Arch Linux User Repository

Accessing the certificate isn't the problem. Literally any program implementing PKCS#11 can access the certificate through SafeNet's PKCS#11 module, so that's probably 95% of all certificate-related programs.

The problem is in dealing with the actual documents. What document formats are you working with? What signature formats do you need? There are plenty, and saying "like in windows" really doesn't say a lot.

If you don't need any special formats and you're just signing those PDFs straight in Acrobat Reader, then I think KDE's Okular has recently gained the ability to do that. LibreOffice might work too. It looks like LO uses NSS so you'll need to load the PKCS#11 module using modutil (or through Firefox GUI). I don't know what Okular uses, but it might be p11-kit (in which case you use ~/.config/pkcs11/modules), I'll try to check it later.

For Word .docx documents (not legacy .doc), LibreOffice's XML-DSig support looks like it might work, but the last time I tried it, it wasn't entirely compatible with MS Office. I think it was more oriented towards .odt than .docx at the time.

Creating for example .asice or .bdoc files (for government documents in Europe) is a different matter.

@grawity Is there a Linux free app that can access/manage the certificate on the key through this driver? I am trying to use it to sign documents like in windows (docs and pdfs). Can you share any specific example in this direction?

I can only provide support if you're using this AUR package. If you're rolling your own via debtap, well, you're on your own – there's no way I can provide support for that...

Note that the SafeNet Authentication Client only contains the drivers for your smartcard (USB token) – it does not actually include any sort of document signing application.

Whichever document signing software you use will usually have a way to specify the smartcard's PKCS#11 module (in your case it's probably /usr/lib/libIDPrimePKCS11.so). It might be a setting directly in the application, or through NSS, or through p11-kit.

Hi, I installed the package but do not know how to use it. Any help would be appreciated. I would like to use my USB key to sign pdfs and other .doc documents. My signature provider indicated I should use safenetauthenticationclient_10.7.77_amd64.deb. I tried to install it using debtap but it didn't work (says it's missing libssl.1.0.0, libssl.1.0.2 and lsb-base). I tried to circumvent lsb-base with ld-lsb, also it seems I have libssl.1.0.0 installed and I do not know why it's not detecting it. I would very much appreciate it if you could offer support also for this software, or help me get it working.

@grawity you can adopt package, I no longer use eToken.

FYI, there is a newer version 10.7.77 available from id.ee.

Note that 10.7 no longer supports the CardOS-based eToken, which is EOL (though the JavaCard-based eToken 72K might still work).

If you update to 10.7, then I will re-upload the 10.0.37 package as "sac-core-legacy" as I still use eToken 64K and 72K.

I have my Aladdin eToken working fine with gpgsm and Firefox and Chromium and openvpn and so on, but for some reason SSH won't play ball:

  $ ssh 192.168.101.196
  Enter PIN for 'SafeNet eToken 5110': 
  C_SignInit failed: 99
  pkcs11_get_key failed
  sign_and_send_pubkey: signing failed for RSA "SSH": error in libcrypto

I can't seem to find anything helpful on the net. Does anyone have any idea?

SSL is now working on download link.

@caltlgin Added URL, thanks.

@spidla, please fix SSL or provide a link without SSL