Difference between revisions of "Belgian eID"
| Line 39: | Line 39: | ||
<br>cf http://eid.belgium.be/fr_BE/fed_ict/imported_content_eid/pdf/eID-FR-Firefox.pdf |
<br>cf http://eid.belgium.be/fr_BE/fed_ict/imported_content_eid/pdf/eID-FR-Firefox.pdf |
||
<br>You can see your certificate in Preferences -> Advanced -> Encryption -> View Certificates and you can trust the Belgium Root CA under the "Authorities" tab for e.g. "identifying mail users" |
<br>You can see your certificate in Preferences -> Advanced -> Encryption -> View Certificates and you can trust the Belgium Root CA under the "Authorities" tab for e.g. "identifying mail users" |
||
| + | |||
| + | If I try to connect to federal sites like Tax-on-web, being identified by my card, I get an error -12222 even before I'm prompted to type my PIN, is it because my certificates are revoked? |
||
===Exploring=== |
===Exploring=== |
||
Revision as of 00:36, 6 February 2008
Belgian eID is part of the efforts of the government for Belgian eGov
Officials
Usage & Software
- Middleware & developer's kit
- eID configuration toolkit by Novell
- Danny De Cock's page on eID (same as http://www.godot.be)
- short intro
- how to use the eID card within your .NET apps
Articles
Misc
My attempts under Linux
I'm using the IDream ID-SMID01 SmartCard reader, bought for 10€
Installing beidgui and dependencies:
apt-get install beidgui => libopenct1 libpcsclite1 libbeidlibopensc2 libbeid2 beid-tools beidgui libccid pcscd less /usr/share/doc/libbeidlibopensc2/README.Debian
The GUI application works well, including OCSP communication, showing me that my eID certificates are revoked, excellent!
Firefox security module
To add the security module to Firefox:
apt-get install libbeid2-dev libbeidlibopensc2-dev
Visit file:///usr/share/beid/beid-pkcs11-register.html to install the service
Now what?...
cf http://eid.belgium.be/fr_BE/fed_ict/imported_content_eid/pdf/eID-FR-Firefox.pdf
You can see your certificate in Preferences -> Advanced -> Encryption -> View Certificates and you can trust the Belgium Root CA under the "Authorities" tab for e.g. "identifying mail users"
If I try to connect to federal sites like Tax-on-web, being identified by my card, I get an error -12222 even before I'm prompted to type my PIN, is it because my certificates are revoked?
Exploring
pkcs15-tool --dump pkcs15-tool --read-certificate 02 > my_auth.crt pkcs15-tool --read-certificate 03 > my_sign.crt pkcs15-tool --read-certificate 04 > belgium.crt pkcs15-tool --read-certificate 06 >> belgium.crt openssl x509 -in my_auth.crt -text pkcs15-tool --read-ssh-key 2
SSH
Inspired from http://simi.be/?page_id=9
Getting the patch from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355274 and porting it to v4.7p1
Some rejs easy to solve from v4.2 to v4.7 and one less obvious change in debian/control: fix the debconf dependancies (was ${debconf:Depends} I think):
Package: openssh-client-sc
Architecture: any
Depends: ${shlibs:Depends}, debconf (>= 1.2.0) | debconf-2.0,...
I recompile ssh with smartcard support.
apt-get source openssh-client cd openssh-4.7p1 patch -p1 < ../mypatch dpkg-buildpackage -uc -us -rfakeroot
Sending my public key to the ssh server:
pkcs15-tool --read-ssh-key 2 |tail -n1|ssh user@host 'cat - >> ~/.ssh/authorized_keys'
Then logging, being prompted for my PIN:
ssh -I 0 user@host.com
TODO
http://blog.eikke.com/index.php/ikke/2007/10/29/using_your_belgian_eid_for_ssl_authentic
http://christophe.vandeplas.com/2008/02/03/openvpn-belgian-eid
But Debian openvpn 2.1_cr4 doesn't support yet --show-pkcs11-ids