HID Crescendo Mac OSX User Manual
15370 Barranca Parkway
Irvine, CA 92618
USA
MAC OS X
INTEGRATION GUIDE
© 2009 HID Global Corporation. All rights reserved.
47A3-904_A.0
C700
March 23, 2009
Crescendo Integration Guide
MAC OS X 47A3-904, A.0
Contents
About this Guide..........................................................................................................................................3
Purpose ............................................................................................................................................3
Audience...........................................................................................................................................3
1 Introduction.....................................................................................................................................4
1.1 Apple Keychain Services.....................................................................................................4
1.2 TokenLounge.......................................................................................................................4
2 Tested Configurations ...................................................................................................................5
2.1 TokenLounge version ..........................................................................................................5
2.2 SafeSign Identity Client version ..........................................................................................5
2.3 Operating System................................................................................................................5
2.4 Tokens.................................................................................................................................5
2.5 Smart Card Readers............................................................................................................5
2.6 Applications .........................................................................................................................6
3 TokenLounge Functionality...........................................................................................................6
3.1 Keychain Access .................................................................................................................6
3.2 Safari ...................................................................................................................................7
3.3 Mail ......................................................................................................................................8
3.4 VPN .....................................................................................................................................8
3.5 Logon...................................................................................................................................9
4 Installation.....................................................................................................................................10
4.1 Installation Process ...........................................................................................................10
4.2 Verify Installation ...............................................................................................................14
5 Known Issues................................................................................................................................14
List of Figures
Figure 1: Tokend packages: SafeSign.tokend ..............................................................................................4
Figure 2: Keychain Access: Hardware token inserted...................................................................................6
Figure 3: Enter the Keychain password: SafeSign IC Token keychain.........................................................6
Figure 4: Access Control settings..................................................................................................................7
Figure 5: Enter the keychain password: Safari..............................................................................................7
Figure 6: Enter the keychain password: Mail ................................................................................................8
Figure 7: Enter the keychain password: VPN (pppd) ....................................................................................8
Figure 8: TokenLounge .................................................................................................................................9
Figure 9: TokenLounge: User linked to an identity........................................................................................9
Figure 10: Install TokenLounge: Welcome to the TokenLounge Installer...................................................10
Figure 11: Install TokenLounge: Software License Agreement ..................................................................11
Figure 12: Software License Agreement: Agree to the terms .....................................................................11
Figure 13: Install TokenLounge: Select a Destination.................................................................................12
Figure 14: Install TokenLounge: Standard Install........................................................................................12
Figure 15: Install: Authenticate ....................................................................................................................13
Figure 16: Install TokenLounge: Installation completed successfully .........................................................13
Figure 17: Applications: TokenLounge........................................................................................................14
Page 2 of 16 March 23, 2009
Crescendo Integration Guide
47A3-904, A.0 MAC OS X
About this Guide
The information contained in this document is provided “AS IS” without any warranty.
HID GLOBAL HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH REGARD TO
THE INFORMATION CONTAINED HEREIN, INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT.
IN NO EVENT SHALL HID GLOBAL BE LIABLE, WHETHER IN CONTRACT, TORT OR
OTHERWISE FOR ANY INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING
FROM USE OF INFORMATION CONTAINED IN THIS DOCUMENT.
Windows is a registered trademark of Microsoft Corporation in the United States and other countries
Purpose
This guide defines the features, supported configurations and installation progress of TokenLounge
for MAC OS X 10.4 and 10.5.
Audience
This manual is specifically designed for users of MAC OS X, who wish to use their HID
Crescendo™ C700 card to obtain strong authentication.
March 23, 2009 Page 3 of 16
Crescendo Integration Guide
MAC OS X 47A3-904, A.0
1 Introduction
1.1 Apple Keychain Services
Keychain Services provides secure storage of passwords, keys, certificates, and notes for one or
more users. A user can unlock a keychain with a single password, and any Keychain Services–
aware application can then use that keychain to store and retrieve passwords.
Using Keychain Services is the preferred means to work with hardware tokens on MAC OS X v10.4
and later. In order to do so, MAC OS X v10.4 and later implement the TokenD interface that allows
smart card developers to make their cards appear to be key chains.
1.1.1 Use of PKCS #11
The use of PKCS #11 is not in all cases or applications possible, because:
Apple® does not provide any integration for PKCS#11 based applications.
PKCS #11 requires the user to specify a PKCS #11 library to be dynamically loaded for the token in
question. For example, in order to be able to use a token supported by SafeSign Identity Client in
Mozilla Navigator, you need to install the SafeSign IC PKCS #11 Library as a security device in
Mozilla (and for every other application you want to use a SafeSign IC token with).
1.1.2 TokenD
TokenD is a component added to the security architecture from MAC OS X 10.4 (Tiger) onwards, to
handle hardware tokens. It is used to handle hardware tokens and an OpenDarwin project is
available to let anyone define (program) their own TokenD.
1.2 TokenLounge
TokenLounge is the TokenD implementation for the MAC OS X Keychain.
It can be found (like any other TokenD implementations) in: System/Library/Security/Tokend:
Figure 1: Tokend packages: SafeSign.tokend
Page 4 of 16 March 23, 2009
Crescendo Integration Guide
47A3-904, A.0 MAC OS X
2 Tested Configurations
TokenLounge was tested with the SafeSign Identity Client version, smart cards, USB tokens, smart
card readers, applications and Macintosh environments listed.
Note: TokenLounge is designed to support an extensive range of tokens (for example, those tokens
supported by SafeSign Identity Client), only a specific number of token / reader (combinations) have
been tested with MAC OS X, as a part of Quality Assurance procedures.
2.1 TokenLounge version
The TokenLounge is version number 1.0.1.
2.2 SafeSign Identity Client version
TokenLounge has been tested to work with SafeSign Identity Client Standard version 3.0 for MAC
OS X. The version numbers of the components installed by SafeSign Identity Client Standard
version 3.0 for MAC OS X, release 3.0, are:
Description File name File version
Java Card Handling Library libaetjcss.dylib 3.0.1737
PKCS #11 Cryptoki Library libaetpkss.dylib 3.0.1737
Token Administration Utility tokenadmin 3.0.0
This information can also be found in the Version Information dialog of the Token Administration
Utility.
2.3 Operating System
TokenLounge comes in a single installer for the following environments:
• MAC OS X 10.4 (Tiger) running on PPC/Intel
• MAC OS X 10.5 (Leopard) running on PPC/Intel
2.4 Tokens
TokenLounge supports the following tokens through its integration of SafeSign Identity Client
Standard version 3.0 for MAC OS X (PKCS #11 Library):
HID Crescendo C700
2.5 Smart Card Readers
TokenLounge supports the following smart card readers and USB tokens:
• OMNIKEY Desktop USB 3121 (using the native CCID MAC OS X driver which is part of the
operating system);
March 23, 2009 Page 5 of 16
Loading...