Enthusiasm never stops


Infonotary E-Signature with Cardman 6121 on Kubuntu Karmic and Lucid

There are three systems involved in using an Infonotary e-signature with a reader in Firefox 3.5/3.6 on Linux 32-bit:

Installation instructions for Kubuntu Karmic and Lucid follow:

  1. Execute the following in a terminal console:
    sudo apt-get install pcscd pcsc-omnikey
    sudo tar -C / -zxf HiPath_SIcurity_Card_API_V3_1_010_Linux.tar.gz
    sudo ln -s /lib/libpcsclite.so.1 /lib/libpcsclite.so.0
  2. Review the “Security device settings in Firefox 3.5/3.6” paragraph below and set up “/usr/local/lib/libsiecap11.so” in Firefox
  3. Install the Infonotary root certificate chain by following the instructions on the Infonotary wiki page. Review the “Инсталиране на удостоверителната верига на Инфонотари” section there. Make sure that you edit the CA certificate trust settings exactly as described.

Update: Since I upgraded to Lucid, when I plug in my Cardman reader, I need to restart “pcscd” and Firefox before I can use it. The command for restarting “pcscd” is “sudo /etc/init.d/pcscd restart”.

Some more detailed explanation about the above commands and programs follows. If you are in a hurry, you can safely skip them. I’m using a 32-bit installation of Kubuntu.

Drivers for the reader: Prior to Karmic 9.10 I used the “opensc” package, not the Siemens HiPath Sicurity API library. The “opensc” package no longer works for me. Make sure that the following packages are not installed on your system, the Siemens API library provides their functionality:

sudo apt-get --purge remove opensc libopensc2 libopenct1 openct libccid

Note that the Siemens API library has some dependency problems on newer systems. It is linked against “/lib/libpcsclite.so.0”, but the package “libpcsclite1” now ships “/lib/libpcsclite.so.1”. They seem fully compatible though (or are the same library?). Therefore, a symlink “/lib/libpcsclite.so.0 -> /lib/libpcsclite.so.1” must be made. You can check if your Siemens library installation works well by issuing the command “ldd /usr/local/lib/libsiecap11.so”. If you see something like the following:

libpcsclite.so.0 => not found

…then there is a problem. You have to re-check if you made the symlink as advised.
If you see something like the following:

libpcsclite.so.0 => /lib/libpcsclite.so.0 (0x00466000)

…then you are OK.

Middleware software: I’ve always used “pcscd”. On Karmic I tried “openct” too, but it didn’t work for me.

Security device settings in Firefox 3.5/3.6: Edit->Preferences->Advanced->Encryption->Security Devices->Load->Module filename: /usr/local/lib/libsiecap11.so

There are some instructions on the Infonotary Wiki page too, but I’m not positive if they are up-to-date and suitable for Kubuntu Karmic or Lucid.

Just a side note: While I was using the “opensc” drivers, I found out that if you choose “/usr/lib/onepin-opensc-pkcs11.so” for “Module filename” in Firefox, then you won’t be asked twice for your PIN code (actually the second request was for something like “Secondary authentication” PIN). Prior to this, I used “/usr/lib/libopensc-pkcs11.so” and it worked well too – I typed nothing for Secondary authentication, but it was annoying.

Download disclaimer about my copy of the “HiPath SIcurity Card API V3.1 PKCS#11 for Linux”: I uploaded the copy of this archive file as I got it from my card reader vendor. I give no guarantee for the integrity of this copy and I cannot be held liable for any security or other damage, whatsoever. You have been warned.