Difference between revisions of "Using an Aladdin eToken with firefox"

From PDP/Grid Wiki
Jump to navigationJump to search
 
Line 17: Line 17:
 
[[Image:Cert firefox etoken device.png|security devices]]
 
[[Image:Cert firefox etoken device.png|security devices]]
  
Note that the name of your eToken is the name that you gave it when your eToken was initialized. Also, note that you are not logged into your eToken at this time. You can do so by clicking on the 'Login' button, after which you'll be prompted for your eToken password:
+
Note that the name of your eToken is the name that you gave it when your eToken was initialized.  
 +
 
 +
* Note that you are not logged into your eToken at this time. You can do so by clicking on the 'Login' button, after which you'll be prompted for your eToken password:
  
 
[[Image:Cert firefox master password.png|token master password]]
 
[[Image:Cert firefox master password.png|token master password]]
  
 +
* The next step is to store your existing grid certificate on your eToken. First, convert your grid certificate to PKCS12 format:
 +
  # openssl pkcs12 -export -in ~/.globus/usercert.pem -inkey ~/.globus/userkey.pem -out globus.p12
 +
  Enter pass phrase for userkey.pem:
 +
  Enter Export Password:
 +
  Verifying - Enter Export Password:
 +
 +
You will be asked for your grid certificate passphrase first and then for the (new) Export Password and then once more to verify your newly chosen export password.
 +
'''NOTE''' This Export Password is as important as your grid certificate passphrase, as both can be used to decrypt your private key. Guard them both safely!
  
*
+
* Go back to the "Encryption" preferences screen and click on 'View Certificates'
 +
** (Linux) Go to Edit->Preferences->Advanced->Tab "Encryption"
 +
** (Windows) Go to Tools->Options->Advanced->Tab "Encryption"

Revision as of 10:33, 26 April 2007

A very easy method for importing (or removing) keys in your eToken is to add the eToken as a Security Device in Firefox. The procedure for Mozilla/Seamonkey is nearly identical. To add your eToken as a security device , follow these steps

  • Start Firefox
  • (Linux) Go to Edit->Preferences->Advanced->Tab "Encryption"
  • (Windows) Go to Tools->Options->Advanced->Tab "Encryption"
  • Click on 'Security Devices'

You should see a screen similar to

this.

  • Click on 'Load'
  • In the next screen, enter a (possibly useful) name for this module and Click on 'Browse' to select the appropriate PKCS11 module

Cert firefox load pkcs11.png

  • (Linux) choose /usr/local/lib/libetpkcs11.so
  • (Windows) choose $WINDIR\system32\etpkcs11.dll where $WINDIR is the location where Windows is installed. For most Windows XP systems, this will be c:\windows, for Windows 2000 this usually is c:\winnt.
  • Click 'OK'
  • The eToken PKCS11 module is now ready for use. If your eToken is inserted in the computer then it will appear in the list of

security devices

Note that the name of your eToken is the name that you gave it when your eToken was initialized.

  • Note that you are not logged into your eToken at this time. You can do so by clicking on the 'Login' button, after which you'll be prompted for your eToken password:

token master password

  • The next step is to store your existing grid certificate on your eToken. First, convert your grid certificate to PKCS12 format:
 # openssl pkcs12 -export -in ~/.globus/usercert.pem -inkey ~/.globus/userkey.pem -out globus.p12
 Enter pass phrase for userkey.pem:
 Enter Export Password:
 Verifying - Enter Export Password:

You will be asked for your grid certificate passphrase first and then for the (new) Export Password and then once more to verify your newly chosen export password. NOTE This Export Password is as important as your grid certificate passphrase, as both can be used to decrypt your private key. Guard them both safely!

  • Go back to the "Encryption" preferences screen and click on 'View Certificates'
    • (Linux) Go to Edit->Preferences->Advanced->Tab "Encryption"
    • (Windows) Go to Tools->Options->Advanced->Tab "Encryption"