HID Crescendo Mac OSX User Manual

15370 Barranca Parkway Irvine, CA 92618 USA
MAC OS X
INTEGRATION GUIDE
47A3-904_A.0
C700
March 23, 2009
Crescendo Integration Guide
MAC OS X 47A3-904, A.0

Contents

About this Guide..........................................................................................................................................3
Purpose ............................................................................................................................................3
Audience...........................................................................................................................................3
1 Introduction.....................................................................................................................................4
1.1 Apple Keychain Services.....................................................................................................4
1.2 TokenLounge.......................................................................................................................4
2 Tested Configurations ...................................................................................................................5
2.1 TokenLounge version ..........................................................................................................5
2.2 SafeSign Identity Client version ..........................................................................................5
2.3 Operating System................................................................................................................5
2.4 Tokens.................................................................................................................................5
2.5 Smart Card Readers............................................................................................................5
2.6 Applications .........................................................................................................................6
3 TokenLounge Functionality...........................................................................................................6
3.1 Keychain Access .................................................................................................................6
3.2 Safari ...................................................................................................................................7
3.3 Mail ......................................................................................................................................8
3.4 VPN .....................................................................................................................................8
3.5 Logon...................................................................................................................................9
4 Installation.....................................................................................................................................10
4.1 Installation Process ...........................................................................................................10
4.2 Verify Installation ...............................................................................................................14
5 Known Issues................................................................................................................................14
List of Figures
Figure 1: Tokend packages: SafeSign.tokend ..............................................................................................4
Figure 2: Keychain Access: Hardware token inserted...................................................................................6
Figure 3: Enter the Keychain password: SafeSign IC Token keychain.........................................................6
Figure 4: Access Control settings..................................................................................................................7
Figure 5: Enter the keychain password: Safari..............................................................................................7
Figure 6: Enter the keychain password: Mail ................................................................................................8
Figure 7: Enter the keychain password: VPN (pppd) ....................................................................................8
Figure 8: TokenLounge .................................................................................................................................9
Figure 9: TokenLounge: User linked to an identity........................................................................................9
Figure 10: Install TokenLounge: Welcome to the TokenLounge Installer...................................................10
Figure 11: Install TokenLounge: Software License Agreement ..................................................................11
Figure 12: Software License Agreement: Agree to the terms .....................................................................11
Figure 13: Install TokenLounge: Select a Destination.................................................................................12
Figure 14: Install TokenLounge: Standard Install........................................................................................12
Figure 15: Install: Authenticate ....................................................................................................................13
Figure 16: Install TokenLounge: Installation completed successfully .........................................................13
Figure 17: Applications: TokenLounge........................................................................................................14
Page 2 of 16 March 23, 2009
Crescendo Integration Guide
47A3-904, A.0 MAC OS X

About this Guide

The information contained in this document is provided “AS IS” without any warranty.
HID GLOBAL HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH REGARD TO THE INFORMATION CONTAINED HEREIN, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON­INFRINGEMENT.
IN NO EVENT SHALL HID GLOBAL BE LIABLE, WHETHER IN CONTRACT, TORT OR OTHERWISE FOR ANY INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING FROM USE OF INFORMATION CONTAINED IN THIS DOCUMENT.
Windows is a registered trademark of Microsoft Corporation in the United States and other countries

Purpose

This guide defines the features, supported configurations and installation progress of TokenLounge for MAC OS X 10.4 and 10.5.

Audience

This manual is specifically designed for users of MAC OS X, who wish to use their HID Crescendo™ C700 card to obtain strong authentication.
March 23, 2009 Page 3 of 16
Crescendo Integration Guide
MAC OS X 47A3-904, A.0

1 Introduction

1.1 Apple Keychain Services

Keychain Services provides secure storage of passwords, keys, certificates, and notes for one or more users. A user can unlock a keychain with a single password, and any Keychain Services– aware application can then use that keychain to store and retrieve passwords.
Using Keychain Services is the preferred means to work with hardware tokens on MAC OS X v10.4 and later. In order to do so, MAC OS X v10.4 and later implement the TokenD interface that allows smart card developers to make their cards appear to be key chains.
1.1.1 Use of PKCS #11
The use of PKCS #11 is not in all cases or applications possible, because:
Apple® does not provide any integration for PKCS#11 based applications.
PKCS #11 requires the user to specify a PKCS #11 library to be dynamically loaded for the token in question. For example, in order to be able to use a token supported by SafeSign Identity Client in Mozilla Navigator, you need to install the SafeSign IC PKCS #11 Library as a security device in Mozilla (and for every other application you want to use a SafeSign IC token with).
1.1.2 TokenD
TokenD is a component added to the security architecture from MAC OS X 10.4 (Tiger) onwards, to handle hardware tokens. It is used to handle hardware tokens and an OpenDarwin project is available to let anyone define (program) their own TokenD.

1.2 TokenLounge

TokenLounge is the TokenD implementation for the MAC OS X Keychain.
It can be found (like any other TokenD implementations) in: System/Library/Security/Tokend:
Figure 1: Tokend packages: SafeSign.tokend
Page 4 of 16 March 23, 2009
Crescendo Integration Guide
47A3-904, A.0 MAC OS X

2 Tested Configurations

TokenLounge was tested with the SafeSign Identity Client version, smart cards, USB tokens, smart card readers, applications and Macintosh environments listed.
Note: TokenLounge is designed to support an extensive range of tokens (for example, those tokens supported by SafeSign Identity Client), only a specific number of token / reader (combinations) have been tested with MAC OS X, as a part of Quality Assurance procedures.

2.1 TokenLounge version

The TokenLounge is version number 1.0.1.

2.2 SafeSign Identity Client version

TokenLounge has been tested to work with SafeSign Identity Client Standard version 3.0 for MAC OS X. The version numbers of the components installed by SafeSign Identity Client Standard version 3.0 for MAC OS X, release 3.0, are:
Description File name File version
Java Card Handling Library libaetjcss.dylib 3.0.1737
PKCS #11 Cryptoki Library libaetpkss.dylib 3.0.1737
Token Administration Utility tokenadmin 3.0.0
This information can also be found in the Version Information dialog of the Token Administration Utility.

2.3 Operating System

TokenLounge comes in a single installer for the following environments:
MAC OS X 10.4 (Tiger) running on PPC/Intel
MAC OS X 10.5 (Leopard) running on PPC/Intel

2.4 Tokens

TokenLounge supports the following tokens through its integration of SafeSign Identity Client Standard version 3.0 for MAC OS X (PKCS #11 Library):
HID Crescendo C700

2.5 Smart Card Readers

TokenLounge supports the following smart card readers and USB tokens:
OMNIKEY Desktop USB 3121 (using the native CCID MAC OS X driver which is part of the operating system);
March 23, 2009 Page 5 of 16
Loading...
+ 11 hidden pages