Hello,I have a smart card for digital signatures bought from one of our national providers and I wish to use it in Debian GNU/Linux 8. Unfortunately I haven't been able to do so. I've spent the last few days. I need it because I wish to submit my tax forms online, and I'm required to sign them with an approved device.The card is sold by DigiSign Romania.In hopes of better support in the future, I'm giving some information bellow:lsusb Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching HubBus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hubBus 001 Device 009: ID 12d1:1569 Huawei Technologies Co., Ltd.Bus 001 Device 005: ID 1bcf:2c08 Sunplus Innovation Technology Inc.Bus 001 Device 004: ID 8087:07da Intel Corp.Bus 001 Device 003: ID 08ff:168f AuthenTec, Inc. AES1660 Fingerprint SensorBus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching HubBus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hubBus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hubBus 003 Device 022: ID 18d1:4ee3 Google Inc.

May 12, 2015  Unsuported Aladdin eToken PRO USB 72k Java #461. Closed ieugen opened this issue May 12, 2015 37 comments. I also have installed the SAC 9 and it works fine but it was very hard for me to get the package as it is not easily available to download. Download and install Safenet Authentication Client for Mac from here. SafeNet Authentication Client for MAC Solution To use a SafeNet eToken to store MPKI Admin ID when running a MAC install the SafeNet Authentication Client for MAC.

Re: AKAI AK.SYS Sampler Management Software For Mac « Reply #12 on: December 28, 2015, 03:59:48 PM » Due to recent problems with downloading attached files here from 2 posts with classilla i had to get another copy of the ak.sys program again.

Nexus 4 (tether)Bus 003 Device 027: ID 0529:0620 Aladdin Knowledge Systems Token JCBus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hubopensc-tool -l # Detected readers (pcsc)Nr. I've started working on the driver. I'm following the tutorial from 1 however, when I run./bootstrap.

I get: libtoolize: copying file `m4/ltobsolete.m4'autoreconf: running: /usr/bin/autoconf -forceconfigure.ac:104: error: possibly undefined macro: ACDEFINEIf this token and others are legitimate, please use m4patternallow.See the Autoconf documentation.configure.ac:236: error: possibly undefined macro: ACMSGERRORconfigure.ac:329: error: possibly undefined macro: ACCHECKLIBautoreconf: /usr/bin/autoconf failed with exit status: 1I'm running Debian Jessie.1. I have collected more information about the token.

I made it work on Debian 8 by installing the proprietary drivers (updated for Debian 8). Is it a requirement that you use the token used for your taxes with its existing certificates and keys?If not, I would suggest buying some other card that has Linux, Windows and MacOS support either from thevendor or open source.If you need to use that card, you either need to find documentation on the application that is usedon that card. A card is like a computer, the ATR describes some attributes about card, but not theprogram it is running.

Many governments that issue cards to citizens have some public documentationon how the application on the card works. It usually describes the APDUs and file formats.If you can find a working PKCS#11 module, great. The SAC file I looked contained /usr/lib/libeTPkcs11.so.Based on the SafenetAuthenticationClient.

Look for other SafenetAuthenticationClient packages fromGemAlto. The module is a PKCS#11 module. Mozilla, SSH and PAM can use PKCS#11 modules so its a good standardto use.OpenSC has many utilities that can work directly with most PKCS#11 modules and OpenSC has its own opensc-pkcs11.sothat can work with cards (with selected applications) that OpenSC supports.(OpenSC also has utilities and other drivers that bypass PKCS#11 and only work with cards supported by OpenSC.)All smartcard middleware use PCSC, this includes Windows, Linux and Mac. If you need to write OpenSC support forsome card and application a APDU trace of a working card can help.

If the card works on Windows a USB trace withthe APDUs can also help. But some cards are now using Secure Messaging so the data in these traces is encryptedand not very helpful.On 5/1/2016 4:40 PM, Ioan Eugen Stan wrote:have you tried version 9 from the link I gave?—You are receiving this because you are subscribed to this thread.Reply to this email directly or view it on GitHubDouglas E. /usr/lib/libeTPkcs11.so makes both pkcs11-tool and Thunderbird crash: % pkcs11-tool -module /usr/lib/libeTPkcs11.so -Opkcs11-tool: CRYPTO/Crypto.c:247: initopensslcrypto: Assertion `lib' failed.zsh: abort pkcs11-tool -module /usr/lib/libeTPkcs11.so -OHowever, /usr/lib/x8664-linux-gnu/opensc-pkcs11.so seems to be accepted by Thunderbird (token shows up), and makes pkcs11-tool exit normally (and even make the token blink!). % pkcs11-tool -module /usr/lib/x8664-linux-gnu/opensc-pkcs11.so -ONo slot with a token was found.Thus pcscd, does nothing either: # pcscd -d -a# echo $?1At least opensc-tool does work: % opensc-tool -l# Detected readers (pcsc)Nr. Card Features Name0 Yes AKS ifdh Main Interface 00 00I'll keep looking around. I am not even sure what I am looking for: should 'Log In' become enabled in Mozilla's 'Security devices' interface?Anyway, your help is greatly appreciated! On 5/2/2016 1:40 PM, Quentin Santos wrote: /usr/lib/libeTPkcs11.so makes both pkcs11-tool and Thunderbird crash: % pkcs11-tool -module /usr/lib/libeTPkcs11.so -O pkcs11-tool: CRYPTO/Crypto.c:247: initopensslcrypto: Assertion `lib' failed.

Zsh: abort pkcs11-tool -module /usr/lib/libeTPkcs11.so -O OK, libeTPkcs11.so was part of the SAC package someone else said might work. I just got one of these, the v9 tool kit works with it. Adding lsusb output to help direct search results here.

Dengert, thanks! ' CRYPTO/Crypto.c:247: initopensslcrypto: Assertion lib failed.' Slack is doing different because there is a security concern here.

There is even a Slackie spec that user and group pcscd should have a certain UID&GID and pcscd should be run only under this credentials, with no root privileges. In fact, all the device system doesn't need privileges. The SlackBuild script takes care of ownership and access right of ordinary folders used by pcscd.Even if I use my computer as desktop, I work as an ordinary user and all processes run like that, never had a problem.From SACTools, info about token:HW ver: 4.29FW ver: 1.0Product name: eToken PRO Java 72K OS755Model Token 4.29.1.1.1.0Card type: Java cardOS version: eToken Java Applet 1.1.25Supported key size: 2048 bits.

#EXEMPLOS PARA GERAR CHAVE PRIVADA NO ETOKENthe Aladdin initialization doesn't do a pkcs15/opensc compatible setup. The pkcs11 tools should be capable of working with the eTpkcs11.dll, then the openssl engine should, in theory, be able to load it (eTpkcs11.dll) to accomplish everything (?) that could be accomplished with a key initialized with the opensc code.Have you tried using the pkcs11-spy dll to trace the pkcs11 activity between the pkcs11-tool.exe (or the openssl enginepkcs11) and the eTpkcs11.dll?As Nils mentioned, the opensc initialization is pkcs15 compatible, while the etoken's native setup isn't, so this successful result won't help you unless you can move everything over to opensc. Since there's not currently a MS-compatiable Cryptographic Service Provider(?) for opensc, this can be a problem integrating with MS software. 'C:Program FilesOpenSC ProjectOpenSCtoolspkcs11-tool ' -module 'C:windowssystem32eTPKCS11.dll ' -login -test​Using slot 0 with a present token (0x0)​Logging in to 'fer-etoken'.​Please enter User PIN: CSeedRandom and CGenerateRandom:​ seems to be OK​Digests:​ all 4 digest functions seem to work​ MD5: OK​ SHA-1: OK​Signatures (currently only for RSA)​Signatures: no private key found in this slot​Verify (currently only for RSA)​ No private key found for testing​Key unwrap (currently only for RSA)​Decryption (currently only for RSA)​No errors. 'C:Program FilesOpenSC ProjectOpenSCtoolspkcs11-tool ' -module 'C:windowssystem32eTPKCS11.dll ' -L​Available slots:​Slot 0 (0x0): AKS ifdh 0​ token label: fer-etoken​ token manufacturer: SafeNet, Inc.​ token model: eToken​ token flags: login required, rng, token initialized, PIN initialized, other flags=0x200​ hardware version: 4.30​ firmware version: 1.0​ serial num: 01c5f0a2​ pin min/max: 6/16​Slot 1 (0x1): AKS ifdh 1​ (empty)​Slot 2 (0x2): Rainbow Technologies iKeyVirtualReader 0​ (empty)​Slot 3 (0x3): Rainbow Technologies iKeyVirtualReader 1​ (empty). 'C:Program FilesOpenSC ProjectOpenSCtoolsopensc-tool ' -c gpk -list-algorithms​Using reader with a card: AKS ifdh 0​Algorithm: rsa​Key length: 512​Flags: padding ( pkcs1 ansi iso9796 ) hashes ( sha1 MD5 md5-sha1 )​RSA public exponent: 65537 Algorithm: rsaKey length: 768Flags: padding ( pkcs1 ansi iso9796 ) hashes ( sha1 MD5 md5-sha1 )RSA public exponent: 65537Algorithm: rsaKey length: 1024Flags: padding ( pkcs1 ansi iso9796 ) hashes ( sha1 MD5 md5-sha1 )RSA public exponent: 65537Gerando par de chaves dentro do eToken.

