Mount Aladdin eToken in Firefox on Archlinux
Jul 12, 2019
- Arch Linux
- Cyber Security
- Smart card
Never miss our publications about Open Source, big data and distributed systems, low frequency of one email every two months.
Given you’re on Archlinux and have an Aladdin eToken, let’s see how we can mount it in Firefox for web authentication.
An Aladdin eToken is a cryptographic device (token, smart card) that stores digital certificate and keys. It can be used to authenticate a given profile on company access portals. I found a lot of articles on how to set it up on Ubuntu. Unfortunately, the steps are different for my Archlinux machine, so here it goes.
First, you’ll need to install the following packages with your preferred package manager:
- Opensc - Smart card tools and libraries
- Openct - Driver implementations for smart cards
- SAC-core - Safenet Authentication Client for Alladin eToken core package
yay -S opensc openct sac-core
Once you’re done, you need to activate the pcscd service:
sudo systemctl enable pcscd.service sudo systemctl start pcscd.service
With this you should be able to detect the token, plug it and run the following command:
If your token is detected you should get this output:
# Detected readers (pcsc) Nr. Card Features Name 0 Yes [eToken name]
Now let’s move on to Firefox: we are going to manually load the PKCS11 library installed with the opensc and openct packages.
Start the browser (the token needs to be inserted before starting Firefox, otherwise it will crash) and follow these steps:
- Open the Firefox preferences dialog
- Choose “Privacy and Security” > “Certificates > “Security Devices”
- Choose “Load”
- Enter a name for the security module, such as “Local PKCS#11”
- Choose “Browse…” and load “/usr/lib/libeTPkcs11.so”
Now the module is loaded and Firefox should detect your eToken.
You can open it by going back to the security devices preference section, select the line of your eToken below the module you just loaded, and click on “Log in”. Firefox will ask you for the password and you’re all done. The eToken’s certificate will appear in the list to choose when authenticating.