Versions Compared

Version Old Version 10 New Version Current
Changes made by

Armando Carratala

Armando Carratala

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Image Removed

Table of Contents
maxLevel1
indentcircle

Description

Alison-Desktop allows generation of keys and installation of certificates from an external application. It is designed to be accessed from a browser mainly.

Its services can be accessed through its Alison-SDK library, compatible with any browser (IExplorer 11, Edge, Firefox, Chrome, Safari, Opera, Brave).

It can be accessed using Alison-SDK. From Alison-Desktop 3.x a new REST interface is available for generation, installation and testing.

Platforms

Alison-Desktop was tested on the following platforms:

Image Removed

Image Removed

Image Removed

Windows 10MacOS 10.15 (Catalina)Ubuntu 18.04.3 LTSWindows 8MacOS 10.14 (Mojave)Windows 7MacOS 10.13 (High Sierra)

Related Product

Alison SDK js

Alison SDK allows developer to integrate Alison Desktop in its pages in a easier way. Go to the Alison SDK documentation.

Alison Wizard

You can obtain current version of Alison Desktop from ACME Alison Wizard site.

For developers, go to the Alison Desktop documentation.

Features

KeyStore

KeyStore is the basic unit of identification of certificate repositories.
Each type of keyStore has a definition that includes a unique identifier, and other attributes used by the library for better representation.

New KeyStores are included on any new version of Alison-Desktop.

ValueDescription

Image Removed

Image Removed

Image Removed
WIN-ENHNative and regular Windows CSP used to generate and store certificate for users.CSKPropietary repository, linked to computer hardware to provide a more secure repositoryETOKENGemalto eTokenMTOKENCentury Longmai mTokenMACOSKeychain respository of certificated used by OSXFF-NSSRepository used by Mozilla FirefoxYUBIKEYYubicoEPASSFeitian ePassATHE-PIVAthena PIVPFXRepository of certificate using a PKCS12 file

Integration

Alison Desktop is a certificate provider that can be accessed throw a SDK library or its REST interface (available from Alison-Desktop v3.x).

Alison SDK js

Go to AlisonSDK library documentation.

REST interface

Read and Test this interface from Postman.

Definitions

The following definitions and structures are useful for a better understanding of the interface, library and how to use it.

Some structures share attributes defined here:

FieldDescriptionserialNumberCertificate Serial Number, in string format, with hexadecimal number [0..9,a..f] (only lowercase letters).thumbPrintCertificate thumbPrint, SHA1 algorithm, and hexadecimal values [0..9,a..f].keyStoreIdKeyStore where the certificate is installed.profileNameIndicates on which profile the certificate is installed. Some type of keyStore have a unique profile (like WIN-ENH or MACOS), so on those cases this value may be optional.providerIdWhen you have initialized the library to work on another providers different than Alison-Destkop.

A complete list of KeyStoreId is available on each distribution of Alison-Desktop or Alison-Server.

User can add its on KeyStoreId following the instruction of Alison-Desktop.

Code Block
languagetext
themeDJango
titleKeyStoreInfo JSON structure
KeystoreInfo = {
	"id": "keyStore Identifier",
	"friendlyName" : "keyStore friendly name",
	"providerId": "Certificate provider (usually Alison-Desktop)",
	"profiles" : [ Profile list included inside this keyStore ],
	"status": "keystore status, with the ResultStatus structure described later",
}

Profile

Each KeyStore has one or more Profiles. This depends on the keyStore type. Some keyStores only have one profile.

Each profile is identified by its profileName, which may depend on the type of keyStore.

Some of the profileName can remain constant over time, as is the case with PFX, CSK or MACOS, but others can dynamically change between one execution and other.

Each profile contains certificates installed within it. By looking at the attributes of a profile, you can find how many certificates you have installed (-1 represents that the attribute has not been evaluated), and how many of them are dummy certificate installations (temporarily created to keep the private key, but not functional).

ProfileInfo

The information contained in a KeyStore is represented by a JSON structure called KeyStoreInfo. The structure has the following information:

Code Block
languagetext
themeDJango
titleProfile JSON information
{
	"id": "{{profileId}}",
	"name": "{{profileName}}",
	"friendlyName": "{{friendlyName}}",
	"status": {
		{{status}}
	},
	"issuedCerts": -1,
	"dummyCerts": -1,
	"details": {
		{{profileDetails}}
	}
}
FieldDescriptionidprofileId is utilized to identify an specific profile. It's composed by KeyStoreId#>profileNamenameName of the profile. It depends on the keyStore type.friendlyNameFriendly name of the profile. Usually the name of the device, for example.statusStatus of the profile in ResultStatus format.issuedCertsNumber of certificates installed in the profile. -1 when this value was not evaluated.dummyCertsNumber of dummy certificates installed in the profile. -1 when this value was not evaluated.detailsDetails of the profile.

KeyStore Selector

It's used to indicate a unique KeyStore and a profile into it.

Some methods, like migration of certificate between keystores, use a KeyStoreSelector to indicate the target keystore where to move the certificate.

Code Block
languagetext
themeDJango
titleKeyStore Selector Structure
{
	"keyStoreId": "keyStoreId where the certificate is stored",
	"profileName": "profileName where the certificate is stored",
	"providerId": "when the certificate is managed by another certificate provider than Alison-Destkop"
}

Certificate Selector

This structure is used to reference a unique certificate managed by Alison-Desktop or Alison-Server.

Code Block
languagetext
themeDJango
titleCertificate Selector Structure
{
	"keyStoreId": "keyStoreId where the certificate is stored",
	"profileName": "profileName where the certificate is stored",
	"thumbPrint": "certificate thumbprint",
	"providerId": "certificate provider (usually Alison-Desktop)"
}

WebCertificate

A WebCertificate is the representation of a certificate that is stored in a keystore. It contains all the information of the certificate such as subject, issuer and thumbprint.

Code Block
languagetext
themeDJango
titleWebCertificate Structure
{
	"serialNumber": "The serial number of the certificate",
	"serialNumberH": "The serial number in hexadecimal",
	"thumbPrint": "A unique identifier of the certificate",
	"notBeforeS": "Not-before value of the certificate, in a string format 
				   YYYY-MM-DD HH:MM:SS GMT-0",
	"notAfterS": "Not-after value of the certificate, in a string format 
                  YYYY-MM-DD HH:MM:SS GMT-0",
	"daysToExpire": "Days before expiration",
	"notBeforeTS": "Not-Before timestamp value of the certificate",
	"notAfterTS": "Not-After timestamp value of the certificate",
	"isDefault": "True is the certificate is the last used 
				  (when the certificate is included in a list of certificates)",
	"status": "Certificate status (valid | revoked ) (-1 is UNDEF)" *,
	"trustLevel": "TrustLevel used during its validation. 
				   It depends on the Debbie validation policy used" *,
	"validationMode": "Indicates the validation mode used by Debbie" *,
	"profile": Basic information about the profile that contains this certificate,
	"subject": {
		"DN": "Distringuished Name of the Subject",
		"parsedDN": "JSON Object that represents de DN"
	},
	"issuer": {
		"DN": "Distringuished Name of the Issuer",
		"parsedDN": "JSON Object that represents the DN"
	},
	"extensions": Some principal extensions defined into the certificate,
	"pkcs7": "Certificate in PEM format",
	"keyStoreId": "KeyStore Identifier",
	"keyStoreType": "KeyStore Type"
}

* This fields are completed by Debbie.

Result Status

This structure is used to represent the status of several elements (keystore, profile, etc).

Code Block
languagetext
themeDJango
titleResult Status Structure
"status": {
	"resultStatus": "[ 0 | 1 | 2 ] ",
	"resultList": 
		[ 
			{ "code": "result code",
		  	  "detail": "result code detail"
			}, 
		...
		]
	}
FieldDescriptionresultStatusIt's an integer value, where 0 represents that there is no error, 1 is used to alert about some special condition, which must be taken in consideration, (for example, that a cryptographic device is almost full), and 2 indicates an error on the keystore (for example, if it is locked)resultListIt's a list of pair key-values (code, detail), where **code** contains a warning or error code, and **detail** may contain information about the code.

