Primary reason for using a smart card reader was to access Croatian e-citizens portal with my eid. I had some issues doing this on Ubuntu, not really a plug and play even with extensive instructions from https://www.id.hr/

Old school way, the waiting lines

I recently had to renew my passport, and learned that I could do that faster over the government ui e-građani. Otherwise, good old long waiting lines which I btw did, 4 hours waiting to submit an application for a passport renewal…

I didn’t stay there for 4 hours, but still…
I stopped at “la Turka” for a cup of turkish coffee, went for a walk, went shopping, went to a restaurant, I returned and still waited…

There’s also https://redomat.mup.hr/ where you can make a reservation or check how many people are in front of you.

When I finally got my turn, I submitted the application, and requested the credentials for eid, and with that credentials and a smart card reader I could activate my eid and get rid of the long waiting lines.

I bought a smart card reader for cca 17$ from https://www.instar-informatika.hr/citac-smart-kartica-usb-maxi-ponuda/74604/product/.

Any smart card reader will do, just has to comply with ISO7816 and PC/SC, and don’t mind if it doesn’t say that Linux is not in the supported platforms list (we’re usually not an interesting consumer group).

I looked what’s out there on amazon.de, there are decent ones for less than 20$. Maybe shipping turns expensive, depending on your country.

There are even cheaper ones on AliExpress if you don’t mind long waiting for delivery.

That’s it from discreet affiliate links from me, onto solving the problem:

I plugged in the card reader, installed eid middleware like instructed, it didn’t work. No wonder, missing drivers:

$ sudo apt update
$ sudo apt install opensc-pkcs11 libpam-pkcs11 pcscd

Then I was able to activate the card.

Smart card reader stopped working

I updated my distro version to Ubuntu 22.04, and then the card reader no longer worked.

Reason is that pcscd service is not enabled to start on boot by default.

sudo systemctl enable pcscd
sudo systemctl start pcscd

Just double check if it’s running, you should get something like this:

sudo systemctl status pcscd
● pcscd.service - PC/SC Smart Card Daemon
     Loaded: loaded (/usr/lib/systemd/system/pcscd.service; indirect; vendor pr>
     Active: active (running) since Mon 2022-10-31 07:42:45 CET; 8h ago
TriggeredBy: ● pcscd.socket
       Docs: man:pcscd(8)
   Main PID: 3706 (pcscd)
      Tasks: 8 (limit: 77026)
     Memory: 2.6M
        CPU: 1.612s
     CGroup: /system.slice/pcscd.service
             └─3706 /usr/sbin/pcscd --foreground --auto-exit

Oct 31 07:42:45 Racunalo systemd[1]: Started PC/SC Smart Card Daemon.

And after enabling the reader

Next stop was activating my mobile id, for that I had to load PKCS 11 module in my browser.

Instructions are posted below, and take a look at #Hint 2: Default Firefox installation is broken, I couldn’t load the .so module! if you’ll have issues with Firefox.

Hint 1: Chrome’s not supported, only Firefox provides a mechanism to specify a PKCS#11 provider.

Unless something’s changed since this years old discussion, I tried digging in the options but couldn’t find it.

Hint 2: Default Firefox installation is broken, I couldn’t load the .so module!

All discussion is better explained at https://askubuntu.com/questions/1409351/ubuntu-22-04-firefox-unable-to-load-module, so I’ll only recommend you:

  • uninstall the default one that you get with Ubuntu installation
  • try loading the so file again. Options -> Privacy and Security -> Security Devices (Scroll to bottom) -> click on load and find your pkcs provider.

Easy! As I said!

Categories: Uncategorized

Subscribe
Notify of
guest
4 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Ilija
Ilija
1 year ago

Hi Ana!
Thx for help!
Here are additional hints how to fix this problem with Firefox.
From https://web-eid.eu/
Note that Firefox is installed with Snap in Ubuntu 22.04 or later by default and as the Snap sandbox does not allow communication with the external native messaging host, Web eID will not work. Install Firefox via the Debian package instead of Snap if you want to use Web eID with Firefox in Ubuntu 22.04+. Instructions how to do that are available here.”
Execute steps described here:
https://www.omgubuntu.co.uk/2022/04/how-to-install-firefox-deb-apt-ubuntu-22-04
After this, proceed with instructions for loading module in Firefox.

Note: in installation manual is wrong path for PKCS11 module:
/usr/lib/akd/eidkidmiddleware/pkcs11
It should be:
/usr/lib/akd/eidmiddleware/pkcs11/libEidPkcs11.so

Best regards!
Ilija

mladen
mladen
7 months ago

Next stop was activating my mobile id, for that I had to load PKCS 11 module in my browser.

I’m sorry, where are the instructions for this part?

mladen
mladen
7 months ago
Reply to  Ana Bujan

Cool! I figured it out on my own in the meantime, but those Firefox instructions will be useful to the other readers for sure. I’ve also noticed that I could log in directly at Security Devices, New PKCS#11 Module, Alcor Micro, Log In before I go to some web page that requires it.
But anyway, what I’d like to share with you is that I got it done in Chrome, too! The American DoD instructions were useful for that:
https://cubiclenate.com/linux/applications/utilities/dod-cac-ubuntu-linuxmint/

modutil -dbdir sql:.pki/nssdb/ -list
modutil -dbdir sql:.pki/nssdb/ -add "eID Module" -libfile /usr/lib/akd/eidmiddleware/pkcs11/libEidPkcs11.so

yay!

4
0
Would love your thoughts, please comment.x
()
x