Configure eid/smart card reader to work from Ubuntu, easy!

Published by Ana Bujan on

Primary reason for using a smart card reader was to access Croatian e-citizens portal with my eid. I had some issues doing this on Ubuntu, not really a plug and play even with extensive instructions from https://www.id.hr/

Old school way, the waiting lines

I recently had to renew my passport, and learned that I could do that faster over the government ui e-građani. Otherwise, good old long waiting lines which I btw did, 4 hours waiting to submit an application for a passport renewal…

I didn’t stay there for 4 hours, but still…
I stopped at “la Turka” for a cup of turkish coffee, went for a walk, went shopping, went to a restaurant, I returned and still waited…

There’s also https://redomat.mup.hr/ where you can make a reservation or check how many people are in front of you.

When I finally got my turn, I submitted the application, and requested the credentials for eid, and with that credentials and a smart card reader I could activate my eid and get rid of the long waiting lines.

I bought a smart card reader for cca 17$ from https://www.instar-informatika.hr/citac-smart-kartica-usb-maxi-ponuda/74604/product/.

Any smart card reader will do, just has to comply with ISO7816 and PC/SC, and don’t mind if it doesn’t say that Linux is not in the supported platforms list (we’re usually not an interesting consumer group).

I looked what’s out there on amazon.de, there are decent ones for less than 20$.

That’s it from discreet affiliate links from me, onto solving the problem:

I plugged in the card reader, installed eid middleware like instructed, it didn’t work. No wonder, missing drivers:

$ sudo apt update
$ sudo apt install opensc-pkcs11 libpam-pkcs11 pcscd

Then I was able to activate the card.

Smart card reader stopped working

I updated my distro version to Ubuntu 22.04, and then the card reader no longer worked.

Reason is that pcscd service is not enabled to start on boot by default.

sudo systemctl enable pcscd
sudo systemctl start pcscd

Just double check if it’s running, you should get something like this:

sudo systemctl status pcscd
● pcscd.service - PC/SC Smart Card Daemon
     Loaded: loaded (/usr/lib/systemd/system/pcscd.service; indirect; vendor pr>
     Active: active (running) since Mon 2022-10-31 07:42:45 CET; 8h ago
TriggeredBy: ● pcscd.socket
       Docs: man:pcscd(8)
   Main PID: 3706 (pcscd)
      Tasks: 8 (limit: 77026)
     Memory: 2.6M
        CPU: 1.612s
     CGroup: /system.slice/pcscd.service
             └─3706 /usr/sbin/pcscd --foreground --auto-exit

Oct 31 07:42:45 Racunalo systemd[1]: Started PC/SC Smart Card Daemon.

And after enabling the reader

Next stop was activating my mobile id, for that I had to load PKCS 11 module in my browser.

Instructions are posted below, and take a look at #Hint 2: Default Firefox installation is broken, I couldn’t load the .so module! if you’ll have issues with Firefox.

Upute-za-koristenje-Certilia-Middleware-u-Firefox-preglednikuDownload

Hint 1: Chrome’s not supported, only Firefox provides a mechanism to specify a PKCS#11 provider.

Unless something’s changed since this years old discussion, I tried digging in the options but couldn’t find it.

Hint 2: Default Firefox installation is broken, I couldn’t load the .so module!

All discussion is better explained at https://askubuntu.com/questions/1409351/ubuntu-22-04-firefox-unable-to-load-module, so I’ll only recommend you:

  • uninstall the default one that you get with Ubuntu installation
  • try loading the so file again. Options -> Privacy and Security -> Security Devices (Scroll to bottom) -> click on load and find your pkcs provider.

Easy! As I said!

Categories: Uncategorized

4 Comments

Ilija · December 18, 2022 at 11:15 am

Hi Ana!
Thx for help!
Here are additional hints how to fix this problem with Firefox.
From https://web-eid.eu/
Note that Firefox is installed with Snap in Ubuntu 22.04 or later by default and as the Snap sandbox does not allow communication with the external native messaging host, Web eID will not work. Install Firefox via the Debian package instead of Snap if you want to use Web eID with Firefox in Ubuntu 22.04+. Instructions how to do that are available here.”
Execute steps described here:
https://www.omgubuntu.co.uk/2022/04/how-to-install-firefox-deb-apt-ubuntu-22-04
After this, proceed with instructions for loading module in Firefox.

Note: in installation manual is wrong path for PKCS11 module:
/usr/lib/akd/eidkidmiddleware/pkcs11
It should be:
/usr/lib/akd/eidmiddleware/pkcs11/libEidPkcs11.so

Best regards!
Ilija

Reply

mladen · July 16, 2023 at 6:37 pm

Next stop was activating my mobile id, for that I had to load PKCS 11 module in my browser.

I’m sorry, where are the instructions for this part?

Reply

    Ana Bujan · July 17, 2023 at 9:32 am

    Hi Mladen, I uploaded the pdf file “Upute za koristenje…” since the link I had to Certilia is broken.
    Some parts might be outdated and hint on the broken firefox install might not be relevant anymore.
    Comment above by Ilija might help with the broken firefox install.

    Reply

      mladen · July 17, 2023 at 7:00 pm

      Cool! I figured it out on my own in the meantime, but those Firefox instructions will be useful to the other readers for sure. I’ve also noticed that I could log in directly at Security Devices, New PKCS#11 Module, Alcor Micro, Log In before I go to some web page that requires it.
      But anyway, what I’d like to share with you is that I got it done in Chrome, too! The American DoD instructions were useful for that:
      https://cubiclenate.com/linux/applications/utilities/dod-cac-ubuntu-linuxmint/

      modutil -dbdir sql:.pki/nssdb/ -list

      modutil -dbdir sql:.pki/nssdb/ -add "eID Module" -libfile /usr/lib/akd/eidmiddleware/pkcs11/libEidPkcs11.so

      yay!

      Reply

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *