Skip to content

Instantly share code, notes, and snippets.

@guillecro

guillecro/guide-gemalto-aladdin-eToken-ubuntu24.04.md

Created August 12, 2025 14:50
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save guillecro/595dcc62893bf4a7fc4a0f3c405a50e2 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save guillecro/595dcc62893bf4a7fc4a0f3c405a50e2 to your computer and use it in GitHub Desktop.
Download ZIP
This guide explains how to install the required drivers, access the token, view the certificates, and use it for signing operations on Ubuntu 24.04.
Raw
guide-gemalto-aladdin-eToken-ubuntu24.04.md

Guide: Using a Gemalto/Aladdin eToken on Ubuntu 24.04

This guide explains how to install the required drivers, access the token, view the certificates, and use it for signing operations on Ubuntu 24.04.

1️⃣ Install Smartcard Services

Before installing the SafeNet Authentication Client (SAC), install the necessary smartcard services:

sudo apt update
sudo apt install pcscd pcsc-tools opensc
sudo systemctl enable --now pcscd

Verify detection:

pcsc_scan

Expected output:

zaqueo@mapache:~$ pcsc_scan
PC/SC device scanner
V 1.7.1 (c) 2001-2022, Ludovic Rousseau <ludovic.rousseau@free.fr>
Using reader plug'n play mechanism
Scanning present readers...
0: SafeNet eToken 5100 [eToken 5110 SC] 00 00
 
Tue Aug 12 11:30:36 2025
 Reader 0: SafeNet eToken 5100 [eToken 5110 SC] 00 00
  Event number: 0
  Card state: Card inserted, 
  [...]

2️⃣ Download SafeNet Authentication Client for Linux

The SAC package is not in the default Ubuntu repositories. Download it from Thales/Gemalto:

Note: I used safenetauthenticationclient_10.9.4723_amd64.deb for example.

safenetauthenticationclient_10.8.123_amd64.deb

3️⃣ Install SAC

After downloading:

sudo apt install ./safenetauthenticationclient_*_amd64.deb

This installs the PKCS#11 library (among others, I believe), usually located at:

/usr/lib/libeToken.so
/usr/lib/libeTPkcs11.so

Find it with:

find /usr/lib* -name "libeT*.so"

4️⃣ View Certificates and Keys

Use the PKCS#11 tools with the SAC library:

pkcs11-tool --module /usr/lib/libeTPkcs11.so -O

Enter your token PIN when prompted. You should see entries like:

Certificate Object; type = X.509 cert
  label: My User Cert
  ID: 45
  Subject: ...

5️⃣ Export and Inspect a Certificate

Example:

pkcs11-tool --module /usr/lib/libeTPkcs11.so -r --type cert --id 45 > cert.der
openssl x509 -inform DER -in cert.der -noout -text

6️⃣ Use in Firefox

  1. Go to Preferences → Privacy & Security → Certificates → Security Devices.
  2. Click Load.
  3. Name it Gemalto Token.
  4. Select the module path: /usr/lib/libeTPkcs11.so.
  5. Your token and its certificates will be available for client authentication.

7️⃣ Sign PDFs with the Token

One simple cross-platform option is JSignPdf:

  1. Install Java:
sudo apt install default-jre
  1. Download JSignPdf from https://sourceforge.net/projects/jsignpdf/
  2. Run:
java -jar JSignPdf.jar
  1. In JSignPdf settings, configure PKCS#11 module path to /usr/lib/libeTPkcs11.so and provide your token PIN.
  2. Choose the PDF, select your certificate, and sign.

This process keeps your private key inside the token while enabling standards-compliant PDF signatures.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment