Aladdin eToken Java 72K / Athena OS755

Hello everyone. Accordingly to the Aladdin software, this token's operating system is "OS755" (which I assume is Athena OS755) and the hardware version is 4.29.
I've been trying to determine if its possible to load custom Java applets on it; the Aladdin and Athena websites are not very clear regarding this matter. I've tried using google and searching this forum, but couldn't find many information regarding this OS and/or hardware.
I've also tried using GPShell to list the contents of the card, but I can't even find the correct keys to establish a secure channel with it:
mode_211
enable_trace
establish_context
card_connect
* reader name Aladdin Token JC 0
select -AID A0000001510000 // I've found the correct AID searching this forum!
Command --> 00A4040007A0000001510000
Wrapped command --> 00A4040007A0000001510000
Response <-- 6F0F8407A0000001510000A5049F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 663F733D06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040105660C060A2B060104012A026E01029000
Command --> 805000000829D23B1DB292DDA600
Wrapped command --> 805000000829D23B1DB292DDA600
Response <-- 000007520012095226420101C2DCB8F2268621674359E81DEAB29B429000
mutual_authentication() returns 0x80302000 (The verification of the card cryptogram failed.)Has anyone had any success developing an applet for this token?
Can someone give me some pointers to documentation (e.g. correct AID, keys, etc.), SDK, people to contact?
Best regards,
Jo�o

Hi,
I had faced that kind of problem ... but now i tried to place the card correctly on the reader (correct position and wait until it reads ..)
im able to list applet .. but when i tried to install an applet using helloinstall.txt script i m getting error....
D:\SmartCardTools\GPShell-1.4.2\GPShell-1.4.2>gpshell list.txt
mode_201
enable_trace
establish_context
card_connect
* reader name SCM Microsystems Inc. SDI010 Contactless Reader 0
select -AID a0000000030000
Command --> 00A4040007A0000000030000
Wrapped command --> 00A4040007A0000000030000
Response <-- 6F198408A000000003000000A50D9F6E0640513085301A9F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
Command --> 8050000008964AAC938A1ABD1800
Wrapped command --> 8050000008964AAC938A1ABD1800
Response <-- 00008088000000020000FF01D213C99E2BACF178FC435C9299F3D6109000
Command --> 8482010010FC73D91F3AECA4F9E9B906B878B258CE
Wrapped command --> 8482010010FC73D91F3AECA4F9E9B906B878B258CE
Response <-- 9000
get_status -element e0
Command --> 80F2E000024F0000
Wrapped command --> 84F2E0000A4F002390D126C6A39EB900
Response <-- 08A000000003000000019E0845726963204C6972070407A0000000620001010007A
0000000620101010007A0000000620102010007A0000000620201010007A00000000300000100066
565667265650100066D6966617265010005457269632001009000
OP201_get_status() returned 10 items
List of applets (AID state privileges)
a000000003000000 1 9e
45726963204c6972 7 4
a0000000620001 1 0
a0000000620101 1 0
a0000000620102 1 0
a0000000620201 1 0
a0000000030000 1 0
656566726565 1 0
6d6966617265 1 0
4572696320 1 0
card_disconnect
release_context
===============
error while installing
================
D:\SmartCardTools\GPShell-1.4.2\GPShell-1.4.2>gpshell helloinstall.txt
mode_201
enable_trace
establish_context
card_connect -readerNumber 1
* reader name SCM Microsystems Inc. SDI010 Contactless Reader 0
select -AID a0000000030000
Command --> 00A4040007A0000000030000
Wrapped command --> 00A4040007A0000000030000
Response <-- 6F198408A000000003000000A50D9F6E0640513085301A9F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
Command --> 8050000008E9213A7F29208AFC00
Wrapped command --> 8050000008E9213A7F29208AFC00
Response <-- 00008088000000020000FF017068B6F8042BB1DAE9AD01315B7409039000
Command --> 8482010010998D4736D0B309796D278AE809832338
Wrapped command --> 8482010010998D4736D0B309796D278AE809832338
Response <-- 9000
install -file HelloWorld.cap.transf -sdAID 00 -nvDataLimit 4096 -instParam 00 -p
riv 2
file name HelloWorld.cap.transf
Command --> 80E602001909A00000006203010C010100000AEF08C60201A8C80210000000
Wrapped command --> 84E602002109A00000006203010C010100000AEF08C60201A8C802100000
4E2C51590800D89F00
Response <-- 6A80
install_for_load() returns 0x80206A80 (6A80: Wrong data / Incorrect values in co
mmand data.)
any idea ????

