Use your digital signature in Google Chrome/Chromium for Linux

От Infonotary
Версия от 11:53, 22 юни 2022 на Inmivanov (беседа | приноси) (Нова страница: „== Before proceeding you must do == If you have smart card reader and smart card from InfoNotary, but you didn't install the drivers for them do the following [...“)
(разл) ← По-стара версия | Текуща версия (разл) | По-нова версия → (разл)
Направо към навигацията Направо към търсенето

Before proceeding you must do

If you have smart card reader and smart card from InfoNotary, but you didn't install the drivers for them do the following use repositories of InfoNotary.

  • IMPORTANT : Chromium uses direct access to the smart card. When you have successfully installed your certificates, you SHOULD NOT delete them from there, as this will also delete the certificate, along with the private and public keys on the smart card. After that, the certificate cannot be restored and a new one must be issued.

Install InfoNotary certificate chain

Before you proceed, you need to download InfoNotary trusted certificates.

  • To install start Chromium and go to Settings > Privacy and security > Security > Manage certificates

After that you will be asked for password. leave the field blank and click OK.

ChromeLinux1.png


  • From section "Authorities" search for InfoNotary TSP Root and click "Edit"

ChromeLinux2.png

  • Marks as it is shown on the screen below:

ChromeLinux3.png

Adding your smart card PKCS11 library

  • After the certificate chain is installed you need to add a PKCS#11 library for your smart card. Because Chromium doesn't have an interface for adding libraries you must do the following:
  1. Install NSS tools. In Debian based distributions the package is libnss3-tools
  2. Close Chromium and unplug your reader from your computer.
  3. Start Terminal"'
  4. Create a directory for the database of NSS with the following command - mkdir -p $HOME/.pki/nssdb
  5. After that add the library using this command:
  • for Bit4ID - modutil -add "Bit4id" -libfile libbit4ipki.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY
  • for OpenSC - modutil -add "OpenSC" -libfile onepin-opensc-pkcs11.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY

In case you have Siemens driver you must chanhe the library with libsiecap11.so, and the name to Siemens.


Plus the reader and start Chromium.

  • Now you can see your certificates in the settings and use them for logins in sites, which require QES.


Example for adding Bit4ID module:

* skk@skk:~$ sudo apt-get install libnss3-tools

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  libnss3-tools
0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.
Need to get 0 B/1021 kB of archives.
After this operation, 5046 kB of additional disk space will be used.
Selecting previously unselected package libnss3-tools.
(Reading database ... 187133 files and directories currently installed.)
Preparing to unpack .../libnss3-tools_2%3a3.61-1ubuntu2_amd64.deb ...
Unpacking libnss3-tools (2:3.61-1ubuntu2) ...
Setting up libnss3-tools (2:3.61-1ubuntu2) ...
Processing triggers for man-db (2.9.4-2) ...


* skk@skk:~$ mkdir -p $HOME/.pki/nssdb
* skk@skk:~$ modutil -add "Bit4id" -libfile libbit4ipki.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY

WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 

Module "Bit4id" added to database.



You can list all added libraries with the following command

modutil -dbdir sql:$HOME/.pki/nssdb -list

For example:

* skk@skk:~$ modutil -dbdir sql:$HOME/.pki/nssdb -list

Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal PKCS #11 Module
	   uri: pkcs11:library-manufacturer=Mozilla%20Foundation;library-description=NSS%20Internal%20Crypto%20Services;library-version=3.61
	 slots: 2 slots attached
	status: loaded

	 slot: NSS Internal Cryptographic Services
	token: NSS Generic Crypto Services
	  uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203

	 slot: NSS User Private Key and Certificate Services
	token: NSS Certificate DB
	  uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203

  2. Bit4id
	library name: libbit4ipki.so
	   uri: pkcs11:library-manufacturer=bit4id%20srl;library-description=bit4id%20PKCS%2311;library-version=1.2
	 slots: There are no slots attached to this module
	status: loaded
-----------------------------------------------------------

If want to delete an added library you have to change -add with -delete

modutil -delete "Bit4id" -libfile libbit4ipki.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY

For example:

* skk@skk:~$ modutil -delete "Bit4id" -libfile libbit4ipki.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY 
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 

Module "Bit4id" deleted from database.