ErrorCode responses

Error code responses are returned with the following structure:

Code Block
languagetext
themeDJango
titleErrorCode response structure
{
	"code": 20611,
	"message": "Token is not present or is empty"
}
Definitions
Image Added
Table of Contents
maxLevel2
indentcircle

Description

Alison-Desktop allows the generation of keys and installation of certificates from an external application. It is designed to be accessed from a browser mainly.

Its services can be accessed through its Alison-SDK library, compatible with any browser (IExplorer 11, Edge, Firefox, Chrome, Safari, Opera, Brave).

It can be accessed using Alison-SDK. From Alison-Desktop 3.x a new REST interface is available for generation, installation, and testing.

Platforms

Alison-Desktop was tested on the following platforms:

WINDOWS

MAC-OS

LINUX

Windows 11

MacOS 14 (Sonoma)

Ubuntu 20.04.1 LTS

Windows 10

MacOS 13 (Ventura)

Ubuntu 18.04.3 LTS

Windows 8

MacOS 12 (Monterey)

CentOS Linux release 8.5

MacOS 11 (Big Sur)

MacOS 10.15 (Catalina)

Related Product

AlisonJS SDK

Alison JS allows a developer to integrate Alison Desktop into its pages in an easier way. Go to the AlisonJS SDK documentation.

Alison Wizard

You can obtain the current version of Alison Desktop from ACME Alison Wizard site.

For developers, go to the Alison Desktop documentation.

Features

Related Product

AlisonJS SDK

Alison JS allows a developer to integrate Alison Desktop into its pages in an easier way. Go to the AlisonJS SDK documentation.

Alison Wizard

You can obtain the current version of Alison Desktop from ACME Alison Wizard site.

For developers, go to the Alison Desktop documentation.

Available KeyStore List

The following KeyStores are included on any version of Alison-Desktop (+3.x).

Value

Description

Image AddedImage AddedImage Added

WIN-ENH

Native and regular Windows CSP used to generate and store certificates for users.



CSK

Proprietary repository, linked to computer hardware to provide a more secure repository

ETOKEN

Safenet/Gemalto eToken


MTOKEN

Century Longmai mToken


MACOS

Keychain repository of certificates used by OSX



FF-NSS

The repository used by Mozilla Firefox

YUBIKEY

Yubico PIV

Required drivers should be downloaded from yubico-piv-tool/Releases/


EPASS

Feitian ePass.

Required drivers could be downloaded from: ePass2003_Full_SDK_20210127.rar


ATHEIDP

Athena IDProtect Key


SAFESIGN

SafeSign IC faq-safesign-identity-client


RIJKSPAS

IDEMIA RIJKSPAS SmartCard


GEMP15-1

Gemalto Classic Smart Card

PFX

Repository of the certificate using a PKCS12 file

MEM

Volatile memory keystore

It's also possible to add a new PKCS#11 Keystore just by editing the file keystore.user located in the config directory for each user. This file will include new Keystore entries in each new version of Alison-Desktop.

This is a typical entry to define a new Keystore:

KeyStore Entry
Code Block
languagejs
{
    "id": "ETOKEN",
	"status": "enabled",
	"icon": "TOKEN",
	"friendly_name": "Gemalto eToken",
	"capabilities": "SGI",
	"extra_params": "allow_empty_pass",
	"filter_mask": -1,
	"windows": {
		"driver_path_x86": "%WINDRIVER%\\eTPKCS11.dll",
		"driver_path_x64": "%WINDRIVER%\\eTPKCS11.dll"
	},
	"osx": {
		"driver_path": "/usr/local/lib/libeTPkcs11.dylib"
	},
	"linux": {
		"driver_path": "/usr/lib64/libeTPkcs11.so"
	}
}


Integration

Alison Desktop is a certificate provider that can be accessed throw an SDK library or its REST interface (available from Alison-Desktop v3.x).

