What is an etoken?

Question

I need to write a code to check the validity of the digital certificate present in an etoken. I am not familiar with etokens. Can anyone please answer my following questions,

1. How to access the digital certificate content from etoken?
2. Can we access the private key stored in etoken?
3. When we plug the etoken to an computer then does it copy the digital certificate on the computer or not? If yes then where does it copy it?

I need to write C++ program for the same. Can we use Cryptographic API's (like CrypImportKey() CryptExportKey() ) provided by Microsoft for the above requirement?

Answer 1

"etoken" was the name of one of first USB cryptotokens produced by Aladdin. What you are asking for is usually referred to as security token. This is a hardware device with it's own memory, in which certificates and private keys are stored.

Tokens need drivers to be installed in order to work properly. The driver set includes implementation of CSP (Cryptographic Service Provider) for CryptoAPI. CSP does the job of presenting certificates, stored in the token, to CryptoAPI. To answer your questions:

1. Via CryptoAPI or PKCS#11 interface (drivers for both are supplied by the vendor).
2. You can perform certain operations with the private key by calling the appropriate API. But the key itself is not extractable.
3. I can't say for sure but for me it looks like certificates are copied to in-memory certificate store for speed of operations.