the commercial GUI I am talking about is Aladdin's RTE software, which provides an 'etoken properties' application. This application allows a user to format an etoken (including setting a new SO pin; this definitely does not work on Linux, might work on Windows with pkcs11-tool), importing and deleting certificates, importing SSH keys (this is definitely not possible using pkcs11-tool). Also, once Aladdin releases it, we want to enable FIPS mode on these etokens, which is currently not possible with opensc *OR* with Aladdin's glorious software . How does opensc support things like enabling FIPS mode?
To make things worse, Aladdin has released a new version of their software, 4.0, which is *not* backwards compatible with their older software. I have yet to figure out how to deal with that. And yes, I'd be willing to use an all OpenSC (or open source) solution, I'd happily drop Aladdin's RTE software, *BUT* I do not want to lock out users who _do_ decide to Aladdin's commercial stuff, especially since the commercial stuff has a higher point&drool coefficient then the current opensc / SCB software does. regards, Jan Just Keijser System Integrator Nikhef / Amsterdam Douglas E. Engert wrote: > So in your case, would you be willing to convert to using an all OpenSC > solution, dropping the use the the Aladdin's RTE software? But what is > the (commercial) GUI on Windows. What does it do for you user's that > OpenSC on Windows can not do? Is this a missing CSP? > > Jan Just Keijser wrote: >> the reason we started looking at eToken's was to make grid access >> *easier*, not harder ;-) >> (see >> http://www.nikhef.nl/pub/projects/grid/gridwiki/index.php/Using_an_Aladdin_eToken_PRO_to_store_grid_certificates >> >> for a writeup on how to use Aladdin's RTE software to access eToken's >> from Linux) >> >> We're developing grid software, which makes extensive use of X509 >> certificates. These are a pain in the butt for our users, esp. when >> it comes to security, keeping track of your private key etc etc. The >> ultimate goal is to supply users with an etoken (or any crypto >> smartcard in usb format, really, that works on both Windows, Linux >> and MacOS). With this etoken they then have transparent access to >> "the grid", be it using a browser, using linux command-line tools or >> using a certificate-enhanced version of ssh/putty (gsissh) . If we >> have to tell our users that an etoken will make life a lot >> easier/safer etc *but* they have to keep track of their certificates >> in two separate ways on linux and windows then I can already predict >> what they'll tell me ;-) >> >> So, I'm looking for a solution that will allow our users to store >> (and generate!) their grid certificate safely on a crypto usb key. >> They will want to do this only once, as you can imagine (getting the >> certificate signed requires a full ID check ). After that , the idea >> is that they can plug in the usb key into their systems wherever they >> are and poof, magic happens, and they're authenticated on the grid. >> Right now we use Aladdin RTE software to do this, as this is >> "cross-platform transparent" (ugh) but unfortunately is also not open >> source. Thus, if I could get the open source software to work >> together with the (commercial) GUI on windows then that would be >> really great. I don't need PKCS#15 for this, >> just PKCS#11 access that works the same on all platforms... We'd be >> willing to send one of these eToken PRO 32K's to the opensc >> developers if that would speed things up ;-) >> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
