We've now found two new vendors on the Shadowlands beta, Stoneweaver McConnell and Solivane, located inside the Venthyr Covenant Sanctum, and although they haven't currently been found inside others, it's presumed that each will have a vendor from which players can use those tokens to purchase the weapons they desire. Pkcs11 Tool No Slot With A Token Was Found 100% first deposit bonus up to £100 at Royal Panda!18+, first deposit only, T&Cs apply. Casino bonus: min. £10, Pkcs11 Tool No Slot With A Token Was Found max. Bonus/free spins winnings wagering requirement: x35. Bonus bet: £5, can vary. C: Program Files (x86) OpenSC Project OpenSC toolspkcs11-tool.exe -module eps2003csp11.dll -M No slot with a token was found. Share improve this answer edited Jul 30 '14 at 6:28. Pkcs11 Tool No Slot With A Token Was Found, cuanto cuesta poker, four diamond casino resort maryland, maryland hollywood casino.
pkcs11-tool - utility for managing and using PKCS #11 security tokens
pkcs11-tool [OPTIONS]
The pkcs11-tool utility is used to manage the data objects on smart cards and similar PKCS #11 security tokens. Users can list and read PINs, keysand certificates stored on the token. User PIN authentication is performed for those operations that require it.
--login, -l
This option will also set the --login option.
NB! This does not affect OpenSC debugging level! To set OpenSC PKCS#11 module into debug mode, set the OPENSC_DEBUG environment variable to a non-zeronumber.
A very secure way to store grid certificates is on an Aladdin eToken (http://www.aladdin.com/eToken/default.asp). These tokens are so-called smartcards with a USB form factor. They can be used to securely generate and store X509 certificates and/or SSH keys. The public part of an X509 certificate can be accessed by an application, but the corresponding private key can never be copied off an eToken. This, in theory, makes such a device ideal for storing sensitive data such as grid certificates. |
This is an update to the original Aladdin eToken page. The old page can be found here.
|
With some tinkering it is possible to use an eToken on
This document tries to explain the tinkering ...
Notes
Due to licensing restrictions we cannot supply the eToken drivers and libraries on this site, these need to be downloaded from Aladdin. You can find the required software on the web:
If you're running Windows XP or Vista you can also use the newer PKI Client 4.5/4.55 software:
However, you need to make sure that your eToken is initialized in 3.65 compatible mode under the Advanced Settings screen otherwise your token is inaccessible on any other platform than Windows.
(the files on Aladdin's Russian site do not require a password to unpack them, the ones on the US site do...)
To unpack the Linux archive, the rar command is required.
Do NOT install the PKI Client 4.0 software (Windows only)! eTokens initialized with this version of the Aladdin software are completely unusable by older releases. If you want to use your eToken on any other platform than Windows then stick with the RTE_3.65 software release instead.
Unzip the RTE_3.65.zip archive and install RTE_3.65.msi file. After rebooting the operating system should recognize the eToken automatically when it is inserted (a red light will start to glow inside the eToken).
The RTE software is now installed in 'default' mode. To get a few more administration options, including a nifty initialization button in the eToken Properties screen, set/change the registry key
(default value is 0x1).
You can now continue on to Testing the eToken RTE software.
There are two ways to install the necessary tools:
The RPM and Debian packages contain the following.
All binaries are installed in /opt/etoken-pro. The system startup and configuration scripts are installed in their appropriate location.
Instructions for obtaining and installing the software for Debian based systems can be found here.
Instructions on how to build and install the etoken-mkproxy rpm are here.
For Nikhef, SARA and IGTF members the following will also work:
Instructions on how to manually install the Aladdin eToken software using the petoken install script can be found inAladdin eToken PRO Manual Installation.
There are some differences between manual installations and installation of the pre-built packages above:
Manual installation:
Package installation:
This patched version of the openssl command is now also included in the mkproxy tarballs.
