## 20160506 AK ---- [[eToken/CZ|Ĩesky]] | '''english''' ---- == How to use a eToken with CAcert == * What is eToken? ''"eToken is a fully portable USB device the size of an average house key that can be used to generate and provide secure storage for passwords, digital certificates, secure authentication, digital signing and encryption. eToken is based on Smartcard technology but requires no special readers. A single eToken provides a set of ready-to-use security solutions meeting all authentication needs (web access, VPN access, and network logon), and providing laptop and file security. Token assignment, deployment and personalisation within an organisation are easily managed via the Token Management System (TMS)[...]"'' More product information at [[http://www.aladdin.com|aladdin.com]] * How to use eToken with Mozilla/Netscape/Firefox * win32 * nowaday the utilities are not needed anymore. So just get the current drivers ("PKIClient 4.0") and install. ''Ready''. * available at Aladdin homepage (latest) or at [[http://njumaen.dyndns.org/files/eToken/mozilla.html|Njumaen's site]] (maybe not the latest) * for old eToken keysize is limited to 1024bit. Newer eTokens (with CardOS 4.2 or 4.2b or Javacard support 2048bit) * (I've problems accessing the eToken :( - working on it) * Linux * Driver for Aladdin eToken PRO -> [[http://sourceforge.net/projects/etoken/|Project_Page]] at Sourceforge - '''OBSOLETE''' * You can use drivers from http://www.opensc-project.org or the binary driver from Aladdin. For private and testing use you might get it on http://www.etokenonlinux.org. * To use the eToken with firefox, add the pkcs11-library (either opensc-pkcs11.so or libetpkcs11.so) in the firefox dialog '''Edit->Preferences->Advanced->Manage Security Devices''' * Example setup (there are other ways) * OpenCT * OpenSC * Mozilla-``Open``SC * OpenSC's PAM module * How to use eToken with IE * get driver and utility. install. * available at Aladdin homepage (latest) or at [[http://njumaen.dyndns.org/files/eToken/mozilla.html|Njumaen's site]] (maybe not the latest) * format eToken with utility, change default password ('1234567890')! * login (normal) to cacert.org * create your client-cerificate (e.g. for your cacert.org-login) * choose 'eToken Base Cryporgraphic provider' (keysize) * certificate is generated (eToken flashes) * install certificate (etoken flashes) * What's all the fuzz about? * The private key is only stored on the eToken. No token - no private key - no cert usage! * You can use 'Cert login' if you created a cert for your cacert-login. The eToken prompts for your password. (to be completed) In Addition: Much cheaper, supported by opensc and 2048 key support seems (shortly tested at linuxtag) to be provided by: http://www.cryptoflex.com/ shop: http://www.market.axalto.com/ Addition 2: Very good quality by reasonable price provided by [[http://www.intersmile.com|www.intersmile.com]] ---- . CategoryCryptoHardware