Similar Messages

  • Aladdin etoken exception on windows 7

    I have an applet that I use for signing. I also use aladdin etoken smartcard or usb. It works perfectly on windows 2000, xp but in windows 7 i get the following exception:
    The code where i load the etoken dll is the following:
    PKCS11Provider = new sun.security.pkcs11.SunPKCS11(new ByteArrayInputStream(generatePKCS11ConfigFile().getBytes()));     
    String eIDProviderName = PKCS11Provider.getName();
    Security.addProvider(PKCS11Provider);
    // load eID card (keystore)
    //you don't need yet to provide a password (You might use only the public key from it)
    //If you try to use the private key, a window asking for the pin will popup
    char[] pin = "".toCharArray();
    KeyStore.ProtectionParameter pp = new KeyStore.PasswordProtection(pin);
    CallbackHandler cmdLineHdlr = new com.sun.security.auth.callback.DialogCallbackHandler();
    KeyStore.Builder builder = KeyStore.Builder.newInstance(
                                                         "PKCS11",
                                                         PKCS11Provider,
                                                         new KeyStore.CallbackHandlerProtection(cmdLineHdlr));
    keyStore = builder.getKeyStore();        *///in this line the exception is thrown*
    keyStore.load(null, pin);
    protected String generatePKCS11ConfigFile(){
              System.out.println("in generatePKCS11ConfigFile");
              String os = System.getProperty("os.name");
              System.out.println("os: "+os);
              if(os.contains("Windows")) {
                   if(os.contains("Windows 9"))
                        configDir = System.getenv("WinDir");
                   else
                        configDir = System.getenv("SystemRoot");
              String content = "name=eToken"+"\n"+"library="+configDir+"\\system32\\eTPKCS11.dll";
              System.out.println("content: "+content);
              return content;
    stacktrace
    config dir: C:\Windows
    content: name=eToken
    library=C:\Windows\system32\eTPKCS11.dll
    getting the builder instance: java.security.KeyStore$Builder$2@5dfaf1
    java.security.KeyStoreException: KeyStore instantiation failed
    at java.security.KeyStore$Builder$2.getKeyStore(Unknown Source)
    at EtenderingSigner.loadKeyStoreFromSmartCard(EtenderingSigner.java:168)
    at EtenderingSigner$LoadeIDButtonListener.actionPerformed(EtenderingSigner.java:872)
    at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
    at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
    at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
    at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
    at java.awt.Component.processMouseEvent(Unknown Source)
    at javax.swing.JComponent.processMouseEvent(Unknown Source)
    at java.awt.Component.processEvent(Unknown Source)
    at java.awt.Container.processEvent(Unknown Source)
    at java.awt.Component.dispatchEventImpl(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
    at java.awt.EventQueue.access$000(Unknown Source)
    at java.awt.EventQueue$1.run(Unknown Source)
    at java.awt.EventQueue$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
    at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
    at java.awt.EventQueue$2.run(Unknown Source)
    at java.awt.EventQueue$2.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
    at java.awt.EventQueue.dispatchEvent(Unknown Source)
    at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.run(Unknown Source)
    Caused by: java.security.KeyStoreException: PKCS11 not found
    at java.security.KeyStore.getInstance(Unknown Source)
    at java.security.KeyStore$Builder$2$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    ... 39 more
    Caused by: java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-eToken
    at sun.security.jca.GetInstance.getService(Unknown Source)
    at sun.security.jca.GetInstance.getInstance(Unknown Source)
    at java.security.Security.getImpl(Unknown Source)
    ... 42 more
    java.lang.NullPointerException
    at EtenderingSigner.getPrivateKeyAndCertChain(EtenderingSigner.java:199)
    at EtenderingSigner.showEIDCertificateDetails(EtenderingSigner.java:423)
    at EtenderingSigner$LoadeIDButtonListener.actionPerformed(EtenderingSigner.java:873)
    at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
    at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
    at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
    at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
    at java.awt.Component.processMouseEvent(Unknown Source)
    at javax.swing.JComponent.processMouseEvent(Unknown Source)
    at java.awt.Component.processEvent(Unknown Source)
    at java.awt.Container.processEvent(Unknown Source)
    at java.awt.Component.dispatchEventImpl(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
    at java.awt.EventQueue.access$000(Unknown Source)
    at java.awt.EventQueue$1.run(Unknown Source)
    at java.awt.EventQueue$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
    at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
    at java.awt.EventQueue$2.run(Unknown Source)
    at java.awt.EventQueue$2.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
    at java.awt.EventQueue.dispatchEvent(Unknown Source)
    at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.run(Unknown Source)
    Edited by: sabre150 on 18-May-2011 03:59
    Added code tags to aid readability of source code.