You can use the eToken PRO on Mac OS X 10.4 and above in the same way as on Linux. Just download and install the Aladdin drivers and the etoken_mkproxy package (universal binaries).
The latest 4.55 package for MacOSX is also at at Aladdin.ru
The software installs into
by default.
You can access your eToken using the software installed by the RTE_3.65.msi installation package (usually in Start->Programs->eToken).
If you have installed Cygwin ( http://www.cygwin.com/ ) and the Mkproxy-cygwin.tar.gz tarball you can also access your eToken using the pkcs11-tool command:
to list all inserted tokens.
Note This works only if you are logged in locally on the Windows machine. This will not work when logging in remotely using either a Cygwin sshd service or Remote Desktop.
If you have installed the etoken-mkproxy RPM you can access your eToken using the pkcs11-tool command:
which should return
If you have performed a manual installation then you can find the pkcs11-tool in the tarball for your platform (or in the opensc toolkit):
Then
which should return
Congratulations, your eToken is ready for use!
If you have installed the eToken PRO mkproxy package and the Aladdin drivers, you can open a terminal window with a command prompt and type (with the token inserted, of course):
which should return:
If this succeeds, your eToken is ready for use.
The OpenSC project ( http://www.opensc-project.org/ ) also provides driver software for Aladdin eTokens. Versions up to and including 0.11.2 did not support the CardOS version used on our eTokens.
Update: As of opensc-0.11.3 CardOS version 4.2B is supported!
The OpenSC cardos-info command still gives
but you can access the token using the opensc-explorer and pkcs15-* commands.
However....
it seems you can either use an eToken using the OpenSC software or (XOR) use Aladdin's proprietary software, that is, information stored on an eToken using the OpenSC is not visible to the Aladdin software and vice versa. Also, as the OpenSC software has no notion of 'FIPS compliant' it will (probably) not be possible to put the eToken in FIPS-compliant mode.
Thus, we stick with Aladdin's eToken software and our mixed set of utilities for now...
Note Currently you can only initialize your eToken on the Windows platform. It will not work on Linux, especially changing the SOPIN is not working. This is most likely due to missing functionality in the Linux Aladdin RTE software.
To initialize your eToken for the first time you can use either the Windows client software (Start->Programs->eToken->eToken Properties) or you can use pkcs11-tool :
where Your_New_SO_PIN is the new Security Officer Password. You will be prompted for the existing SOPIN (through a pop window). The default value for the SOPIN is '1234567890'After typing in the correct (old) SOPIN you will see a message like this:
You can now use
to view the status of your eToken:
As you can see it remains in the status 'uninitialized' but it is ready for use.
After initializing or reformatting your eToken you must initialize the user password ('PIN') before you can store any data on it. Initializing the user PIN can be done on both Windows and Linux.
Note
On Windows
On Linux
The user PIN is initialized using
Please choose your user PIN carefully. It must be between 6 to 12 characters long. If your PIN is more than 12 characters then you will not be able to access your eToken using openssl commands , nor will you be able to generate grid proxies using your eToken!
A very easy method for importing (or removing) keys in your eToken is to add the eToken as a Security Device in Firefox.
This is explained in Using an Aladdin eToken with firefox.
Now that you have initialized your eToken you can either generate a new certificate/private key pair on the eToken itself (very secure!) or you can load your existing grid certificate onto the eToken.
This is explained in Storing your grid certificate on an Aladdin eToken.
It is also possible to generate a grid proxy using the eToken.
This is explained in Using an Aladdin eToken PRO to generate grid proxies.
Sun's Java SDK has pretty good support for external PKCS11 libraries. Seehttp://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html for details.
To use your eToken create a configuration file, e.g. /tmp/java-pkcs11.cfg:
Now you can use the Java keytool to access your eToken:
To avoid having to type
you can statically configure the java.security file: add a line
to the $JAVA_HOME/jre/lib/security/java.security file and now you can use
to get the same output as before.