Using your EID on opensuse 12.1

In Belgium you can use your EID to login onto the federal portal for using electronic services, for example, for filing tax return. Installation instructions are provided for Windows, Mac and (Ubuntu) Linux. This is what I had to do to get it working on opensuse 12.1 on a Dell Precision M4600.

Installation

smartcard reader

Since the M4600 is a fairly new model, I had to upgrade my pcsc/ccid package to the latest version. It seems the M4600 comes with a Broadcom Corp 5880 smartcard reader which is connected through USB (internally).

Add the chipcard repo:

sudo zypper ar -r http://download.opensuse.org/repositories/security:/chipcard/openSUSE_12.1/security:chipcard.repo

and “switch system packages” in Yast. You should have installed at least the following packages: pcsc-lite, libpcsclite1 and libpth20.

Depending on your smartcard reader, you need a different pcsc plugin package. The Broadcom 5880 smartcard reader is supported through the ccid driver. This means we have to install the pcsc-ccid package from the chipcard repo.

eid middleware

Add the following repo by Pascal Bleser:

sudo zypper ar -r http://download.opensuse.org/repositories/home:/pbleser:/belgium-eid/openSUSE_12.1/home:pbleser:belgium-eid.repo

and install the eid-mw package. I also noticed the eid-mw-firefox package in this repo, but it did not seem to work in my case, possibly because I’m using 64-bit firefox.

configuring firefox

  • Install the belgium eid firefox add-on.
  • Trust Belgium Certificate Authority: Edit menu -> Preferences -> Advanced -> Encryption -> View Certificates -> Authorities -> Belgium root CA2 -> Edit trust -> check all checkboxes
I’m not sure whether the firefox add-on is really needed. Afterwards I uninstalled it and it kept working.

Troubleshooting

smartcard reader

  • check in /var/log/messages which device you have
  • most devices are connected through usb protocol. Check your usb device list:
    lsusb -v
  • google the device or check the device compatibility lists of the pcsc-<driver> packages. You can find the ccid device list here.
  • if you have a pccard interface for your reader, check whether the device is installed with:
    pccardctl ls
  • install the pcsc-tools and perl-pcsc package to have access to some smartcard reader analysis tools. Running the pcsc_scan tool should yield similar output like this:
  • If you get a segfault when loading the pcsc-ccid driver, for example:
    pcscd[3228]: segfault at 0 ip 00007f98bec38121 sp 00007fff2e806208 error 4 in libc-2.14.1.so[7f98bebb8000+187000]
    check whether you updated your portable thread library with the one in the chipcard repo (package name is libpth20)
  • be sure to be using all the packages from the chipcard repo by using the “switch system packages”.
  • firmware upgrade as suggested here, was not necessary. Read the whole thread to find out why a ccid upgrade was actually necessary.

eid middleware

The government created an application eid-viewer which you can use to read some public data from your EID. It’s a java-based app so you need a java JRE to run it:

java -jar eid-viewer-4.0.4-146_tcm227-178503.jar

You can obtain it from this page under the catory “other”.

firefox

Although I installed this add-on, I don’t believe it is needed. I did have trouble the first time I signed in: it succeeded, but redirected me to a page where I would again need to choose whether I wanted to sign on with EID or password. I closed firefox, and tried again, this time it just worked. You can surf to this test page to test whether everything is configured correctly.