Alison JS

Go to AlisonJS library documentation.

REST interface

Read and Test this interface from Postman.


Structures

The following definitions and structures are useful for a better understanding of the interface, library and how to use it.

Some structures share attributes

defined here

like:

Field

Description

serialNumber

Certificate Serial Number, in string format, with a hexadecimal number [0..9,a..f] (only lowercase letters).

thumbPrint

Certificate thumbPrint, SHA1 algorithm, and hexadecimal values [0..9,a..f].

keyStoreId

KeyStore where the certificate is installed.

profileName

Indicates on which profile the certificate is installed. Some

type

types of keyStore have a unique profile (like WIN-ENH or MACOS), so

on

in those cases, this value may be optional.

providerId

When you have initialized the library to work

on another

with other providers different than Alison-Destkop.


A complete list of KeyStoreId is available on each distribution of Alison-Desktop or Alison-Server.

User

Users can add

its on

their own KeyStoreId following the instruction of Alison-

Desktop.

Desktop.


KeyStore

KeyStore is the basic unit of identification of certificate repositories.
Each type of keyStore has a definition that includes a unique identifier, and other attributes used by the library for better representation.

KeyStoreInfo JSON structure
Code Block
languagetext
themeDJangotitleKeyStoreInfo JSON structureKeystoreInfo = 
{
	"id": "keyStore Identifier",
	"friendlyName" : "keyStore friendly name",
	"keyStoreType": "type of keystore",
	"providerId": "Certificate provider (usually Alison-Desktop
)
)",
	"capabilities": "string representing capabilities of this keystore to Generate, Import, Export or Sign",
	"profiles" : [ Profile list included inside this keyStore ],
	"status": "keystore status, with the ResultStatus structure described later",
}

Some of these fields are available from Alison-Desktop version 3.1.0+.

.


Profile

Each KeyStore has one or more Profiles. This depends on the

keyStore

Keystore type. Some keyStores only have one profile.

Each profile is identified by its profileName, which may depend on the type of

keyStore

KeyStore.

Some of the profileName can remain constant over time, as is the case with PFX, CSK, or MACOS, but others can dynamically change between one execution and

other

another.

Each profile contains certificates installed within it. By looking at the attributes of a profile, you can find how many certificates you have installed (-1 represents that the attribute has not been evaluated), and how many of them are dummy certificate installations (temporarily created to keep the private key, but not functional).


ProfileInfo

The information contained in a KeyStore is represented by a JSON structure called KeyStoreInfo. The structure has the following information:

Profile JSON information
Code Block
languagetext
themeDJangotitleProfile JSON information
{
	"id": "{{profileId}}",
	"name": "{{profileName}}",
	"friendlyName": "{{friendlyName}}",
	"status": {
		{{status}}
	},
	"issuedCerts": -1,
	"dummyCerts": -1,
	"details": {
		{{profileDetails}}
	}
}

Field

Description

id

profileId is utilized to identify

an

a specific profile. It's composed by KeyStoreId#>profileName

name

Name of the profile. It depends on the

keyStore

Keystore type.

friendlyName

Friendly name of the profile. Usually the name of the device, for example.

status

Status of the profile in ResultStatus format.

issuedCerts

Number

The number of certificates installed in the profile. -1 when this value was not evaluated.

dummyCerts

Number

The number of dummy certificates installed in the profile. -1 when this value was not evaluated.

details

Details of the profile.


KeyStore Selector

It's used to indicate a unique KeyStore and a profile into it.

Some methods, like the migration of

certificate

certificates between

keystores

Keystores, use a KeyStoreSelector to indicate the target

keystore

Keystore where to move the certificate

.

.

KeyStore Selector Structure
Code Block
languagetext
themeDJangotitleKeyStore Selector Structure
{
	"keyStoreId": "keyStoreId where the certificate is stored",
	"profileName": "profileName where the certificate is stored",
	"providerId": "when the certificate is managed by another 
	certificate provider than Alison-Destkop"
}


Certificate Selector

This structure is used to reference a unique certificate managed by Alison-Desktop or Alison-Server.

