2008/09/07

eGovernment: Using the Belgian eID under Ubuntu

Find an updated procedure at michael-peeters.blogspot.be/2012/06/setting-up-belgian-eid-on-ubuntu-124.html.

In Belgium, online eGovernment services require the usage of an electronic Identity Card (eID) as a security token. This eID, coupled with a PIN, allows easier paperless interaction with the official services. Last spring 2008 the eID infrastructure was still Windows-only, but now Linux is supported. This post details how to enable the Belgian eID card reader on Ubuntu (8.04). The official info-website is http://eid.belgium.be/nl/Hoe_installeer_je_de_eID_/Linux/index.jsp.

I borrowed an ACR38 card reader. From the command line it displays:
$ lsusb
Bus 001 Device 004: ID 072
f:9000 Advanced Card Systems, Ltd ACR38 AC1038-based Smart Card Reader
Simply install the ACR38U driver from the Synaptic Package Manager:

Synaptic recommends the pcscd as a dependent package.


Finally, select the 'beidgui' package and accept all dependencies that are proposed:


Now the standalone application can be run. Select Applications/Accessories/Reading and Administration in the Menu or trigger the command line:

$ b eigui
The final step is making firefox accept the external card reader. For this, install the Belgium eID add on for firefox at https://addons.mozilla.org/firefox/addon/belgium-eid/.

If you get a "ssl renegotiation error", you should temporarily allow the specific e-government site to accept ssl renegotiations by going to the magic "about:config" url and updating the security.ssl.renego_unrestricted_hosts key with ccff02.minfin.fgov.be.
Nice to see Linux-friendly eGov applications!

More info:

update 2011/05/09 for ubuntu 11.4:
- in about:config update the security.ssl.renego_unrestricted_hosts with ccff02.minfin.fgov.be
- use the 'belgium eID' firefox addon that registers the correct library instead doing the manual configuration.
update 2011/06/14: unfortunately, the minfin.fgov.be site added a "firefox 3" test instead of fixing the ssl renegotiation error. Luckily, it's easy to circumvent this by installing the User Agent Switcher plugin and activating a new "FireFox 3" header. The following user-agent header worked for me: "Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/3.5.0"


3 comments:

Thomas said...

Hi Michael,

Works like a charm.

Please correct:

You need the pcscd package and not the pcsd package. I installed through apt-get install and was confused for a second. So it took me 30s to get the whole thing installed. No need for apt-get build-dep, it is done automatically just press (y/n) y.

Thanks for the great job!

Linux thomas-laptop 2.6.27-11-generic #1 SMP Thu Jan 22 17:22:40 UTC 2009 i686 GNU/Linux
Fri Jan 23 04:45:26 GMT 2009
libacr38u:
Installed: 1.7.9-3
Candidate: 1.7.9-3
Version table:
*** 1.7.9-3 0
500 http://archive.ubuntu.com intrepid/universe Packages
100 /var/lib/dpkg/status
pcscd:
Installed: 1.4.102-1ubuntu1
Candidate: 1.4.102-1ubuntu1
Version table:
*** 1.4.102-1ubuntu1 0
500 http://archive.ubuntu.com intrepid/universe Packages
100 /var/lib/dpkg/status
beidgui:
Installed: 2.6.0-4
Candidate: 2.6.0-4
Version table:
*** 2.6.0-4 0
500 http://archive.ubuntu.com intrepid/universe Packages
100 /var/lib/dpkg/status
Bus 002 Device 003: ID 072f:9000 Advanced Card Systems, Ltd ACR38 AC1038-based Smart Card Reader
[...]
thomas@thomas-laptop:~$

Thomas said...

Hi again,

There's a memory leek in it, it also can be noticed in firefox itself. I will take a closer look tonight.

Cheers,

Thomas

https://bugs.launchpad.net/ubuntu/+source/belpic/+bug/320480

Naseer Ahmad said...
This comment has been removed by a blog administrator.