A few folks have asked me about using the eToken on Intel-based Mac running Mac OS X 10.5 (Leopard), so I thought I'd write down what I know.


Remove Driver Version 4.5

If you installed version 4.5 of the driver before reading the place on the PDC website where it says it supports Mac OS X 10.4 and earlier, you've got a mess to clean up.

The 4.5 uninstaller doesn't uninstall everything, and the 4.55 driver isn't happy about it. The 4.5 uninstall leaves a bunch of junk in the following locations:

  • /usr/local/Contents
  • /usr/local/lib
  • /usr/local/sbin

A stock Leopard install doesn't even have a /usr/local so it should be pretty easy to identify etoken stuff to trash. Alternatively, you could simply rename all of the above directories to get them out of the way until you're sure you won't be deleting anything crucial.

Install Firefox

The Safari browser isn't supported, yet, so you'll need Firefox. Download Firefox at http://www.mozilla.com/en-US/firefox. Other Mozilla derivatives may work, too, but I haven't tried them.

Install the eToken Driver


Configure Firefox

  1. Import certificates for VT Root CA, VT Server CA, and VT User CA. All of these are available from www.pki.vt.edu under the System Administration menu.
    1. Download each of the certificates in PEM format to your desktop. The default save filename is cacert.pem; suggested names are vtrootca.pem, vtc1sca.pem, and vtuser.pem.
    2. Open Firefox Preferences
    3. Select the Advanced tab, Encryption tab, and click the View Certificates button.
    4. In the Certificate Manager dialog, select the Authorities tab. Use the Import button to import each of the CA certificates (vtrootca.pem, vtc1sca.pem, and vtuser.pem). Select the trust options so that the CA is trusted to identify web sites, authenticate signed email, and authenticate signed code.
  2. Plug in your token.
  3. Configure the device under Preferences.
    1. Select the Advanced tab, Encryption tab, and click the Security Devices button.
    2. Click the Load button
    3. Enter the module name as Aladdin PKCS#11, enter the module filename as /usr/local/lib/libeTPkcs11.dylib and click OK,
    4. If the token module loads correctly, you should soon see your name as retrieved from the token.

Perform a Test Signing

The PKI group has a page you can use to test the signing process at https://ash.eprov.seti.vt.edu/pdctest.

6 Comments

  1. Unknown User (eholohan)

    Mar 05, 2008

    I had some interesting browser issues after installing the 4.55 driver. I upgraded from Tiger to Leopard with 4.5 already installed, which of course was elegantly broken in Leopard. I wiped out my /usr/local/cruft, rebooted, and installed 4.55. I deleted the old Aladdin module and added the new one to Firefox, then did the test signing successfully.

    A few minutes later I started experiencing problems with the browser - many pages would simply refuse to load, and tcpdump/netstat showed that no connection attempts were even being made. Sometimes the tab bar would never appear though the browser believed multiple tabs were open. Uninstalling Aladdin and deleting the module from Firefox corrected the problem. I'll try to recreate it today.

  2. Unknown User (eholohan)

    Mar 07, 2008

    Reinstalled today, encountered same problem.

    After rebooting the system, my Firefox history was wiped out (despite being set to save for 9 days), and I experienced the same "pages never load" problem. Removing the PKI security object from the browser seems to fix it.

  3. Brian Early

    Mar 08, 2008

    I had nearly identical problems. Pages wouldn't load. When a page did manage to load, often the Javascript would only be partially "there", form submits wouldn't work, and even links wouldn't function. Uninstalling took care of it. I guess we see now why it's an unsupported beta. (smile)

  4. Carl E Harris Jr

    Sep 03, 2009

    The 4.55 RTE seems to work with Snow Leopard, but it didn't migrate cleanly during the install – had to reinstall it. Firef*x, as usual, was in some less-than-useable state – removed ~/Library/Caches/Firefox and ~/Library/Application Support/Firefox, reimported the CA certs, reconfigured the token module, and everything was happy. Or, at least, as happy as one can be using the eBroken and Firef*x on a Mac.

  5. Unknown User (eholohan)

    Sep 03, 2009

    I didn't use the migration utility, I simply upgraded from the latest release of Leopard to the full Snow Leopard release. However, the RTE would not recognize my token after the upgrade. I uninstalled, then reinstalled 4.55, and my token was recognized and a test-signing was successful.

    I'll note that after the upgrade, all my CA certificates and user profile information was retained intact and Firefox has been completely stable.

    I have not yet tested the situation described above, where the token is removed but the module left in Firefox results in erratic Firefox behavior, but I would assume it continues. I'll update whenever it fails for me (smile)

  6. Unknown User (eholohan)

    Sep 04, 2009

    Confirmed - Leaving the "dylib" module in Firefox and removing the eToken from Mac Snow Leopard with driver 4.55 results in the same "stuff never loads" problem in Firefox. Deleting the module resolves the issue.