Difference between revisions of "Using an Aladdin eToken PRO to store grid certificates"

A very secure way to store grid certificates is on an Aladdin eToken (http://www.aladdin.com/eToken/default.asp). These tokens are so-called smartcards with a USB form factor. They can be used to securely generate and store X509 certificates and/or SSH keys. The public part of an X509 certificate can be accessed by an application, but the corresponding private key can never be copied off an eToken. This, in theory, makes such a device ideal for storing sensitive data such as grid certificates.

Platform support

With some tinkering it is possible to use an eToken on

• Windows
• Linux:
  • Redhat Enterprise Linux 4 and compatible (Scientific Linux 4, CentOS 4)
  • Fedora Core 4 or higher
  • Suse 10 or higher
• MacOS X

This document tries to explain the tinkering ...

Installing the Aladdin eToken RTE software

Due to licensing restrictions we cannot supply the eToken drivers and libraries on this site, these need to be downloaded from Aladdin. You can find the required software on the web:

• Windows: http://www.aladdin.ru/bitrix/redirect.php?event1=download&goto=/upload/iblock/2c0/RTE_3.65.zip
• Linux: http://www.aladdin.ru/bitrix/redirect.php?event1=download&goto=/upload/iblock/179/eToken_PKI_Client_for_Linux_v3_65.rar
• MacOS: http://www.aladdin.ru/bitrix/redirect.php?event1=download&goto=/upload/iblock/973/PKI_3_65_Mac.zip

(the files on Aladdin's Russian site do not require a password to unpack them, the ones on the US site do...)

Generating grid proxies using an eToken

It is also possible to generate a grid proxy using the eToken. This is explained in Using an Aladdin eToken PRO to generate grid proxies.