A couple of day ago I have ordered a security token, namely the USB SecuriKey product for Mac (http://www.securikey.com/).

As my original plan to use my old Aladdin eToken Pro for FileVault turned out to be impossible (see http://www.emre.de/wiki/index.php/Etoken) the SecuriKey seemed like a good alternative.

My first impressions so far:

• The product does what it is supposed to do, namely enabling token login and FileVault encryption with token support
• Installation and usage is pretty easy

Some things are different from what I had expected:

• The token is not a Smartcard in the common sense. You can not save certificates on it or see it´s content via Keychain app
• As far as I understand, the USB device simply provides some mathematical component, that generates a key from the combination of username, password, token serial number and some token-specific, secret calculation (security by obscurity?)

My main usage scenarios are being covered (local auth and FileVault) but some scenarios that would have been nice are *not* covered by the product:

• Saving certs/keys on the token for usage with Mozilla, SSL client auth, SSH client auth and IPSec VPN auth
• Generating the encryption keys offline with OpenSSL, saving them in some safe place and also importing them to the token

I am not completely satisfied but hey: so far the SecuriKey stuff is the most reliable I have seen.

Cheers,

Emre