Smartcard bankId eId

Revision as of 11:34, 7 May 2015 by WikiFreak (talk | contribs)


BankId and eId are Swedish identification systems. They are very powerful! :-)

  • eId (= official ID card identity) is managed by Telia and work under Linux
  • BankId is NOT Linux friendly at all... :( This is not supported officially and it's hard to get it up and running...


To use eId you can use the official Telia reader or any other you like, as long as you have the correct drivers.

This article explains how to use:

  1. Handelsbanken card reader
  2. Skatteverket national e-ID
  3. Handelsbanken bankId


eId


Linux drivers

Generic USB

First of all, some BankId card readers are not detected automatically...

To resolve that issue you should install libUSB:

apt-get install libusb-dev libusb++-dev


Generic smart-card readers

For BankId and e-Id to work you need both PCSC and OpenSC drivers.

# PCSC driver
apt-get install pcscd
apt-get install libpcsclite1 libpcsclite-dev 
apt-get install libpcsc-perl pcsc-tools

# OpenSC driver
apt-get install pcscd opensc


Since we're talking security, you need to install the following security packages:

apt-get install libp11-dev pkcs11-data
apt-get install libnss3-tools


Enable smart-card reader pinpad:

vim /etc/opensc/opensc.conf

# Force the setting to true, no matter what
enable_pinpad = true;


Old 32bits libraries

BankId requires some old 32 bits libraries...

apt-get install iceweasel nspluginwrapper lib32z1


Handelsbanken smart-card reader drivers

Get drivers

You need to download the Handelsbanken card reader drivers:


Installation

Install the drivers:

# 64 bits
dpkg -i SHB_Deb_1.0.2_64bit.deb
apt-get install -f



First part of the installation is now complete! You must reboot your computer



Installation smart-card reader check

To ensure you can use your smart-card reader, the following test should work:

pcsc_scan -n

You need to plug / unplug the reader and the cards. You should see movement in the console!



e-Id

Telia is the official provider of the e-ID support.

They have a wonderful website: https://cve.trust.telia.com/TeliaElegNG/


Installation

Automatic installation

Add Telia repository:

# Edit repositories list
sudo vim /etc/apt/sources.list

# Add the new repository
deb http://ppa.launchpad.net/ubuntu-se/netid/ubuntu trusty main

# Add repository key
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F0511E06

# update list of packages
sudo apt-get update


Install the client

sudo apt-get install netid


Manual installation

tar xzvf iidsetup_64.tar.gz
cd iidsetup/
sudo ./install

During the installation, reply yes to the following question:

Should the installation try to install the PKCS#11 module using NSS security toolkit? [Y/n]


Apply changes

Second part of the installation is now complete! You must log-off / log-in or reboot your computer


Test the reader

Local test

  • Open Firefox and go to: file:///etc/iid/admin/index.html
  • You should see your e-Id when you plug your card! :)


OnLine test


Skattverket

  • Try to login on skattverket using e-legitimation from Telia.
  • Allow the plugin to run.
  • It will ask for a password. Enter the ID password skattverket sent you !



BankId (community client)

The official Linux BankId support is terrible! ... That the least we can say!...

Fortunately there is a community client available on http://www.fribid.se/


Add the new BankId repository:

# Edit repositories list
sudo vim /etc/apt/sources.list

# Add the new repository
deb http://ppa.launchpad.net/samuellb/fribid/ubuntu trusty main

# Add repository key
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C4A5A0B6

# update list of packages
sudo apt-get update


Install the client

sudo apt-get install fribid



BankId (manual install)

!! Officially BankId is not supported on Linux anymore since 2015-01-01 !!

Following instructions are using a legacy client!


Get BankId package

Get the official Linux installation package: https://install.bankid.com/Download/All


Alternative: Download a copy from 2015-05-07: http://daxiongmao.eu/wiki_upload_files/drivers/BISP-4.19.1.11663.tar.gz


Installation

Requirements


Since BankId client hasn't been updated for a long time, you need to install old GTK packages.

apt-get install overlay-scrollbar-gtk2 unity-gtk2-module
apt-get install gtk2-engines-murrine:i386 libidn11:i386


BankId setup

mkdir BankId
mv BISP-4.19.1.11663.tar.gz BankId/
cd BankId
tar xzvf BISP-4.19.1.11663.tar.gz
cd BISP-4.19.1.11663

sudo ./install.4.XXXXX.sh i


Create symlinks

To use BankId in your browser(s) you need to create a symlink for each of them:


ln -s /usr/local/lib/personal/libplugins.so /usr/lib/firefox-addons/plugins/libplugins.so


Check your BankId card

To ensure you can read and use your BankId card, insert your BankId card and run the following command immediately:

pkcs15-tool -L

You should be able to read certificates.


BankId usage

  • BankId shortcut is available in: /usr/share/applications/personal.desktop
  • BankId application is available at: /usr/local/bin/personal


Sources

e-Id

BankId Linux community:



Useful articles: