Mount Aladdin eToken in Firefox on Archlinux

Given you’re on Archlinux and have an Aladdin eToken, let’s see how we can mount it in Firefox for web authentication.

An Aladdin eToken is a cryptographic device (token, smart card) that stores digital certificate and keys. It can be used to authenticate a given profile on company access portals. I found a lot of articles on how to set it up on Ubuntu. Unfortunately, the steps are different for my Archlinux machine, so here it goes.

First, you’ll need to install the following packages with your preferred package manager:

• Opensc - Smart card tools and libraries
• Openct - Driver implementations for smart cards
• SAC-core - Safenet Authentication Client for Alladin eToken core package

With yay:

yay -S opensc openct sac-core

Once you’re done, you need to activate the pcscd service:

sudo systemctl enable pcscd.service 
sudo systemctl start pcscd.service

With this you should be able to detect the token, plug it and run the following command:

opensc-tool -l

If your token is detected you should get this output:

# Detected readers (pcsc)
Nr.  Card  Features  Name
0    Yes             [eToken name]

Now let’s move on to Firefox: we are going to manually load the PKCS11 library installed with the opensc and openct packages.

Start the browser (the token needs to be inserted before starting Firefox, otherwise it will crash) and follow these steps:

• Open the Firefox preferences dialog
• Choose “Privacy and Security” > “Certificates > “Security Devices”
• Choose “Load”
• Enter a name for the security module, such as “Local PKCS#11”
• Choose “Browse…” and load “/usr/lib/libeTPkcs11.so”

Now the module is loaded and Firefox should detect your eToken.

You can open it by going back to the security devices preference section, select the line of your eToken below the module you just loaded, and click on “Log in”. Firefox will ask you for the password and you’re all done. The eToken’s certificate will appear in the list to choose when authenticating.