[Tokend-Dev] Certificates from token through Tokend in built-in VPN client on Mavericks

Мироненко Евгений mironenko at rutoken.ru
Wed Mar 12 09:40:19 PDT 2014


Shawn,

It looks like Gemalto Tokend is not distributed  with the installers provided. 
Moreover there is no sign of activity in tokend repository since ludic.roussseau mitigated CVE-2013-1867 referred. 
Are there any actions done by installer except simply putting tokends to /System/Library/Security/tokend/? 
Isn't there any registration procedure the tokend I use may not have performed?

I've been building Gemalto Tokend from source (http://smartcardservices.macosforge.org/trac/browser/trunk/Tokend/PKCS11) and the latest version available is used.

Best regards,
Eugene Mironenko

12.03.2014, в 19:39, Shawn Geddis <geddis at me.com>
 написал(а):

> On Mar 12, 2014, at 5:29 AM, Мироненко Евгений <mironenko at rutoken.ru> wrote:
> - Shawn_____________________________________________________________________
> 
>> Hello!
>> 
>> I'm using Gemalto Tokend to access the certificates on the token. On Mac OS X 10.8 the certificates on the token are accessible via Keychain Access, Mail utilities and built-in VPN client, but after updating to 10.9 I've got an issue that certificates on the token are not listed in built-in VPN client (when selecting authentication parameters) though they are visible in Keychain Access utility. 
>> 
>> Is it a problem with Tokend used or Apple has just cut out tokend support from VPN client? Is there any workaround for the issue?
>> 
>> Best regards,
>> Eugene Mironenko
> 
> Eugene, 
> 
> Nothing has changed architecturally from the Apple side on Tokend or on the ability of any Apple services (ie. VPN) to utilize the Keychain APIs which is how they get access to Smart Cards supported with a Tokend.  Have you updated the Tokend for 10.9 using the updated installers posted ?  There was a security CVE addressed and implemented in the new updates as well.
> 
> Please capture logs before and during the transactions and submit with a ticket, so we can look into it.  We may uncover something from there.
> 
> -Shawn
> _____________________________________________________________________
> Shawn Geddis				  			        geddis@{Mac | Me | iCloud}.com
> Enterprise Security Consulting Engineer, Apple     geddis at apple.com
> 
> Smart Card Services  Project/Dev Lead:                                                                                 
> 				Project Wiki:		          [SmartCardServices.MacOSFforge.Org]
> 				Mailing Lists:		         [Lists.MacOSForge.Org/mailman/listinfo]
> 				SCS Contact:				           [scs-cotact at macosforge.org]
> 				SCS Admin:				           [scs-admin at macosforge.org]
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/tokend-dev/attachments/20140312/68783e27/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2281 bytes
Desc: not available
URL: <https://lists.macosforge.org/pipermail/tokend-dev/attachments/20140312/68783e27/attachment-0001.p7s>


More information about the Tokend-Dev mailing list