2008/09/07

eGovernment: Using the Belgian eID under Ubuntu

Find an updated procedure at michael-peeters.blogspot.be/2012/06/setting-up-belgian-eid-on-ubuntu-124.html.

In Belgium, online eGovernment services require the usage of an electronic Identity Card (eID) as a security token. This eID, coupled with a PIN, allows easier paperless interaction with the official services. Last spring 2008 the eID infrastructure was still Windows-only, but now Linux is supported. This post details how to enable the Belgian eID card reader on Ubuntu (8.04). The official info-website is http://eid.belgium.be/nl/Hoe_installeer_je_de_eID_/Linux/index.jsp.

I borrowed an ACR38 card reader. From the command line it displays:
$ lsusb
Bus 001 Device 004: ID 072
f:9000 Advanced Card Systems, Ltd ACR38 AC1038-based Smart Card Reader
Simply install the ACR38U driver from the Synaptic Package Manager:

Synaptic recommends the pcscd as a dependent package.


Finally, select the 'beidgui' package and accept all dependencies that are proposed:


Now the standalone application can be run. Select Applications/Accessories/Reading and Administration in the Menu or trigger the command line:

$ b eigui
The final step is making firefox accept the external card reader. For this, install the Belgium eID add on for firefox at https://addons.mozilla.org/firefox/addon/belgium-eid/.

If you get a "ssl renegotiation error", you should temporarily allow the specific e-government site to accept ssl renegotiations by going to the magic "about:config" url and updating the security.ssl.renego_unrestricted_hosts key with ccff02.minfin.fgov.be.
Nice to see Linux-friendly eGov applications!

More info:

update 2011/05/09 for ubuntu 11.4:
- in about:config update the security.ssl.renego_unrestricted_hosts with ccff02.minfin.fgov.be
- use the 'belgium eID' firefox addon that registers the correct library instead doing the manual configuration.
update 2011/06/14: unfortunately, the minfin.fgov.be site added a "firefox 3" test instead of fixing the ssl renegotiation error. Luckily, it's easy to circumvent this by installing the User Agent Switcher plugin and activating a new "FireFox 3" header. The following user-agent header worked for me: "Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/3.5.0"


3 comments:

  1. Hi Michael,

    Works like a charm.

    Please correct:

    You need the pcscd package and not the pcsd package. I installed through apt-get install and was confused for a second. So it took me 30s to get the whole thing installed. No need for apt-get build-dep, it is done automatically just press (y/n) y.

    Thanks for the great job!

    Linux thomas-laptop 2.6.27-11-generic #1 SMP Thu Jan 22 17:22:40 UTC 2009 i686 GNU/Linux
    Fri Jan 23 04:45:26 GMT 2009
    libacr38u:
    Installed: 1.7.9-3
    Candidate: 1.7.9-3
    Version table:
    *** 1.7.9-3 0
    500 http://archive.ubuntu.com intrepid/universe Packages
    100 /var/lib/dpkg/status
    pcscd:
    Installed: 1.4.102-1ubuntu1
    Candidate: 1.4.102-1ubuntu1
    Version table:
    *** 1.4.102-1ubuntu1 0
    500 http://archive.ubuntu.com intrepid/universe Packages
    100 /var/lib/dpkg/status
    beidgui:
    Installed: 2.6.0-4
    Candidate: 2.6.0-4
    Version table:
    *** 2.6.0-4 0
    500 http://archive.ubuntu.com intrepid/universe Packages
    100 /var/lib/dpkg/status
    Bus 002 Device 003: ID 072f:9000 Advanced Card Systems, Ltd ACR38 AC1038-based Smart Card Reader
    [...]
    thomas@thomas-laptop:~$

    ReplyDelete
  2. Hi again,

    There's a memory leek in it, it also can be noticed in firefox itself. I will take a closer look tonight.

    Cheers,

    Thomas

    https://bugs.launchpad.net/ubuntu/+source/belpic/+bug/320480

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete