So in your case, would you be willing to convert to using an all OpenSC solution, dropping the use the the Aladdin's RTE software? But what is the (commercial) GUI on Windows. What does it do for you user's that OpenSC on Windows can not do? Is this a missing CSP?
Jan Just Keijser wrote: > the reason we started looking at eToken's was to make grid access > *easier*, not harder ;-) > (see > http://www.nikhef.nl/pub/projects/grid/gridwiki/index.php/Using_an_Aladdin_eToken_PRO_to_store_grid_certificates > > for a writeup on how to use Aladdin's RTE software to access eToken's > from Linux) > > We're developing grid software, which makes extensive use of X509 > certificates. These are a pain in the butt for our users, esp. when it > comes to security, keeping track of your private key etc etc. The > ultimate goal is to supply users with an etoken (or any crypto smartcard > in usb format, really, that works on both Windows, Linux and MacOS). > With this etoken they then have transparent access to "the grid", be it > using a browser, using linux command-line tools or using a > certificate-enhanced version of ssh/putty (gsissh) . If we have to tell > our users that an etoken will make life a lot easier/safer etc *but* > they have to keep track of their certificates in two separate ways on > linux and windows then I can already predict what they'll tell me ;-) > > So, I'm looking for a solution that will allow our users to store (and > generate!) their grid certificate safely on a crypto usb key. They will > want to do this only once, as you can imagine (getting the certificate > signed requires a full ID check ). After that , the idea is that they > can plug in the usb key into their systems wherever they are and poof, > magic happens, and they're authenticated on the grid. Right now we use > Aladdin RTE software to do this, as this is "cross-platform transparent" > (ugh) but unfortunately is also not open source. Thus, if I could get > the open source software to work together with the (commercial) GUI on > windows then that would be really great. I don't need PKCS#15 for this, > just PKCS#11 access that works the same on all platforms... We'd be > willing to send one of these eToken PRO 32K's to the opensc developers > if that would speed things up ;-) > > regards, > > Jan Just Keijser > System Integrator > Nikhef / Amsterdam > > > Eddy Nigg (StartCom Ltd.) wrote: >> Douglas E. Engert wrote: >>> >>> Sounds like a emulation routine could be writen. Has anyone looked >>> at that? I would assume you would want to use the same certificates >>> as used with Windows and the vendor's other software. >> One could maybe receive the relevant docs from Aladdin, but to all of >> my knowledge requires one to sign an NDA. What can be done afterwards >> and what the NDA implies is still a question. I have been discussing >> this a little bit with Nils. On the other hand I'm not sure if it can >> be reverse engineered and what's the effort? Or did you have something >> else in mind (emulation), combining both software and use the pkcs11 >> interface of etokend from Aladdin? >> >> Usually I suggest to either use the software provided from Aladdin >> which works on Linux and Windows or OpenSC (which should work on MAC >> too). Well...at least when we get it back working ;-) >> > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