1 Installing SafeNet Authentication Client on Mac OS X The installation package is SafeNetAuthenticationClient.10.0.x.0.dmg. To install with the installer: 1. Double click the SafeNetAuthenticationClient.10.0.x.0.dmg file. A new disk image file is created in the Finder window, including an pkg installation file and an uninstall application. To start the installation, double click SafeNet Authentication Client 10.0.pkg. The Welcome to the SafeNet Authentication Client Installer window opens.

Click Continue. 4 The Installation completed successfully screen opens. Click Close and then perform a Restart (recommended).

Mac OS X restarts. Log in again to Mac OS X.

Installing SAC from the Mac Terminal To install from the Mac terminal: 1. Extract the SafeNet Authentication Client 10.0.pkg file from the dmg file. At the location in the terminal in which you extracted the file run sudo installer -pkg./safenetauthenticationclient 10.0.pkg/ -target / 3. Rise of nations gold edition cd key free download. Enter your root password when prompted. SafeNet Authentication Client 10.0 is installed. It is recommended to Restart Mac OS X.

185 Preparing SAC Mac Custom Installation The custom installation script creates an additional customized installation file (SafeNet Authentication Client Customization 10.0.mpkg) with specific license and configuration properties and values. Before installing the SafeNet Authentication Client Customization 10.0.mpkg file, you must install SAC To create a custom installation: 1. Copy the Custom Installation (packaged with the Mac installation) folder to your Mac PC. Select the Custom InstallationCustomerConfiguration folder, and update the contents of the etoken.conf file with the relevant organization properties, and the SacLicense.lic file with the organization s license.

From the Mac terminal enter the command: cd Custom Installation pathcustominstallscript. Run the script./createsaccustominstallation The file SafeNet Authentication Client Customization 10.0.mpkg is created in the Custom Installationoutput folder. The SafeNet Authentication Client Customization 10.0.mpkg file can now be distributed to all users in the organization as an additional SAC 10.0 installation. Running SafeNet Authentication Client Customization 10.0.mpkg By running the SafeNet Authentication Client Customization 10.0.mpkg file the following is implemented: The /etc/etoken.conf file (created by the Mac SAC 10.0 installation) is replaced by the etoken.conf file, located in the Custom InstallationCustomerConfiguration folder. The SacLicense.lic file, located in the Custom InstallationCustomerConfiguration folder is copied to the /Users/Shared/SafeNet/SAC folder.

196 Installing the Firefox Security Module on Mac When SafeNet Authentication Client is installed, it does not install the security module in Firefox. This must be done manually.

To install the security module in Firefox 1. Open Firefox Preferences Advanced Certificates. On the Encryption tab click Security Devices.

The Device Manager window opens. The Load PKCS#11 Device window opens. In the Module Filename field enter the following string: /usr/local/lib/libetpkcs11.dylib To work with CC devices in unlinked mode, enter the following string for Multi-Slot support: /usr/local/lib/libidprimepkcs11.0.dylib For information on how to work with Multi-Slots, see the PKCS#11 Digital Signature PIN Authentication section of the SafeNet Authentication Client User Guide.

The Confirm window opens. The new security module is installed. 207 Installing the Thunderbird Security Module When SafeNet Authentication Client is installed, it does not install the security module in Thunderbird. This must be done manually.

