Installing .DEB or .RPM package - The smartcard saga

Help
1

Guys - I am strugling to run my eID card - Now Certisign asks me to install a .deb our .rpm package - Is it possible to buitd it on NixOS ?

2

You can repackage them, similar to what’s done with steam, and other binaries.
It’s probably not a copy&paste-able solution though, but will need some evolving.

Look for example at skypeforlinux or other binary packages:

1 Like
4

Well, I am trying a lot of stuff. This is my set-up:

  services.pcscd.enable = true; 
  services.pcscd.plugins =  with pkgs;
   [ pcsclite 
     opensc                    # Encryption
     openssl 
     pcsctools 
     libusb 
     libusb1 
     ccid 
     pcsc-cyberjack 
     encfs
     cryptsetup                # Encrypted USB sticks etc
     pinentry                  # GPG password entry from the terminal
     gnupg                     # Encryption key management
     gnupg1orig
     pcmciaUtils               # PCMCIA Tools 
     acsccid                   # SmartCard Apps 
     glibc                     # Para o WebSigner Certsign
     chrome-token-signing      # Chrome and Firefox extension for signing with your eID on the web
   ];

The card reader is OK - But it miss-recognize the eID card:

Using reader plug'n play mechanism
Scanning present readers...
0: CASTLES EZCCID Smart Card Reader 00 00
 
Tue May 19 15:12:48 2020
 Reader 0: CASTLES EZCCID Smart Card Reader 00 00
  Event number: 0
  Card state: Card inserted, 
  ATR: 3B FD 18 00 00 80 31 FE 45 73 66 74 65 2D 63 64 30 38 30 2D 6E 66 DC

ATR: 3B FD 18 00 00 80 31 FE 45 73 66 74 65 2D 63 64 30 38 30 2D 6E 66 DC
+ TS = 3B --> Direct Convention
+ T0 = FD, Y(1): 1111, K: 13 (historical bytes)
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
    129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
  TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0 
-----
  TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1 
-----
  TA(3) = FE --> IFSC: 254
  TB(3) = 45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
+ Historical bytes: 73 66 74 65 2D 63 64 30 38 30 2D 6E 66
  Category indicator byte: 73 (proprietary format)
+ TCK = DC (correct checksum)

Possibly identified card (using /home/wjjunyor/.cache/smartcard_list.txt):
3B FD 18 00 00 80 31 FE 45 73 66 74 65 2D 63 64 30 38 30 2D 6E 66 DC
        G&D Sm@Cafe 3.1 (eID)

My card is a Brazilian eCPF, not a G&D Sm@Cafe 3.1 - Also, I have to integrate it to be recognized by the browser app.

6

Good afternoon @tohl2 - I am using Firefox and Chromium.

The objective is document signing, and governamental portals login.

On Windows, I used to use a extension provided by one of my certificates issuers - Certisign [https://chrome.google.com/webstore/detail/acfifjfajpekbmhmjppnmmjgmhjkildl] - This Extension uses a packages whom recognizes the certificate and allow the use of it by the webpage for document signing or login authentication.

The packages this extension uses are available on https://get.websignerplugin.com/.

Examples of sites I use whom uses this set-up of tools, apps, extensions and etc. are:

  1. https://www.portaldeassinaturas.com.br/Home/Login

  2. https://cav.receita.fazenda.gov.br/autenticacao/login/index

I guess it is all.

1 Like
8

In the end, I’ve discovered my digital certificate wasn’t linux compatible. So I couldn’t conclude this set-up! In the next renewall, I’ll take care buying a new and compatible card.