Difference between revisions of "Belgian eID"

Revision as of 12:34, 5 February 2008

Belgian eID is part of the efforts of the government for Belgian eGov

Officials

Usage & Software

Articles

Misc

http://www.foo.be/eID/

My attempts under Linux

I'm using the IDream ID-SMID01 SmartCard reader, bought for 10€

Installing beidgui and dependencies:

apt-get install beidgui
=> libopenct1 libpcsclite1 libbeidlibopensc2 libbeid2 beid-tools beidgui libccid pcscd

less /usr/share/doc/libbeidlibopensc2/README.Debian

Firefox security module

To add the security module to Firefox:

apt-get install libbeid2-dev libbeidlibopensc2-dev

Visit file:///usr/share/beid/beid-pkcs11-register.html

Exploring

pkcs15-tool --dump
pkcs15-tool --read-certificate 02 > my_auth.crt
pkcs15-tool --read-certificate 03 > my_sign.crt
pkcs15-tool --read-certificate 04 > belgium.crt
pkcs15-tool --read-certificate 06 >> belgium.crt
openssl x509 -in my_auth.crt -text
pkcs15-tool --read-ssh-key 2

SSH

Inspired from http://simi.be/?page_id=9

Getting the patch from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355274 and porting it to v4.7p1
I recompile ssh with smartcard support.

apt-get source openssh-client
cd openssh-4.7p1
patch -p1 < ../mypatch
dpkg-buildpackage -uc -us -rfakeroot

Sending my public key to the ssh server:

pkcs15-tool --read-ssh-key 2 |tail -n1|ssh user@host 'cat - >> ~/.ssh/authorized_keys'

Then logging, being prompted for my PIN:

ssh -I 0 user@host.com

TODO

http://blog.eikke.com/index.php/ikke/2007/10/29/using_your_belgian_eid_for_ssl_authentic http://christophe.vandeplas.com/2008/02/03/openvpn-belgian-eid

@@ Line 1: / Line 1: @@
-==eID==
 Belgian eID is part of the efforts of the government for [[Belgian eGov]]
-====Officials====
+==Officials==
 * [http://eid.belgium.be Official eID portal]
@@ Line 8: / Line 7: @@
 * [http://crl.eid.belgium.be/ Revocation lists] and [http://ocsp.eid.belgium.be/ OCSP server]
-====Usage & Software====
+==Usage & Software==
 * [http://www.belgium.be/zip/eid_datacapture_fr.html Middleware & developer's kit]
@@ Line 17: / Line 16: @@
 * [http://weblogs.asp.net/cumpsd/archive/2005/04/03/396901.aspx how to use the eID card within your .NET apps]
-====Articles====
+==Articles==
 * [http://www.idcorner.org/?p=121 Belgian eID and privacy]
 * [https://www.cosic.esat.kuleuven.be/adapid/ ADAPID project]
-====Misc====
+==Misc==
 * http://www.foo.be/eID/
+==My attempts under Linux==
+I'm using the [[IDream ID-SMID01 SmartCard reader]], bought for 10€
+Installing beidgui and dependencies:
+ apt-get install beidgui
+ => libopenct1 libpcsclite1 libbeidlibopensc2 libbeid2 beid-tools beidgui libccid pcscd
+less /usr/share/doc/libbeidlibopensc2/README.Debian
+===Firefox security module===
+To add the security module to Firefox:
+ apt-get install libbeid2-dev libbeidlibopensc2-dev
+Visit file:///usr/share/beid/beid-pkcs11-register.html
+===Exploring===
+ pkcs15-tool --dump
+ pkcs15-tool --read-certificate 02 > my_auth.crt
+ pkcs15-tool --read-certificate 03 > my_sign.crt
+ pkcs15-tool --read-certificate 04 > belgium.crt
+ pkcs15-tool --read-certificate 06 >> belgium.crt
+ openssl x509 -in my_auth.crt -text
+ pkcs15-tool --read-ssh-key 2
+===SSH===
+Inspired from http://simi.be/?page_id=9
+Getting the patch from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355274 and porting it to v4.7p1
+<br>I recompile ssh with smartcard support.
+ apt-get source openssh-client
+ cd openssh-4.7p1
+ patch -p1 < ../mypatch
+ dpkg-buildpackage -uc -us -rfakeroot
+Sending my public key to the ssh server:
+ pkcs15-tool --read-ssh-key 2 |tail -n1|ssh user@host 'cat - >> ~/.ssh/authorized_keys'
+Then logging, being prompted for my PIN:
+ ssh -I 0 user@host.com
+===TODO===
+http://blog.eikke.com/index.php/ikke/2007/10/29/using_your_belgian_eid_for_ssl_authentic
+http://christophe.vandeplas.com/2008/02/03/openvpn-belgian-eid