Versions Compared

Version Old Version 14 New Version Current
Changes made by

Armando Carratala

Armando Carratala

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Image Removed

Table of Contents
maxLevel1
indentcircle

Description

Alison-Desktop allows generation of keys and installation of certificates from an external application. It is designed to be accessed from a browser mainly.

Its services can be accessed through its Alison-SDK library, compatible with any browser (IExplorer 11, Edge, Firefox, Chrome, Safari, Opera, Brave).

It can be accessed using Alison-SDK. From Alison-Desktop 3.x a new REST interface is available for generation, installation and testing.

Platforms

Alison-Desktop was tested on the following platforms:

Image Removed

Image Removed

Image Removed

Windows 10MacOS 10.15 (Catalina)Ubuntu 18.04.3 LTSWindows 8MacOS 10.14 (Mojave)Windows 7MacOS 10.13 (High Sierra)

Related Product

Alison SDK js

Alison SDK allows developer to integrate Alison Desktop in its pages in a easier way. Go to the Alison SDK documentation.

Alison Wizard

You can obtain current version of Alison Desktop from ACME Alison Wizard site.

For developers, go to the Alison Desktop documentation.

Features

Available KeyStore List

New KeyStores are included on any new version of Alison-Desktop.

ValueDescription

Image Removed

Image Removed

Image Removed
WIN-ENHNative and regular Windows CSP used to generate and store certificate for users.CSKPropietary repository, linked to computer hardware to provide a more secure repositoryETOKENGemalto eTokenMTOKENCentury Longmai mTokenMACOSKeychain respository of certificated used by OSXFF-NSSRepository used by Mozilla FirefoxYUBIKEYYubicoEPASSFeitian ePassATHE-PIVAthena PIVPFXRepository of certificate using a PKCS12 file
Image Added
Table of Contents
maxLevel2
indentcircle

Description

Alison-Desktop allows the generation of keys and installation of certificates from an external application. It is designed to be accessed from a browser mainly.

Its services can be accessed through its Alison-SDK library, compatible with any browser (IExplorer 11, Edge, Firefox, Chrome, Safari, Opera, Brave).

It can be accessed using Alison-SDK. From Alison-Desktop 3.x a new REST interface is available for generation, installation, and testing.

Platforms

Alison-Desktop was tested on the following platforms:

WINDOWS

MAC-OS

LINUX

Windows 11

MacOS 14 (Sonoma)

Ubuntu 20.04.1 LTS

Windows 10

MacOS 13 (Ventura)

Ubuntu 18.04.3 LTS

Windows 8

MacOS 12 (Monterey)

CentOS Linux release 8.5

MacOS 11 (Big Sur)

MacOS 10.15 (Catalina)

Related Product

AlisonJS SDK

Alison JS allows a developer to integrate Alison Desktop into its pages in an easier way. Go to the AlisonJS SDK documentation.

Alison Wizard

You can obtain the current version of Alison Desktop from ACME Alison Wizard site.

For developers, go to the Alison Desktop documentation.

Features

Related Product

AlisonJS SDK

Alison JS allows a developer to integrate Alison Desktop into its pages in an easier way. Go to the AlisonJS SDK documentation.

Alison Wizard

You can obtain the current version of Alison Desktop from ACME Alison Wizard site.

For developers, go to the Alison Desktop documentation.

Available KeyStore List

The following KeyStores are included on any version of Alison-Desktop (+3.x).

Value

Description

Image AddedImage AddedImage Added

WIN-ENH

Native and regular Windows CSP used to generate and store certificates for users.



CSK

Proprietary repository, linked to computer hardware to provide a more secure repository

ETOKEN

Safenet/Gemalto eToken


MTOKEN

Century Longmai mToken


MACOS

Keychain repository of certificates used by OSX



FF-NSS

The repository used by Mozilla Firefox

YUBIKEY

Yubico PIV

Required drivers should be downloaded from yubico-piv-tool/Releases/


EPASS

Feitian ePass.

Required drivers could be downloaded from: ePass2003_Full_SDK_20210127.rar


ATHEIDP

Athena IDProtect Key


SAFESIGN

SafeSign IC faq-safesign-identity-client


RIJKSPAS

IDEMIA RIJKSPAS SmartCard


GEMP15-1

Gemalto Classic Smart Card

PFX

Repository of the certificate using a PKCS12 file

MEM

Volatile memory keystore

It's also possible to add a new PKCS#11 Keystore just by editing the file keystore.user located in the config directory for each user. This file will include new Keystore entries in each new version of Alison-Desktop.

This is a typical entry to define a new Keystore:

KeyStore Entry
Code Block
languagejs
{
    "id": "ETOKEN",
	"status": "enabled",
	"icon": "TOKEN",
	"friendly_name": "Gemalto eToken",
	"capabilities": "SGI",
	"extra_params": "allow_empty_pass",
	"filter_mask": -1,
	"windows": {
		"driver_path_x86": "%WINDRIVER%\\eTPKCS11.dll",
		"driver_path_x64": "%WINDRIVER%\\eTPKCS11.dll"
	},
	"osx": {
		"driver_path": "/usr/local/lib/libeTPkcs11.dylib"
	},
	"linux": {
		"driver_path": "/usr/lib64/libeTPkcs11.so"
	}
}


Integration

Alison Desktop is a certificate provider that can be accessed throw

a

an SDK library or its REST interface (available from Alison-Desktop v3.x).

Alison

SDK js

JS

Go to

AlisonSDK

AlisonJS library documentation.

REST interface

Read and Test this interface from Postman.


Structures

The following definitions and structures are useful for a better understanding of the interface, library and how to use it.

Some structures share attributes like:

Field

Description

serialNumber

Certificate Serial Number, in string format, with a hexadecimal number [0..9,a..f] (only lowercase letters).

thumbPrint

Certificate thumbPrint, SHA1 algorithm, and hexadecimal values [0..9,a..f].

keyStoreId

KeyStore where the certificate is installed.

profileName

Indicates on which profile the certificate is installed. Some

type

types of keyStore have a unique profile (like WIN-ENH or MACOS), so

on

in those cases, this value may be optional.

providerId

When you have initialized the library to work

on another

with other providers different than Alison-Destkop.


A complete list of KeyStoreId is available on each distribution of Alison-Desktop or Alison-Server.

User

Users can add

your

their own KeyStoreId following the instruction of Alison-Desktop.


KeyStore

KeyStore is the basic unit of identification of certificate repositories.
Each type of keyStore has a definition that includes a unique identifier, and other attributes used by the library for better representation.

KeyStoreInfo JSON structure
Code Block
languagetext
titleKeyStoreInfo JSON structure
{
	"id": "keyStore Identifier",
	"friendlyName" : "keyStore friendly name",
	"keyStoreType": "type of keystore",
	"providerId"
, "providerId": "Certificate provider (usually Alison-Desktop)
: "Certificate provider (usually Alison-Desktop)",
	"capabilities": "string representing capabilities of this keystore to Generate, Import, Export or Sign",
	"profiles" : [ Profile list included inside this keyStore ],
	"status": "keystore status, with the ResultStatus structure described later",
}

Some of these fields are available from Alison-Desktop version 3.1.0+.

.


Profile

Each KeyStore has one or more Profiles. This depends on the

keyStore

Keystore type. Some keyStores only have one profile.

Each profile is identified by its profileName, which may depend on the type of

keyStore

KeyStore.

Some of the profileName can remain constant over time, as is the case with PFX, CSK, or MACOS, but others can dynamically change between one execution and

other

another.

Each profile contains certificates installed within it. By looking at the attributes of a profile, you can find how many certificates you have installed (-1 represents that the attribute has not been evaluated), and how many of them are dummy certificate installations (temporarily created to keep the private key, but not functional).


ProfileInfo

The information contained in a KeyStore is represented by a JSON structure called KeyStoreInfo. The structure has the following information:

Profile JSON information
Code Block
language
texttitleProfile JSON information
text
{
	"id": "{{profileId}}",
	"name": "{{profileName}}",
	"friendlyName": "{{friendlyName}}",
	"status": {
		{{status}}
	},
	"issuedCerts": -1,
	"dummyCerts": -1,
	"details": {
		{{profileDetails}}
	}
}

Field

Description

id

profileId is utilized to identify

an

a specific profile. It's composed by KeyStoreId#>profileName

name

Name of the profile. It depends on the

keyStore

Keystore type.

friendlyName

Friendly name of the profile. Usually the name of the device, for example.

status

Status of the profile in ResultStatus format.

issuedCerts

Number

The number of certificates installed in the profile. -1 when this value was not evaluated.

dummyCerts

Number

The number of dummy certificates installed in the profile. -1 when this value was not evaluated

.detailsDetails of the profile

.

details

Details of the profile.


KeyStore Selector

It's used to indicate a unique KeyStore and a profile into it.

Some methods, like the migration of certificates between Keystores, use a KeyStoreSelector to indicate the target Keystore where to move the certificate.

KeyStore Selector

It's used to indicate a unique KeyStore and a profile into it.

Some methods, like migration of certificate between keystores, use a KeyStoreSelector to indicate the target keystore where to move the certificate.

Structure
Code Block
languagetext
{
	"keyStoreId": "keyStoreId where the certificate is stored",
	"profileName": "profileName where the certificate is stored",
	"providerId": "when the certificate is managed by another 
	certificate provider than Alison-Destkop"
}


Certificate Selector

This structure is used to reference a unique certificate managed by Alison-Desktop or Alison-Server.

Certificate Selector Structure
Code Block
languagetext
title
KeyStore Selector Structure
{
	"keyStoreId": "keyStoreId where the certificate is stored",
	"profileName": "profileName where the certificate is stored",
	"
providerId
thumbPrint": "
when the 
certificate
is managed by another 
thumbprint",
	"providerId": "certificate provider
than
(usually Alison-
Destkop
Desktop)"
}

Certificate Selector

This structure is used to reference a unique certificate managed by Alison-Desktop or Alison-Server.

 Anchor
WebCertificate
WebCertificate
WebCertificate
 
A WebCertificate is the representation of a certificate that is stored in a Keystore.
It contains all the certificate information such as subject, issuer, and thumbprint.
A full description of this structure is located in Debbie's documentation.
WebCertificate Structure
 Code Block
languagetext
titleCertificate Selector Structure
{
	"
keyStoreId
serialNumber": "
keyStoreId where
The serial number of the certificate
 is stored
",
	"
profileName
serialNumberH": "
profileName
The 
where
serial 
the
number 
certificate is
in 
stored
hexadecimal",
	"thumbPrint": "
certificate thumbprint
A unique identifier of the certificate",
	"
providerId
notBeforeS": "
certificate provider (usually Alison-Desktop)"
} AnchorWebCertificateWebCertificateWebCertificate
A WebCertificate is the representation of a certificate that is stored in a keystore. It contains all the information of the certificate such as subject, issuer and thumbprint.
 Code Block
languagetext
titleWebCertificate Structure
{
	"serialNumber": "The serial number of the certificate",
	"serialNumberH": "The serial number in hexadecimal",
	"thumbPrint": "A unique identifier
Not-before value of the certificate, in a string format 
				   YYYY-MM-DD HH:MM:SS GMT-0",
	"notAfterS": "Not-after value of the certificate, in a string format 
                  YYYY-MM-DD HH:MM:SS GMT-0",
	"daysToExpire": "Days before expiration",
	"notBeforeTS": "Not-Before timestamp value of the certificate",
	"
notBeforeS
notAfterTS": "Not-
before
After timestamp value of the certificate
, in a string format 
				   YYYY-MM-DD HH:MM:SS GMT-0
",
	"
notAfterS
isDefault": "
Not-after value of
True is the certificate
,
 
in
is 
a
the 
string
last 
format
used 
				  (when the certificate is included in a list of certificates)",
	"status": "Certificate status (valid | 
 YYYY-MM-DD HH:MM:SS GMT-0"
revoked ) (-1 is UNDEF)" *,
	"
daysToExpire
trustLevel": "
Days
TrustLevel 
before
used 
expiration",
	"notBeforeTS": "Not-Before timestamp value of the certificate",
	"notAfterTS": "Not-After timestamp value of the certificate",
	"isDefault": "True is the certificate is the last used 
				  (when the certificate is included in a list of certificates)",
	"status": "Certificate status (valid | revoked ) (-1 is UNDEF)" *,
	"trustLevel": "TrustLevel used during its validation. 
				   It depends on the Debbie validation policy used" *,
	"validationMode": "Indicates the validation mode used by Debbie" *,
	"profile": Basic information about the profile that contains this certificate,
	"subject": {
		"DN": "Distringuished Name of the Subject",
		"parsedDN": "JSON Object that represents de DN"
	},
	"issuer": {
		"DN": "Distringuished Name of the Issuer",
		"parsedDN": "JSON Object that represents the DN"
	},
	"extensions": Some principal extensions defined into the certificate,
	"pkcs7": "Certificate in PEM format",
	"keyStoreId": "KeyStore Identifier",
	"keyStoreType": "KeyStore Type"
}
* This fields are completed by Debbie.
Result Status
This structure is used to represent the status of several elements (keystore, profile, etc).
 Code Block
languagetext
titleResult Status Structure
"status": {
	"resultStatus": "[ 0 | 1 | 2 ] ",
	"resultList": 
		[ 
			{ "code": "result code",
		  	  "detail": "result code detail"
			}, 
		...
		]
	}
FieldDescriptionresultStatusIt's an integer value, where 0 represents that there is no error, 1 is used to alert about some special condition, which must be taken in consideration, (for example, that a cryptographic device is almost full), and 2 indicates an error on the keystore (for example, if it is locked)resultListIt's a list of pair key-values (code, detail), where **code** contains a warning or error code, and **detail** may contain information about the code.
ErrorCode responses
Error code responses are returned with the following structure:
 Code Block
languagetext
titleErrorCode response structure
{
	"code": 20611,
	"message": "Token is not present or is empty"
}
during its validation. 
				   It depends on the Debbie validation policy used" *,
	"validationMode": "Indicates the validation mode used by Debbie" *,
	"profile": Basic information about the profile that contains this certificate,
	"subject": {
		"DN": "Distringuished Name of the Subject",
		"parsedDN": "JSON Object that represents de DN"
	},
	"issuer": {
		"DN": "Distringuished Name of the Issuer",
		"parsedDN": "JSON Object that represents the DN"
	},
	"extensions": Some principal extensions defined into the certificate,
	"pkcs7": "Certificate in PEM format",
	"keyStoreId": "KeyStore Identifier",
	"keyStoreType": "KeyStore Type"
}

Result Status
 
This structure is used to represent the status of several elements (Keystore, profile, etc).
Result Status Structure
 Code Block
languagetext
"status": {
	"resultStatus": "[ 0 | 1 | 2 ] ",
	"resultList": 
		[ 
			{ "code": "result code",
		  	  "detail": "result code detail"
			}, 
		...
		]
	}
Field
Description
resultStatus
It's an integer value, where 0 represents that there is no error, 1 is used to alert about some special condition, which must be taken into consideration, (for example, that a cryptographic device is almost full), and 2 indicates an error on the Keystore (for example, if it is locked)
resultList
It's a list of pair key-values (code, detail), where code contains a warning or error code, and detail may contain information about the code.
ErrorCode responses
Error code responses are returned with the following structure:
ErrorCode response structure
 Code Block
languagetext
{
	"code": 20611,
	"message": "Token is not present or is empty"
}

 
Download
 
You can download the last published version of Alison-Desktop by accessing ACME Alison Wizard. 
You also can access the current development Alison-Desktop version for each platform.
Image AddedImage AddedImage Added
Alison-Desktop Windows Installer (x64) v3.4.0
Alison-Desktop MacOS Installer v3.4.0
Alison-Desktop Ubuntu Installer v3.4.0 (Debian)
Alison-Desktop CentOS Installer v3.4.0 (RHEL)