Child pages
  • Signing code using DigiCert hardware token on Mac OSX
Skip to end of metadata
Go to start of metadata

I just got a package in the mail from DigiCert, containing our shiny new EV Code Signing hardware toke

In my case this is a SafeNet eToken 5105 USB device: 

After logging on to the DigiCert website I activated the token and changed the password - and also noted it.

To change the temp password on the token you need to install drivers.

But unfortunately the page describing to do so only lists Windows drivers: https://www.digicert.com/code-signing/safenet-client-installation.htm

And the link to the drivers goes back to the same page.

 

After contact with DigiCert support they gave me the right URL to the SafeNet drivers:

 

https://www.digicert.com/StaticFiles/SafeNetAuthenticationClient-x32-x64.exe

 https://www.digicert.com/StaticFiles/SafeNetAuthenticationClient.9.1.2.0.dmg


On the Mac, after this is done you should see a new entry in the Keychain utility:

 

You can also tell from the command line:

dick.visser@GEANT-AMS-11:~$ security list-keychains
"GÉANT, Amsterdam office"
"/Users/dick.visser/Library/Keychains/login.keychain"
"/Library/Keychains/System.keychain"

In order to sign anything, you have to first unlock the key, by clicking the padlock icon. You will need to put in the password that you previously created.

It is NOT possible to copy/paste the password - so you'd have to manually type in your long password.

Once it's unlocked, you can use the security command to sign files. For instance a mobileconfig file that contains Apple settings.

security cms -S -N "GÉANT Association" -i geant.mobileconfig -o geant_signed.mobileconfig

In this example we identify the certificate that we want to use by it's nickname, which is "GÉANT Association" - as seen from the keychain overview.

 

 

  • No labels