

티스토리툴바