2008/09/07

eGovernment: Using the Belgian eID under Ubuntu

Find an updated procedure at michael-peeters.blogspot.be/2012/06/setting-up-belgian-eid-on-ubuntu-124.html.

In Belgium, online eGovernment services require the usage of an electronic Identity Card (eID) as a security token. This eID, coupled with a PIN, allows easier paperless interaction with the official services. Last spring 2008 the eID infrastructure was still Windows-only, but now Linux is supported. This post details how to enable the Belgian eID card reader on Ubuntu (8.04). The official info-website is http://eid.belgium.be/nl/Hoe_installeer_je_de_eID_/Linux/index.jsp.

I borrowed an ACR38 card reader. From the command line it displays:
$ lsusb
Bus 001 Device 004: ID 072
f:9000 Advanced Card Systems, Ltd ACR38 AC1038-based Smart Card Reader
Simply install the ACR38U driver from the Synaptic Package Manager:

Synaptic recommends the pcscd as a dependent package.


Finally, select the 'beidgui' package and accept all dependencies that are proposed:


Now the standalone application can be run. Select Applications/Accessories/Reading and Administration in the Menu or trigger the command line:

$ b eigui
The final step is making firefox accept the external card reader. For this, install the Belgium eID add on for firefox at https://addons.mozilla.org/firefox/addon/belgium-eid/.

If you get a "ssl renegotiation error", you should temporarily allow the specific e-government site to accept ssl renegotiations by going to the magic "about:config" url and updating the security.ssl.renego_unrestricted_hosts key with ccff02.minfin.fgov.be.
Nice to see Linux-friendly eGov applications!

More info:

update 2011/05/09 for ubuntu 11.4:
- in about:config update the security.ssl.renego_unrestricted_hosts with ccff02.minfin.fgov.be
- use the 'belgium eID' firefox addon that registers the correct library instead doing the manual configuration.
update 2011/06/14: unfortunately, the minfin.fgov.be site added a "firefox 3" test instead of fixing the ssl renegotiation error. Luckily, it's easy to circumvent this by installing the User Agent Switcher plugin and activating a new "FireFox 3" header. The following user-agent header worked for me: "Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/3.5.0"


Post a Comment