FINEID henkilökortti

[ubuntumansuomi]

Hei,

Would anyone happen to have the Firefox 33.0 instructions for configuring the FinEID card for Ubuntu 12.04?

The Finnish website fineid.fi uses instructions for Windows when explaining how to install for Ubuntu! Weird?

http://fineid.fi/default.aspx?docid=4190

Kiitos!

[nm]

I see no claims on the FinEID site that the document you linked to would apply to Ubuntu. It's just bunch of old instructions for Firefox (on Windows).

Linux-specific instructions can be found in these two manuals. Unfortunately they seem to be somewhat messy and dated too:

http://fineid.fi/default.aspx?docid=5005&action=publish (Installing DigiSign software modules)
http://fineid.fi/default.aspx?docid=5006&action=publish (Appendices, including Firefox and Thunderbird configuration)

This might be more helpful: http://linux.fi/wiki/HST

[ubuntumansuomi]

Unjustified claim:

I see no claims on the FinEID site that the document you linked to would apply to Ubuntu. It's just bunch of old instructions for Firefox (on Windows).

When I already stated:

The Finnish website fineid.fi uses instructions for Windows when explaining how to install for Ubuntu! Weird?

The other links are indeed old and outdated.

[ubuntumansuomi]

To avoid further confusion, it appears that install info is listed for only Windows and MAC users at fineid.fi.

If a Ubuntu 12.04 user needs config instructions for year 2014 for Firefox & Thunderbird this info appears to be non-existent.

Also, older manuals appear to suggest that Firefox and Thunderbird CANNOT be run at the same time? Is this true for today?

[nm]

To avoid further confusion, it appears that install info is listed for only Windows and MAC users at fineid.fi.

As far as I can tell, pretty much all their manuals are from 2010 or older, even for Windows and Mac. Did you find more recent instructions?

What I'm saying is that they simply don't have more up-to-date instructions for Firefox on any OS. However, the old documentation still applies to current Firefox if you want to use the DigiSign module. What kind of problems are you having with it?

If a Ubuntu 12.04 user needs config instructions for year 2014 for Firefox & Thunderbird this info appears to be non-existent.

In addition to the 2010 documentation which is mostly correct even today (though slightly confusing), there's quite a lot of information in the Linux.fi wiki article that I linked to.

Also, older manuals appear to suggest that Firefox and Thunderbird CANNOT be run at the same time? Is this true for today?

Most likely that has never been the case. Can you quote this part of the manual?

[ubuntumansuomi]

Finding recent and up to date manuals for 2014 and specifically for Ubuntu 12.04LTS is next to impossible.

The link at fineid.fi for downloading the 'mpollux digisign client' eg:

http://fineid.fi/default.aspx?docid=5860&action=publish

did open the Ubuntu Software Center and the middleware installed and I was able to test PIN 1 & PIN 2 using the client. That part is working.

Right now I need to find the specifics for setting up Firefox and Thunderbird. Right now the current manuals only point things out for Windows users which are much different for Ubuntu.

The old stuff for Ubuntu dating back to ver. 7 is unusable all together. The old stuff from 2010, in my opinion is not usable.

[AimoE]

I have managed to do the installation both on Windows and Ubuntu, and in my experience, the Firefox & Thunderbird instructions are not too different for Ubuntu. The only detail I really had some trouble with was the location of the runtime library. Interestingly, the latest version for Windows does bring a fresh version of the manual, but that same version is not available on the download website. Since there is no recent update for Linuxes, the same does not apply on linuxes.


I have written full notes of all the steps I needed at installation tme. The notes are all in Finnish, so here I am just summarizing in English. If you need more precise details, just ask.


1) I first tried to do the installation on command line, but ended up in more trouble than with the GUI. So my advice is to click the .deb file in Nautilus, which then kicks off the installer GUI (I don't know its name in English), and install from there.

2) Plug in the card reader and insert the card in it. In this step, I had problems with the pop-up window in that it stayed blank. I had to log out and again in to see the license text and the button I needed to click. This is probably because of NVIDIA on the computer.

2) Firefox settings
- Remember to bring in the root certificate and the other necessary certificates form http://fineid.fi/default.aspx?docid=2237&site=9&id=332.
- Here the latest Windows version has fixed the problem with having to let DigiSIgn ask for the PIN every time. If I remember right, the Linux version of the software has not been updated accordingly.
- When you add the "turvallisuuslaite" (what is it in English?), the manual tells the wrong location. Use

Koodia: [Valitse]

dpkg -L mpollux-digisign-client | grep crypto to check for the right location.
- Open page https://127.0.0.1:53952/sign and accept the exception.
- Restart Firefox.
- Open page  https://vrk.fineid.fi to test how it all works.

3) Thunderbird settings
- The instructions are pretty much the same as with Firefox, only the last steps are unnecessary (no accepting exception, and no test page to visit).

[ubuntumansuomi]

@Aimo

When I followed this:

- When you add the "turvallisuuslaite" (what is it in English?), the manual tells the wrong location. Use
Koodia: [Valitse]

dpkg -L mpollux-digisign-client | grep crypto

to check for the right location.

I got 4 choices. Which one to use?

Thanks!

[ubuntumansuomi]

@AimoE & @nm,

Thanks you guys for helping me on this!

Using this code:

Koodia: [Valitse]

dpkg -L mpollux-digisign-client | grep crypto
gave me these for options:

/usr/lib/libcryptoki.so.3.1.9
/usr/lib/libcryptoki.so
/usr/lib/libcryptoki.so.3
/usr/lib/libcryptoki.so.3.1

I went back into 'security devices', which was the word AimoE was looking for, and choose '/usr/lib/libcryptoki.so'.

BUT WAS THIS THE RIGHT CHOICE?

I have things working and the test link AimoE gave logged me into the Vaestorekisterikesku page without PIN? But into Kela with PIN.

Comments?

[AimoE]

If you "ls -l" those files, you will see that all but one of them are symlinks to the one that is not.

[nm]

It's best to use either libcryptoki.so.3 (which is basically what the manual instructs) or libcryptoki.so. That way minor revisions to the library won't break the configuration. In practice you probably will never update the library, so any of the four alternatives work just fine.

[AimoE]

Now that the actual procedure is clear, I have to add that while the software works fine otherwise, I have noticed that it does not want to have Amaya (http://www.w3.org/Amaya/) running at the same time. If they are used simultaneously, one of them crashes at some point or another - bot on Windows and Ubuntu. Usually it is Amaya that crashes. After I installed the new Windows version, I am not sure if the crashing still happens on Windows, though.

I have no idea of why this happens, so I am a bit worried about this. For example, it could be a memory leak in one of their shared libraries (if the have any in common).

[ubuntumansuomi]

I was in Estonia a couple of days and there everyone is talking about all the possibilities that the Estonian i.d. card has to offer. Thus, I went into Eurotronics over at Viru Keskus and bought for €6.90 a Gemalto card reader, which with your help I just got working.

The everyday consumer isn't going to go through the trouble to get this stuff working if it isn't plug & play.

This was an interesting afternoon exercise to get working and will obviously prove beneficial but those that are not technically inclined or if clear documentation does not exist will be prevented from enjoying the benefits our (Finland) card has to offer

[AimoE]

Yeah, well, it does not offer much. The Estonians have managed to design their system so that their card really offers everything technially possible. The Finnish card can only be used to log in to some specific services. The manual for example talks about signing and encrypting email, but in practice, I would need to know the public key of the person I want to send email to, and I have not found a reasonable way to check that from the LDAP dictionary, because queries are so restricted. Recently, I was in a meetup with peopel who represented unemployment services and health services, and I asked them if they can use the encryption when they send email to each other, and they said that only with office they can (within unemployment services or within health services), but not cross-office thy cannot. How on earth did Finland come up+ with this mess, I cannot understand!

Thank you for choosing the title for the thread so it allows this addition ;-)

[ubuntumansuomi]

So I guess using the card with email is a bad idea..... Well if worst comes to worst we can all become virtual citizens of Estonia !

Check this out:

http://www.aamulehti.fi/Kotimaa/1194933556934/artikkeli/pienyrittaja+viron+hurjasta+keksinnosta+kuolinisku+suomen+byrokratialle.html

[AimoE]

Well, I suppose I can give my public key and receive someone else's public key simply by the way of signing emails. So far I have not had a reason to try it out with anyone, because to do that, I would need to know for sure that the other person already is familiar and comfortable with all the necessary preliminaries.

I have seen that civil servants in some offices use the id card to log in to their computers.

[ubuntumansuomi]

Is it possible to allow users to sign into a website using their Finnish I.D. card? Can the card be used for both public and private uses?

[AimoE]

The only websites that I know of supporting login with the id card are web sites such as veroh.fi, where you can fill in your tax return (http://www.vero.fi/veroilmoitus) or subscribe for a new tax card (http://www.vero.fi/verokortti). Another service provider is Kela, where you can apply for health related support. And some other such services. Maybe also some municipality services, I'm not sure.

Private service providers do not support the id card, but instead they support "mobiilivarmenne", which uses the exact same information as the id card for electronic identification. You can ask your phone operator to load the mobiilivarmenne on your SIM card for a monthly fee. At the moment, two out of the three operators that provide it have a fee of 0€ per month.

[ubuntumansuomi]

I know about this service. Here Finland could offer virtual phone numbers to everyone around the world to use this concept if Finland is first to show it's potential!

[reboot]

I know about this service. Here Finland could offer virtual phone numbers to everyone around the world to use this concept if Finland is first to show it's potential!

We can always dream about it...