Copyright (C) 2008 EnterSafe.
http://www.EnterSafe.com

EnterSafe for linux
==================

This package is EnterSafe with Cryptoki(PKCS#11) for linux. Before the installation, you are recommended to read this document carefully. This document will care about what you should pay attention to when you start(restart) your PC and the frequently asked questions about this product.

Installation Requires
=====================

These are generic installation instructions.

  To install EnterSafe for Linux, you must be root user.

Basic Installations
===================

Take the following steps to complete the installation:

  1. Install the product:
       a) untar/unzip the package to $PACKAGE_ROOT.
       b) 'cd' to the directory $PACKAGE_ROOT.
       c) type `./install' to install the package to your system.
       
  2. Start the ngslotd to enable the ePass's midlle-ware:
       If you have installed another product with EnterSafe middle-ware and ngslotd service has been started successfully, you should restart it with:
	/etc/init.d/ngslotd restart
else you can start it with:
        /etc/init.d/ngslotd start
        the ngslotd service will start up automatically when you reboot your machine.

  3. Start mozilla, open 'instpk.html' which localated at $PACKAGE_ROOT/docs,Click "Install PKCS#11 library" button to register EnterSafe PKCS#11 module, Click "Uninstall PKCS#11 library" to unregister  the pkcs#11 module.
  
      There's another method to install EnterSafe PKCS#11 module manually:
      Run mozilla, open the menu "Edit"--->"Preferences"--->"Privace & Security" ---->"Certificates" ---> "Manage Security Devices", and then add our "/usr/lib/libepsng_p11.so" to mozilla.

      Note: If you want to uninstall EnterSafe PKCS#11 module, you can use automatical or manual method. But if you want to use automatical uninstallation, the PKCS#11 module should be automatically installed or named as "ePassToken PKCS#11 Library" by manual installation. Because when you install PKCS#11 module automatically, it will be named as "ePassToken PKCS#11 Library" by default, and it must be uninstall automatically with the same module name. 

   Now you should attach a initialized token to your PC, and use mozilla to request certificate, establish SSL connection, and so on.
   NOTE: Tokens from other companies must be initialized by Feitian PKI Init tool to use with EnterSafe.

Platform tested
===============

This package has been tested in the follwing platform:
   Red Hat Enterprise Linux AS release 4 (Nahant Update 2) with
   kernel version: 2.6.9-22.EL
   gcc version:    3.4.4 20050721 (Red Hat 3.4.4-2) 
   firefox:        1.0.7-1.4.1

   Other platforms are not tested.

Support smartcard
===============
  FT11

FAQ(frequently asked questions)
===============================

EnterSafe:
================

1. What's the meaning of "EnterSafe" ?
   The EnterSafe is ePass product of (N)ext (G)eneration. it is a framework, ePass1000, ePass2000 and the other tokens from Feitian (or other companies) can all be used within this framework.

2. What's the length of RAS key pair supported by the EnterSafe?
   ePass2000_FT11 token, it supports 512~1024 bits key length.

3. How to initialize the ePass token under linux environment?
   We will provide the release version of "token manager tool" in the future, but now it is beta version. 
   To initialize the token, You can use the tools under windows, this is compatible, or you can write a simple PKCS#11 program to call the function -- C_InitToken && C_SetPin. Our PKCS#11 lib's name is -- "libepsng_p11.so" (Be sure that nsglotd is running).

4. What does the name of package "EnterSafe-ZZZZ-XXXX-YYYY" mean?
   "EnterSafe" means ePass product package for NG framework.
   "XXXX" means the version of this package, for example, 1.2b means version 1.2 Beta(This is only for test purpose) and 1.4.0 means release version of 1.4.0.
   "ZZZZ" perhaps is ePass2000(only for ePass2000), ePass1000(only for ePass1000), pboc(only for PBOC token), ePass(only for ePass1000 and ePass2000), full(can be used with ePass1000, ePass2000, and the other known token from Feitian).
   "YYYY" support platform,perhaps is rh8(only for redhat 8),fc2(only for edora Core release 2),deb3.1(only for Debian 3.1).

5. How to uninstall the EnterSafe?
   If you install the EnterSafe with RPM format, it is very simple to uninstall it, just use "rpm -e EnterSafe-ZZZZ".
   If you install it with tarball format, then you can execute the "/usr/local/ngsrv/0CA6344C-3939-4C65-8491-0413E9205810_FT11/uninstall".
   
ngslotd:
======================

1. Can the ngslotd start automaticly when my PC start?
   As our expectation, the ngslotd will start with your machine starting,or you can input the command : '/etc/init.d/ngslotd start' to start it.
   To check the ngslotd, input the command : 'ps ax | grep ngslotd'.
   To kill(stop) ngslotd, input the command: 'kill (PID)' or 'killall ngslotd', here (PID) is the process ID of ngslotd.
   If ngslotd is not running when you start your PC, start them according to Step 3 of <Basic Installations>.

2. When should I reboot my machine?
   After installation (reinstallation) of this package, or some errors has been occured(such as the mozilla application stops with no response), you are recommended to reboot your machine.

3. How many tokens can be attached at the same time?
   Now permission 2 tokens can be attached at the same time.