To install the security module in Thunderbird 1. Select Thunderbird Preferences Advanced. On the Security tab click Security Devices. The Device Manager window opens. The Load PKCS#11 Device window opens. In the Module Filename field enter the following string: /usr/local/lib/libetpkcs11.dylib For information on how to work with Multi-Slots, see the PKCS#11 Digital Signature PIN Authentication section of the SafeNet Authentication Client User Guide. The Confirm window opens.

The new security module is installed. Configuring Acrobat Security Settings Adobe Acrobat can be configured to protect PDF documents using a.cer certificate.

To set Adobe Acrobat security settings: 1. Open Adobe Acrobat and select Preferences Signatures Identities & Trusted Certificates More. The Digital ID and Trusted Certificate Settings window opens.

From the left panel, click Digital IDs PKCS#11 Modules and Tokens. If a PKCS#11 Module is not attached, click Attach Module, browse to SAC PKCS11 lib/usr/local/lib/libetpkcs11.dylib and click Open.

The connected token and certificate appear under PKCS#11 Modules and Tokens. For information on how to work with Multi-Slots, see the PKCS#11 Digital Signature PIN Authentication section of the SafeNet Authentication Client User Guide. To verify the security settings: 1. Select Tools Sign & Certify More Sign & Certify Manage Trusted Identities. The Manage Trusted Identities window opens.

Select the contact and click Details. 8 The Edit Contact window opens. Select the contact and click Show Certificate. The Certificate Viewer Window opens. Select the Trust tab. Trusted settings for the certificate are marked with a green check-mark.

Non-trusted settings are marked with a red cross. Loading the Token PKCS#11 Security Module To use SafeNet Authentication Client the PKCS#11 security module must be loaded.

Ensure that there is only one loaded security module having a path with the value: libetpkcs11.dylib For information on how to work with Multi-Slots, see the PKCS#11 Digital Signature PIN Authentication section of the SafeNet Authentication Client User Guide. New Locations of PKCS#11 Security Module and Tokend El Capitan introduced a new security feature called System Integrity Protection' (see This means that the SAC PKCS11 library is installed in a different location for El Capitan (this is not relevant to earlier Mac versions): SAC PKCS#11 library files are installed in /usr/local/lib/ instead of /usr/lib/. This new location must be updated in applications using the SAC PKCS#11 module, such as Mozilla Firefox, Thunderbird or Adobe Reader.

To ensure that the Token PKCS#11 module is loaded: 1. Do one of the following: When working with Firefox, go to Edit Preferences Advanced Certificates Security Devices. When working with Thunderbird, go to Edit Preferences Advanced Certificates Security Devices. The Device Manager window opens 2. If etoken is not listed in the Security Modules and Devices column, click Load. The Load PKCS#11 Device window opens. Do the following: Replace the contents of the Module Name field with etoken.

In the Module filename field, enter the following: /usr/lib/libetpkcs11.dylib The Module fields are case sensitive. The Confirm window opens.

The Alert window opens. Token is listed in the Security Modules and Devices column of the Device Manager window. Click OK to exit the Device Manager. Upgrading SafeNet Authentication Client on a Mac It is recommended that earlier versions of SafeNet Authentication Client be upgraded to the latest version on each computer that uses a SafeNet etoken, ikey token, or SafeNet smart card. Local administrator rights are required to upgrade SafeNet Authentication Client. After upgrading from SAC 9.1 to SAC 10.0 on a Mac, it is recommended that you restart the machine in order for the device to be recognized. 10 4 Uninstall Uninstall After SafeNet Authentication Client 10.0 Mac has been installed, it can be uninstalled.

Local administrator rights are required to uninstall SafeNet Authentication Client. When SafeNet Authentication Client is uninstalled, user configuration and policy files may be deleted.

Uninstalling - Mac Before uninstalling SafeNet Authentication Client 10.0 Mac, make sure that SafeNet Authentication Client Tools is closed. To uninstall SafeNet Authentication Client 10.0 Mac: 1. Double click SafeNetAuthenticationClient.10.0.x.0.dmg file. A new disk image file is created in the Finder window, including an mpkg installation file and an uninstall application. Click Uninstall SafeNet Authentication Client (Mac) The Welcome to the SafeNet Authentication Client Uninstaller window opens. Click Uninstall.

The Authenticate window opens.