    Hi,
    Exactly using:
    Windows 7, x64
    jdk1.6.0_23
    eToken PKI Client 5.1 SP1
    eToken PRO Java 72k OS755
    iText 5.1.1
    Everything works. Succeded to create pdf, sign once, sign multiple times, sign with external [in this case with eToken PRO Java 72k OS755], verify.
    BUT.
    Everything works only when I run project with this VM parameter: -Djava.security.debug=sunpkcs11, otherwise I get this annoying same error: java.security.KeyStoreException: PKCS11 not found
    Btw, I am running all this code from applet. So, launching from Idea and using appletviewer is fine, but running from web browser becomes impossible, because I can't set this VM parameter from applet :[
    Would be nice to make it working one day :]

  • Aladdin eToken Pro compatability with Windows on iMac (bootcamp)

    I am in the process of buying a computer for my home office. I am a technical writer documenting maritime chart systems, and therefore I have to run Win 7/8 for the chart system.  The chart system uses Aladdin eToken Pro (Java 72k) for licensing purposes, and before I buy I need to know whether it is compatible with an iMac running Windows.
    I will be using bootcamp for Windows 7/8, and the iMac I'm looking at is the 2014 base 27" non-retina.
    I have investigated this with the chart provider that requires the use of eToken, and they have no idea if there are any bumps in the road.
    Looking forward to any insight you could offer me.

    If you look closely you see that EFI64 (UEFI 2.x) is the demarcation line of 2008 between support or not is EFI firmware.
    2006-7 and you get the EFI menu prompt with 64-bit Vista and 7. Mac Pro and others pre-2008. Apple's idea of supported or not may not be ours. If you want to troubleshoot yourself.
    BC 3.0 - built during the summer, before Windows Oct 22nd, buggy, and rushed. Often due to the HFS read feature, just rename "AppleHFS.sys" to something else is often enough. Not sure why your system is having trouble without knowing more.

  • Using Aladdin eToken Pro for logon to Mac OSX

    Hello forum,
    actually we are working/using aladdin etoken pro to authenticate to our windows clients by storing username and password (no certificate) to this token-devcie.
    Now we are offering macbooks as well and the global aim is to logon to mac osx also with aladdin etoken pro 32/64 K.
    Has anyone experiences in these topic ?
    any help appreciated for helping me getting the aladdin etoken pro up and running for logon at our macbooks.
    Thanks in advance
    Cheers,
    Marco

    You aren't the IT/security guy, are you?
    Have you looked at the documentation or website for Aladdin eToken?
    -> New Aladdin eToken PKI Client Releases Offer Full Support for Windows Vista, Intel Mac, Mac Keychain and Linux - Aladdin Reinforces Commitment to Providing Multi-Platform Support for PKI Solutions
    Looks like they have supported Macs for a few years now.

