Using an Aladdin eToken with firefox
A very easy method for importing (or removing) keys in your eToken is to add the eToken as a Security Device in Firefox. The procedure for Mozilla/Seamonkey is nearly identical. To add your eToken as a security device , follow these steps
- Start Firefox
- (Linux) Go to Edit->Preferences->Advanced->Tab "Encryption"
- (Windows) Go to Tools->Options->Advanced->Tab "Encryption"
- Click on 'Security Devices'
You should see a screen similar to
- Click on 'Load'
- In the next screen, enter a (possibly useful) name for this module and Click on 'Browse' to select the appropriate PKCS11 module
- (Linux) choose /usr/local/lib/libetpkcs11.so
- (Windows) choose $WINDIR\system32\etpkcs11.dll where $WINDIR is the location where Windows is installed. For most Windows XP systems, this will be c:\windows, for Windows 2000 this usually is c:\winnt.
- Click 'OK'
- The eToken PKCS11 module is now ready for use. If your eToken is inserted in the computer then it will appear in the list of
Note that the name of your eToken is the name that you gave it when your eToken was initialized.
- Note that you are not logged into your eToken at this time. You can do so by clicking on the 'Login' button, after which you'll be prompted for your eToken password:
- The next step is to store your existing grid certificate on your eToken. First, convert your grid certificate to PKCS12 format:
# openssl pkcs12 -export -in ~/.globus/usercert.pem -inkey ~/.globus/userkey.pem -out globus.p12 Enter pass phrase for userkey.pem: Enter Export Password: Verifying - Enter Export Password:
You will be asked for your grid certificate passphrase first and then for the (new) Export Password and then once more to verify your newly chosen export password.
NOTE This Export Password is as important as your grid certificate passphrase, as both can be used to decrypt your private key. Guard them both safely!
- Go back to the "Encryption" preferences screen
- (Linux) Go to Edit->Preferences->Advanced->Tab "Encryption"
- (Windows) Go to Tools->Options->Advanced->Tab "Encryption"
and click on 'View Certificates'. You will see a screen similar to
- Click on 'Import' and browse to the location of your globus.p12 file:
(Linux users: remember to select the 'Show hidden files and directories' checkbox)
- Select your eToken as the device on which to store the certificate:
- Enter the password (User PIN) for your eToken:
- Enter the 'Export password' that you choose to export the PKCS12 file with:
If all went well, Firefox will report success:
after which your grid certificate should be stored on your eToken: