A new portable Version of the Aloaha PKCS7 Crypter has been released. It can be downloaded from https://dl.dropbox.com/u/20338532/neverdelete/AloahaPKCS7Crypter/aloahapkcs7crypter.zip
The Zip File also contains the portable Versoin of the Aloaha CMS Signer for easy creation of signed p7m files.
Our new tool Aloaha PKCS #7 Crypter is also part of the following Aloaha Solutions: Aloaha PDF Crypter & Aloaha Cardconnector
Aloaha added native support for the new V3 generation of the Berman Bundesdruckerei/D-Trust Smartcards/eIDs.
Following Aloaha Products can make use of the new cards WITHOUT having to install a special driver or middleware:
Aloaha Cardconnector (Middleware)
Aloaha PDF Suite (create digitally signed PDFs)
Aloaha PDF Signator and Multisignator (sign PDF documents)
Aloaha Smartlogin (Login to Windows with or without Active Directory).
Following V3 D-Trust Cards are supported:
The latest release of the Aloaha Smartcard Middleware Aloaha Smartcard Connector (http://www.aloaha.com/download/cardconnector.zip) now also supports the popular Muscle Applet.
Included in the Middleware is a Crypto Service Provider, PKCS #11 Module, Harddisk Encryption and a Password Safe.
As an add-on the user can use Aloahas Smartlogin for Smartcard based Windows Logon with or without Active Directory. (http://www.aloaha.com/download/smartlogin.zip)
Many customers are asking if we know any website they can use to test and check website logon via Smartcard or certificate. To make it easier for those customers we configured a test page on https://card.aloaha.com/CertAuth
Please note that that site might generate a warning in your browser since the root certifcate of the page is not issued by a trusted root. You can ignore this warning since this is purely a test page without any content.
Also note that revocation checks are disabled via HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443\DefaultSslCertCheckMode=1
Nevertheless it might be required that we import the root certificate of your smartcard certificate into the machine store. So should you not be able to logon to our test website please send your root (and if required also your intermediate) certificate as a zipped .cer file to info@aloaha.com
If you do not have a Middleware (CSP/PKCS11) for you smartcard yet please have a look at the Aloaha Cardconnnector. Currently it supports more than 45 different cards!
The download link is: http://www.aloaha.com/download/cardconnector.zip
No doubt this is one of the most common questions/frustrations about Windows Vista/W7.
Even if you log on as an administrator, you don’t really have administrative rights, thanks to UAC (User Account Control). But since setups require administrator rights this behavior could cause problems.
When you run a setup program, right-click the setup program, and then click Run As Administrator. Then, it will really run as an administrator.
User Account Control (UAC) is a new security component in Windows Vista/W7.
UAC enables users to perform common tasks as non-administrators, called standard users in Windows Vista/W7, and as administrators without having to switch users, log off, or use Run As.
A standard user account is synonymous with a user account in Windows XP.
User accounts that are members of the local Administrators group will run most applications as a standard user.
By separating user and administrator functions while enabling productivity, UAC is an important enhancement for Windows Vista.
To help prevent malicious software from silently installing and causing computer-wide infection, Microsoft developed the UAC feature.
Unlike previous versions of Windows, when an administrator logs on to a computer running Windows Vista, the user’s full administrator access token is split into two access tokens: a full administrator access token and a standard user access token.
During the logon process, authorization and access control components that identify an administrator are removed, resulting in a standard user access token. The standard user access token is then used to start the desktop, the Explorer.exe process.
Because all applications inherit their access control data from the initial launch of the desktop, they all run as a standard user as well.
Even though the focus of Aloaha is put on Smart Cards we do have APIs to read 2W, 3W, i2c Memory Cards such as the famous SLE4428, SLE4442, telephone cards, german KVK (Krankenversicherungskarte), Kinko, Student Card, etc.
The API to read such cards is included in the Aloaha Cardconnector, Credential Provider and Smartlogon. No license is required to just read them!
Code Sample:
dim cr
dim reader
set cr = createobject(“AloahaSync.SyncAPI”)
reader = cr.ReaderNamesCSV
reader=split(reader,”,”)(0)
if reader<>”" then
If cr.Connect(reader) = True Then
msgbox cr.hexdump(cr.raw_content)
end if
end if
set cr = nothing
For german KVK Cards please also try API: cr.KVK_Content
Please note that for the new German Health Card (eGK / Gesundheitskarte) you should follow the instructions on: http://blog.aloaha.com/2012/03/21/deutsche-gesundheitskarte-auslesen/
Please make sure that when you are using an HID/Omnikey Reader that you install the Sync API additionally to the reader driver. When using SCM Microsystems Reader you need to make sure that the MCARD API has been installed additionally to the reader driver!
Aloaha accesses per default the connected Smart Card Reader via the Windows PC/SC or CCID driver. In some cases it might be required to use the reader via CT-API. For example in cases that no PC/SC or CCID driver exists. That is the case for most health terminals used in the german health system.
To be able to use CT-API it is required that a recent version of the Aloaha Smartcard Connector is installed. If you find the file AloahaCSPPlugin.exe in <common files>\Aloaha your Version is recent enough to be switched to CT-API.
To activate CT-API there have to be entries in the file CTAPIINI.ini in <program files>\wrocklage and entries in the registry.
CTAPIINI.ini:
[Settings]
activated=1
CTAPI=c:\windows\system32\ct8751.dll
[HID OMNIKEY 8751 e-Health LAN]
port=1
Units=01,02,03,04,40,50
Please note the the settings section is required. The rest Aloaha will try to fill in automatically.
Once the above seetings are done you you re-logged on into your machine you will see your CT-API eHealth Terminal in the Aloaha Systray as shown below:
Aloaha System Tray with e-Health Terminal
Even though any CTAPI Reader should work currently ONLY the ORGA 6041 eGK and OMNIKEY 8751 eHealth terminals have been accredited to work perfectly with Aloaha. More will follow on request!
Windows Logon with e-Health Terminal
Obviously the Aloaha Smartlogon does support Windows Logon via CTAPI based Smartcard Reader. That means that it is possible to use a HID 8751 or Orga 6041 eHealth Terminal to logon to with the german HBA (Health Professional Card).
Per default the e-Health Terminal is NOT connected to the Windows Logon Credentials Provider. To activate that you need to create the following entry in our CTAPIini.ini in your installation folder:
[Settings]
CTAPIAsSystem=1
After you create the key and set your credentials via Aloaha GUI you can logon via the Aloaha Tile as shown below:
Aloaha Windows Logon
You can download the Aloaha Middleware/Credential Provider from http://www.aloaha.com/download/credentialprovider.zip
Please make sure to request an evaluation key from info@aloaha.com
German cutomer should also read: http://blog.aloaha.com/2012/01/03/wie-richte-ich-mein-ehealth-terminal-ein-um-mich-mit-meinem-hba-oder-smc-karte-an-windows-anzumelden/
One popular feature is Aloaha’s shell integrated PKCS7 Validator. The user can just right click on the p7s/p7m file and Aloaha will validate the signature and if that is correct will display the signers certificate.
From this Aloaha Signator/Cardconnectors Version on Aloaha will automatically detect if a file is signed only or encrypted and/or signed. Encrypted files will be automatically decrypted! An easy way to test that out is to save the mime.p7m of an s/mime mail as mail.p7m and then right click on it to choose Validate PKCS7!
PKCS7 Validation
The Aloaha Crypto Card is now also available as Contactless Card. Please contact info@aloaha.com for further information.
Details for the Crypto Card can be found on: http://www.aloaha.com/smartcard-software-en/aloaha-crypto-card.php
Aloaha on Twitter