  • Installing Aladdin etoken Pro

    Hello,
    I have 64 bit archLinux install.
    I am trying to install Aladdin etoken Pro drivers on the archlinux. I have installed pkiclient 5.00.28-1 (https://aur.archlinux.org/packages/pkiclient/ ), wherein I modified the PKGBUILD to install from 64 bit.
    Then I got error about missing file on - libpcsclite.so.1
    I added lib32-pcsclite, but then got further errors.
    After this I was able to install pkiclient package. However when I run etProps, I get following errors
    $ etProps
    etProps: error while loading shared libraries: libusb-0.1.so.4: cannot open shared object file: No such file or directory
    $ etProps
    etProps: error while loading shared libraries: libhal.so.1: cannot open shared object file: No such file or directory
    I am following a dependency chain down but then got struck at lib32-hal , which just wouldn't compile.
    What is the best way to get Aladdin etoken Pro installed and  working? What are the commands to use the pkiclient?
    If i run following command I get an error:
    $ sudo openct-tool list
    Error: can't open /var/run/openct/status: No such file or directory
    Error: can't open /var/run/openct/status: No such file or directory
    Error: can't open /var/run/openct/status: No such file or directory
    Error: can't open /var/run/openct/status: No such file or directory
    Error: can't open /var/run/openct/status: No such file or directory
    Error: can't open /var/run/openct/status: No such file or directory
    Last edited by jethar (2014-06-01 20:39:05)

    You aren't the IT/security guy, are you?
    Have you looked at the documentation or website for Aladdin eToken?
    -> New Aladdin eToken PKI Client Releases Offer Full Support for Windows Vista, Intel Mac, Mac Keychain and Linux - Aladdin Reinforces Commitment to Providing Multi-Platform Support for PKI Solutions
    Looks like they have supported Macs for a few years now.

  • Aladdin eToken using the Web browsing with Firefox. Firefox often asked to enter a password eToken. How to turn off the continuous requests?

    Aladdin eToken using the Web browsing with Firefox. Firefox often asked to enter a password eToken. How to turn off the continuous requests

    I have found a solution.
    For all they wont use a etoken to surf.
    Go to extras, options then extendet and go to cryptographic module and unload the etoken. To unload the etoken you must selekt etoken not the name of the token.
    i have translate the menu names from german to english.

  • Windows 8 Pro 64bit, Aladdin eToken Pro, CISCO VPN-Client 5.0.07.0440 - Responding : Reason 403: Unable to contact the security gateway...

    Windows 8 Pro 64bit, eToken (Aladdin with newest Safenet etoken-Client V 8.2.85.0) Pro (V.with Cisco Systems VPN Client Version 5.0.07.0440 -> VPN Error-Log :
    VPN-Client Responding : Reason 403: Unable to contact the security gateway...
    (Detailled VPN-Error-Log see attached)
    Thanks in advance for any ideas or solution, its getting urgent !!

    First, try TheGreenBow's online troubleshooter. If that doesn't work, you can try their general support or simply contact them directly.

  • How to get information about an eToken

    Is there a way to obtain information about an Aladdin eToken from Java? I am interested to find out the Maximum Number of Password Retries for an eToken inserted in the USB. I am using the BouncyCastle provider. I saw that you can use the PKCS#11 functions C_GetSlotInfo and C_GetInfo from the class sun.security.pkcs11.wrapper.PKCS11 but I cannot find any connection to the Bouncy Castle provider. Thank you.

    hi, you can use the sys_context function, like this:
    select sys_context('userenv','current_user'),
         sys_context('userenv','os_user'),
         sys_context('userenv','host'),
         sys_context('userenv','ip_address'),
         sys_context('userenv','instance'),
         sys_context('userenv','sessionid'),
         sys_context('userenv','terminal')
    from dual;
    Is this what you 're looking for?

  • PKCS#11 - eToken Device problem

    Dear All,
    I have an urgent problem I have Aladdin eToken Pro USB device and I need to generate private key on it, I was able to load the KeyStore using the pkcs#11 dll file and I was able to generate private and public key from the KeyPairGenerator , but I don't have any Idea on how to store the private key on the Aladdin eToken device ... here is the code which I have used please help me
                    String configName = "C:\\eTokenConfig.cfg";
              Provider p = new sun.security.pkcs11.SunPKCS11(configName);
              Security.addProvider(p);
              // Read the keystore form the smart card
              char[] pin = { '1', '2', '3', 'q', 'w', 'e'};
              KeyStore keyStore = KeyStore.getInstance("PKCS11",p);
              keyStore.load(null, pin);
              System.out.println(keyStore.size());
              //generate keys
              KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA",p);
              KeyPair pair = kpg.generateKeyPair();
              PrivateKey privateKey = pair.getPrivate();
              PublicKey publicKey = pair.getPublic();

    It is possible that the PKCS11 configuration file that maps the JCE to the P11 library from Aladdin is incorrect. Have you contacted your vendor's support group and asked them for a sample configuration file that works?
    One way to (partially) test the JCE-PKCS11 bridge for the eToken is to generate a key-pair and a self-signed certificate using the Mozilla tools (which can use the P11 library from Aladdin directly) (download from http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html). After you've verified that the keys (and certificate) are on the token (using certutil or Firefox), then use your JCE software to read the keys/certificate. If your bridge configuration is correct, you should be able to read and use all objects (PrivateKey, PublicKey and Certificate). After you've verified that this part works, then go back to testing key-generation through your JCE module.
    No, you can't just save the keys by themselves using the JCE. The KeyStore API allows for saving only a PrivateKey, SecretKey and a Certificate chain using the setEntry, setKeyEntry or setCertificateEntry methods. You will have to create an empty certificate, at a minimum, to store the PublicKey of your key-pair.
    Here is some sample code that does this for a Utimaco Hardware Security Module (HSM) in combination with the BouncyCastle JCE Provider (BC has a CertificateGenerator that makes this task easy):
        // Create BC CerttificateGenerator instance
        X509V3CertificateGenerator certgen = new X509V3CertificateGenerator();
        // Add required certificate values
        certgen.setSerialNumber(new BigInteger("123"));
        certgen.setIssuerDN(new X500Principal("CN=TEST"));
        certgen.setSubjectDN(new X500Principal("CN=TEST"));
        certgen.setNotBefore(new Date(System.currentTimeMillis()));                        
        certgen.setNotAfter(new Date(System.currentTimeMillis() + (10*86400000)));
        certgen.setPublicKey(pubkey);                                                
        certgen.setSignatureAlgorithm("SHA256withRSA");
        // Generate certificate
        X509Certificate cert = certgen.generate(keypair.getPrivate(), provider.getName());
        System.out.println("===> Generated X509 Certificate.");
        // Store certificate
        ks.setKeyEntry(keyalias, keypair.getPrivate(), null, ((CryptoServerProvider)provider).getDumyCertificateChain());
        ks.setCertificateEntry(certalias, cert);
        System.out.println("===> All objects saved OK.");The setKeyEntry() method for your provider is sure to be different. Note that with this HSM, the keys are automatically persisted in the token when they are generated through the KeyPairGenerator. That's why you don't see any code for storing the key-pair in this sample.

  • EToken and vpnclient on linux

    Hello! Does Cisco vpnclient for linux support eToken?