Certificate Selector Structure
Code Block
languagetext
themeDJangotitleCertificate Selector Structure
{
	"keyStoreId": "keyStoreId where the certificate is stored",
	"profileName": "profileName where the certificate is stored",
	"thumbPrint": "certificate thumbprint",
	"providerId": "certificate provider (usually Alison-Desktop)"
}


Anchor
WebCertificate
WebCertificate
WebCertificate

A WebCertificate is the representation of a certificate that is stored in a

keystore

Keystore.

It contains all the certificate information

of the certificate

such as subject, issuer, and thumbprint.

A full description of this structure is located in Debbie's documentation.

WebCertificate Structure
Code Block
language
textthemeDJangotitleWebCertificate Structure
text
{
	"serialNumber": "The serial number of the certificate",
	"serialNumberH": "The serial number in hexadecimal",
	"thumbPrint": "A unique identifier of the certificate",
	"notBeforeS": "Not-before value of the certificate, in a string format 
				   YYYY-MM-DD HH:MM:SS GMT-0",
	"notAfterS": "Not-after value of the certificate, in a string format 
                  YYYY-MM-DD HH:MM:SS GMT-0",
	"daysToExpire": "Days before expiration",
	"notBeforeTS": "Not-Before timestamp value of the certificate",
	"notAfterTS": "Not-After timestamp value of the certificate",
	"isDefault": "True is the certificate is the last used 
				  (when the certificate is included in a list of certificates)",
	"status": "Certificate status (valid | revoked ) (-1 is UNDEF)" *,
	"trustLevel": "TrustLevel used during its validation. 
				   It depends on the Debbie validation policy used" *,
	"validationMode": "Indicates the validation mode used by Debbie" *,
	"profile": Basic information about the profile that contains this certificate,
	"subject": {
		"DN": "Distringuished Name of the Subject",
		"parsedDN": "JSON Object that represents de DN"
	},
	"issuer": {
		"DN": "Distringuished Name of the Issuer",
		"parsedDN": "JSON Object that represents the DN"
	},
	"extensions": Some principal extensions defined into the certificate,
	"pkcs7": "Certificate in PEM format",
	"keyStoreId": "KeyStore Identifier",
	"keyStoreType": "KeyStore Type"
}

* This fields are completed by Debbie.


Result Status

This structure is used to represent the status of several elements (

keystore

Keystore, profile, etc).

Result Status Structure
Code Block
languagetext
themeDJangotitleResult Status Structure
"status": {
	"resultStatus": "[ 0 | 1 | 2 ] ",
	"resultList": 
		[ 
			{ "code": "result code",
		  	  "detail": "result code detail"
			}, 
		...
		]
	}

Field

Description

resultStatus

It's an integer value, where 0 represents that there is no error, 1 is used to alert about some special condition, which must be taken

in

into consideration, (for example, that a cryptographic device is almost full), and 2 indicates an error on the Keystore (for example, if it is locked)

resultList

It's a list of pair key-values (code, detail),

and 2 indicates an error on the keystore (for example, if it is locked)resultListIt's a list of pair key-values (code, detail), where **code** contains a warning or error code, and **detail** may contain information about the code.

ErrorCode responses

Error code responses are returned with the following structure:

Code Block
languagetext
themeDJango
titleErrorCode response structure
{ "code": 20611, "message": "Token is not present or is empty" }

where code contains a warning or error code, and detail may contain information about the code.

ErrorCode responses

Error code responses are returned with the following structure:

ErrorCode response structure
Code Block
languagetext
{
	"code": 20611,
	"message": "Token is not present or is empty"
}


Download

You can download the last published version of Alison-Desktop by accessing ACME Alison Wizard. 

You also can access the current development Alison-Desktop version for each platform.

Image AddedImage AddedImage Added

Alison-Desktop Windows Installer (x64) v3.4.0

Alison-Desktop MacOS Installer v3.4.0

Alison-Desktop Ubuntu Installer v3.4.0 (Debian)

Alison-Desktop CentOS Installer v3.4.0 (RHEL)