SafeSign and Apple OSX Snow Leopard

Last week I got an e-mail from one of the product managers @ AET Europe regarding the availability of SafeSign / Tokenlounge for OSX Snow Leopard.

The content of the e-mail wasn't very encouraging.... It seems that the Snow Leopard of SafeSign / Tokenlounge release is delayed by a bug in the Apple Keychain;

---------
We use systemkeychain -T to create a login keychain (for a new FV user) associated with our token. When trying to unlock this newly created keychain during login with the smartcard, we get prompted with the "unable to unlock login keychain" panel - as you have observed -.
This is basically our main concern, as this was perfectly running under 10.5. Any idea why the system wants to update the login keychain password, prompting the user with that panel???

What we have discovered beside, is that when you click Create New Keychain on that panel, the keychain gets encrypted with the PIN of the smartcard instead of the RSA key, which is a major security issue (Same behavior if you click Update Keychain Password)...
You can easily verify this last issue by removing your smartcard, launching Keychain Access and entering your PIN code to unlock the keychain...

Once again, we didn't have this kind of problems with Leopard.

As long as this issue isn't resolved, there will be no version for Snow Leopard. The (security) risk is just too big.
-------------

So, we need to be patient, and wait till Apple solves this. In the mean time, when you need the SafeSign software for your every day work, you shouldn't upgrade to Snow Leopard.

Check the follow-up on the original SafeSign post for the availability on the Leopard version of SafeSign / Tokenlounge.

Posted on April 22, 2010 and filed under Annoying, Apple, Security, Software.