Installing .DEB or .RPM package - The smartcard saga

Guys - I am strugling to run my eID card - Now Certisign asks me to install a .deb our .rpm package - Is it possible to buitd it on NixOS ?

You can repackage them, similar to what’s done with steam, and other binaries.
It’s probably not a copy&paste-able solution though, but will need some evolving.

Look for example at skypeforlinux or other binary packages:

1 Like

There are many different cards and eID programs.

For example, I have packaged ausweisapp2 (German eID client) and
beaclient (German Rechtsanwaltpostfach) under nixos (both not in
nixpkgs).

ausweisapp2 C++ sources are available and compile under nixos. In
default.nix, I had to depend on pcsclite.

beaclient is in Java, require oracle java and sources are not available.

Both programs use card readers which work fine under nixos.

For both programs, I had to create a module with the following enabled:

services.pcscd = {
  enable = true;
  plugins = [
    pkgs.acsccid
    pkgs.ccid
    pkgs.pcsc-cyberjack
  ];
};

You might not need all those drivers, depending on your hardware.

Based on the limited info you provided, I see the following options:

  • find sources and package and build them under nixos (best option)

  • if that is not possible, unpack and patchelf the binaries you
    mentioned

  • if that is not possible, run it under fsh emulation

  • or run it under different linux in container or vm

Well, I am trying a lot of stuff. This is my set-up:

  services.pcscd.enable = true; 
  services.pcscd.plugins =  with pkgs;
   [ pcsclite 
     opensc                    # Encryption
     openssl 
     pcsctools 
     libusb 
     libusb1 
     ccid 
     pcsc-cyberjack 
     encfs
     cryptsetup                # Encrypted USB sticks etc
     pinentry                  # GPG password entry from the terminal
     gnupg                     # Encryption key management
     gnupg1orig
     pcmciaUtils               # PCMCIA Tools 
     acsccid                   # SmartCard Apps 
     glibc                     # Para o WebSigner Certsign
     chrome-token-signing      # Chrome and Firefox extension for signing with your eID on the web
   ];

The card reader is OK - But it miss-recognize the eID card:

Using reader plug'n play mechanism
Scanning present readers...
0: CASTLES EZCCID Smart Card Reader 00 00
 
Tue May 19 15:12:48 2020
 Reader 0: CASTLES EZCCID Smart Card Reader 00 00
  Event number: 0
  Card state: Card inserted, 
  ATR: 3B FD 18 00 00 80 31 FE 45 73 66 74 65 2D 63 64 30 38 30 2D 6E 66 DC

ATR: 3B FD 18 00 00 80 31 FE 45 73 66 74 65 2D 63 64 30 38 30 2D 6E 66 DC
+ TS = 3B --> Direct Convention
+ T0 = FD, Y(1): 1111, K: 13 (historical bytes)
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
    129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
  TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0 
-----
  TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1 
-----
  TA(3) = FE --> IFSC: 254
  TB(3) = 45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
+ Historical bytes: 73 66 74 65 2D 63 64 30 38 30 2D 6E 66
  Category indicator byte: 73 (proprietary format)
+ TCK = DC (correct checksum)

Possibly identified card (using /home/wjjunyor/.cache/smartcard_list.txt):
3B FD 18 00 00 80 31 FE 45 73 66 74 65 2D 63 64 30 38 30 2D 6E 66 DC
        G&D Sm@Cafe 3.1 (eID)

My card is a Brazilian eCPF, not a G&D Sm@Cafe 3.1 - Also, I have to integrate it to be recognized by the browser app.

Well, I am trying a lot of stuff. This is my set-up:

that looks ok

The card reader is OK - But it miss-recognize the eID card: My card is
a Brazilian eCPF, not a G&D Sm@Cafe 3.1

I am not sure where the strings come from and if that is a problem.
Maybe you don’t need to worry about it (yet?).

Also, I have to integrate it to be recognized by the browser app.

which browser app?

which browser?

The two apps I did were desktop apps. I am not sure if it is possible
to write a web app with card reader support. It would be interesting to
know more about your use-case.

Good afternoon @tohl2 - I am using Firefox and Chromium.

The objective is document signing, and governamental portals login.

On Windows, I used to use a extension provided by one of my certificates issuers - Certisign [https://chrome.google.com/webstore/detail/acfifjfajpekbmhmjppnmmjgmhjkildl] - This Extension uses a packages whom recognizes the certificate and allow the use of it by the webpage for document signing or login authentication.

The packages this extension uses are available on https://get.websignerplugin.com/.

Examples of sites I use whom uses this set-up of tools, apps, extensions and etc. are:

  1. https://www.portaldeassinaturas.com.br/Home/Login

  2. https://cav.receita.fazenda.gov.br/autenticacao/login/index

I guess it is all.

Good afternoon @tohl2 - I am using Firefox and Chromium.

ok

On Windows, I used to use a extension provided by one of my
certificates issuers - Certisign
[https://chrome.google.com/webstore/detail/acfifjfajpekbmhmjppnmmjgmhjkildl]

  • This Extension uses a packages whom recognizes the certificate and
    allow the use of it by the webpage for document signing or login
    authentication.

The packages this extension uses are available on
https://get.websignerplugin.com/.

then you need to package this extension with all the necessary card
reader dependencies and then somehow plug it into the browser

Examples of sites I use whom uses this set-up of tools, apps,
extensions and etc. are:

  1. https://www.portaldeassinaturas.com.br/Home/Login

  2. https://cav.receita.fazenda.gov.br/autenticacao/login/index

interesting, thanks for the info

1 Like