    Using versions of the Aladdin Runtime Environment (RTE) on Windows NT and Windows 2000 can cause the following behavior. The login prompt that is posted by the Aladdin etoken when connecting the VPN Client can get hidden in the background. If this happens, the VPN connection can timeout and fail with the following event:

  • PKCS11 - Change Token

    Hy!
    I'm quite new to PKCS#11 and try to work with Keys on Aladdin eTokens. In the Java PKCS#11 Reference Guide (http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html) i found the following example and explanation:
    KeyStore ks = builder.getKeyStore();
    Key key = ks.get(alias, null);The builder will prompt for a password as needed using the previously configured callback handler. The builder will prompt for a password only for the initial access. If the user of the application continues using the same Smartcard, the user will not be prompted again. If the user removes and inserts a different SmartCard, the builder will prompt for a password for the new card.
    According to this explanation, I assumed that I could change the token while my programm is running. Here is the code for my test programm:
    String configName = "Pkcs11eToken.properties";
    Provider p = new sun.security.pkcs11.SunPKCS11(configName);
    Security.addProvider(p);
    KeyStore.Builder builder = KeyStore.Builder.newInstance("PKCS11", p, new KeyStore.CallbackHandlerProtection(new Pkcs11CallbackHandler()));
    KeyStore ks1 = builder.getKeyStore();
    Key key = ks1.getKey("alias", "password".toCharArray());
    System.out.println("Start sleeping");
    Thread.sleep(10000);
    System.out.println("Stopped sleeping");
    KeyStore ks2 = builder.getKeyStore();
    Key key2 = ks2.getKey("alias", "password".toCharArray());The entries in Pkcs11eToken.properties are:
    name = Aladdin
    library = C:\WINDOWS\system32\eTpkcs11.dllMy test programm works very well with one eToken. But when I remove the token while my programm sleeps and insert another one, I get the following exception:
    java.security.ProviderException: Token has been removedIsn't it the intention of using the builder and the callback function that I'm automatically prompted for the password for the new token?
    I would be very thankful if anybody could help me with this problem, because in my application I need to cope with removed and inserted tokens.
    thanks in advance
    Barbara

    I have the exact same problem!
    Did you ever find a sollution for this?
    Thank you very much

  • How can reload pkcs#11 (digital signature) ?

    Hi Iam working on DigitalSignature.
    Iam using Aladdin eToken pro32k
    Initially Iam able to load usb tokens through application and sign the pdf documents.
    1) Iam giving right password and able to do sign on pdf document through crypto usb token.
    After this i didn't disconnected my usb token and try to sign another pdf doc but at this time
    Iam giving wrong password(PIN) to usb token but it is going to sign successfully.
    Here is the code for load a usbtoken through application.
    // The cfg file contains name = GNFCeToken
    //library = c:\WINDOWS\system32\eTpkcs11.dll
    String configName = "C:/pkcs11.cfg";
    Provider provider = new sun.security.pkcs11.SunPKCS11(configName);
    Security.addProvider(provider);
    KeyStore keyStore = null;
    keyStore = KeyStore.getInstance("PKCS11",provider);
    keyStore.load(null,tokenPassword);
    provider = keyStore.getProvider();
    For signing a pdf doc second time I need to reload the usb token every time.
    So how can I reload usb token through programatically?
    Any replys will appriciate greatly.

    "Registering" the credentials is something that is vendor middleware specific. It has nothing to do with Java code. An example of a passing mention of it is on this page: http://www.bestoken.com/support.html - "But the main function for it is that it can detect plug/unplug of
    hardware, and automatically read the certificates in hardware and
    register it to certificate storage section of the system." Some middlewares can do it automatically if you enable the option, some you must do it manually all the time.
    Well, it looks like the MSCAPI support works a little smoother with software-based credentials. I wrote the following test:
    import java.security.KeyStore;
    import java.security.PrivateKey;
    import java.security.cert.X509Certificate;
    import java.util.Enumeration;
    public class CAPITest {
      public static void main(String[] args){
        try {
          KeyStore ks = KeyStore.getInstance("Windows-MY");
          ks.load(null, null) ;
          Enumeration en = ks.aliases() ;
          while (en.hasMoreElements()) {
            String alias = (String) en.nextElement();
            X509Certificate c = (X509Certificate) ks.getCertificate(alias);
            PrivateKey key = (PrivateKey) ks.getKey(alias, null);
            if (key != null) {
              System.out.println(c.getSubjectDN().getName() + " has private key");
            else {
              System.out.println(c.getSubjectDN().getName());
        } catch (Exception ex) {
          ex.printStackTrace();
    }When I ran it I got a listing of 9 certs, 4 having private keys. No password popups or anything. 3 of the certs were on a currently inserted smartcard. When I removed the smartcard and ran it again I got a dialog belonging to my middleware asking me to insert my smartcard but even after I did, the OK button was disabled and I couldn't proceed.
    You've mentioned eToken a few times. If that is the only hw token you are supporting then I would reccommend using the SunPKCS11 provider directly rather than letting Microsoft CAPI get in the way. Using the SunPKCS11 provider will sidestep the certificate registration issue.
    You mention " The problem i am facing is say a system is used by 1000 user with there own eToken" as a possible use situation. Is this some sort of kiosk machine with a single shared account or each user has their own user account? If each user has their own account then their credentials won't mix. If they're all using the same account then again, I think you're better off using the SunPKCS11 provider and going directly to the eToken pkcs11 interface. That way you limit the list of certs to whatever is on the currently inserted token (which you should further inspect and limit to ones that have the digitial signature key usage bit set).

  • Update 9.1.2 breaks digital signing documents in Adobe 9 Pro on Windows XP

    I am able to digitally sign documents using an Aladdin eToken Pro 64k with a fresh copy of Adobe 9 Pro for Windows. However when I update to version 9.1.2 digital signing fails with an "error encountered while BER decoding". Signing still works on Vista and Adobe 9.1.2 Pro. I've checked to make sure none of the settings relating to digital signing changed during the update and none have. Anyone have any ideas on how to correct the problem?

    Hi Nick,
    First up, there was a small error in my previous post. I said the version of Acrobat (and whenever I say Acrobat I really mean both Acrobat and Reader, but I'm too lazy to type both) that was modified to fix the bug in SHA-1 fallback was 9.1.3, but I really meant 9.3.  Sorry about that.
    I saw your post from yesterday (http://forums.adobe.com/thread/563601) where you broached the BER decoding error, but in the post above you said signature creation isn't failing any more, so hopefully some update has fixed the problem.
    Here's a little bit about the BER Decoding error. During the signing process Acrobat writes the entire file to disk (which is why you always get the Save As dialog as part of the signing process) in the signed state with everything but the actual signature. However, it does leave a hole in the file where the BER encoded cryptographic data will reside once it's be computed and formatted. One thing that is created before the actual signature is the signature appearance. The signature appearance in the form field isn't really the signature proper, but just a graphic representation of the actual signature. The reason that the signature appearance is written to disk before the signature is created is because it too is part of the signed data and must exist before the actual signature is created.
    In a perfect world, after the file is written to disk, the cryptographic signature is created and written into the hole in the PDF file, and the signing process completes without any problem. However, if we get to the point that the file has been written out, but during the actual signature creation the process fails, that hole I mentioned isn't filled in. It's not really a hole per se, but a block of zeros that act as a placeholder for the BER encoded data.  Because there was some sort of failure and Acrobat didn't get the signed data back from the hardware device what you end up with is a PDF file with a signature appearance, but no real signature in the file. When you click on the signature field Acrobat tries to validate the actual signature, it finds the block of zeros where the signed data was supposed to be, it tries to decode the zeros and gets (as you might well imagine) nothing back and displays the BER Decoding error.
    Let leaves us with why didn't Acrobat get the signed data back. When using hardware devices, such as tokens or smart cards, the actual cryptographic signing (the encryption of of the digest with the users private key) takes place on the device. Acrobat (nor any other application) doesn't have access to the private key, which is what makes hardware devices more secure. It's up to the device to sign the data and send it back. If there is any kind of breakdown in that communication channel (which I mentioned in my previous post) the signature creation doesn't reach fruition and you're left with an unsigned file that looks like it was signed because there is a signature appearance.
    This is a case where we are providing technically correct, and utterly useless information. It's true that we can't decode a bunch of zeros, but what we should be telling the user is there is no signature (it's kind of like the Matrix where there is no spoon ).
    I hope this helps explain what you're seeing. If the the signing process breaks down again please make sure you are using the latest version of Acrobat/Reader and the token software is up-to-date.  If everything is current and the problem returns please let me know.
    Steve

  • [AnyConnect] No valid certificates available for authentication

    Hi,
    We are using Cisco Anyconnect 3.0.0629 with certificate authentication (stored in Aladdin eToken)
    Most of users have no problem and it works fine.
    When one user tried to connect, he got a lot of errors "No valid certificates available for authentication" during 30 seconds. (~10 errors per second)
    In a normal behaviour, we should have only one error.
    Why is AnyConnect flooding this error?
    How could I resolve it?
    Thanks for your help,
    Patrick

    I also had the problem of "no valid certificates available for authentication", although it only prompted once, rather than a flood like the OP.
    However, the cause and solution for my problem was:
    The certificate used for authentication was issued by my internal CA, to the Computer, NOT the user.
    Although the user that is logged on is a local administrator, the AnyConnect Client application does not have the permission to send the certificate from the Computer store.
    The application needs to 'run as administrator'
    Right-click the application shortcut-> Properties->Compatibility->Privilege Level.
    Tick ->Run This Program As Administrator.
    I needed to reboot the client pc before this worked.
    n.b I was using Windows 8

  • Fans working extra time since last software update

    I have a MacBook Pro 13" (Late 2011) with Lion. Two days ago I updated the OS to 10.7.3(11D50). Since the boot after the update, the fans make a lot of noise and it seems like they work really hard. Any clue why is it or how should I solve this?
    Thanks,
    MByD.

    Do you use (or have you ever used) a SafeNet (formerly Aladdin) eToken? They use a process named SfntMonD to monitor and restart their driver software. The first Lion-compatible version of the SafeNet PKI software is 8.1.261. This works with 10.7.2, don't know about 10.7.3. If you have an earlier version the monitor daemon may be repeatedly trying and failing to restart pcscd. Removing old SafeNet/Aladdin software should eliminate the problem if the SfntMonD you see is theirs.

Maybe you are looking for

  • My mac mini keeps logging me out after no activity.

    the option to check/uncheck, "log out after X mins of no activity" is not an option to select. when it forces a logout, the screen saver is showing, not moving, and when you move the cursor, it acts like an eraser and removes the part of the screen s

  • Which 1 TB Seagate Barracuda is best for video editing?

    Hi, I'm about to buy a 1 TB drive for my Mac Pro to increase storage space for video files and not sure which one would suit me best out of the: Seagate BarracudaNL NL35 Hard drive 1 TB Internal 3.5" SATA300 7200 rpm buffer 32 MB or Seagate Barracuda

  • Error opening PDF file, using Windows Vista

    When I first purchased my new pc, regrettably, I was given Windows Vista. There have been a lot of problems. Of late, Adobe Reader gives me an error message when I try to open a downloaded file. I uninstalled and reinstalled Adobe Reader but with no

  • Database access using windows authentication

    We are updating our Applications to use single sign on and are running into a problem with database access. We are using CF11 Enterprise and SQL Server 2008 on IIS 7.5. We have set up the ColdFusion Application Service to run under an AD service acco

  • Reg: Dimension tables in RPD!

    Hello evreyone, Can I please get some help in the following scenario? I have a Dimension table in the physical layer of the RPD. That dime table is added as a Logical Table source for many other dimensions in the BMM layer. My question here is, can I