Use your digital signature in Google Chrome/Chromium for Linux
Before proceeding you must do
If you have smart card reader and smart card from InfoNotary, but you didn't install the drivers for them do the following use repositories of InfoNotary.
- IMPORTANT : Chromium uses direct access to the smart card. When you have successfully installed your certificates, you SHOULD NOT delete them from there, as this will also delete the certificate, along with the private and public keys on the smart card. After that, the certificate cannot be restored and a new one must be issued.
Install InfoNotary certificate chain
Before you proceed, you need to download InfoNotary trusted certificates.
- To install start Chromium and go to Settings > Privacy and security > Security > Manage certificates
- Choose section "Your certificates", click button "Import" and choose the path to the dowloaded file – InfoNotary_Qualified_eIDAS.p12.
After that you will be asked for password. leave the field blank and click OK.
- From section "Authorities" search for InfoNotary TSP Root and click "Edit"
- Marks as it is shown on the screen below:
Adding your smart card PKCS11 library
- After the certificate chain is installed you need to add a PKCS#11 library for your smart card. Because Chromium doesn't have an interface for adding libraries you must do the following:
- Install NSS tools. In Debian based distributions the package is libnss3-tools
- Close Chromium and unplug your reader from your computer.
- Start Terminal"'
- Create a directory for the database of NSS with the following command - mkdir -p $HOME/.pki/nssdb
- After that add the library using this command:
- for Bit4ID - modutil -add "Bit4id" -libfile libbit4ipki.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY
- for OpenSC - modutil -add "OpenSC" -libfile onepin-opensc-pkcs11.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY
In case you have Siemens driver you must chanhe the library with libsiecap11.so, and the name to Siemens.
Plus the reader and start Chromium.
- Now you can see your certificates in the settings and use them for logins in sites, which require QES.
Example for adding Bit4ID module:
* skk@skk:~$ sudo apt-get install libnss3-tools Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: libnss3-tools 0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded. Need to get 0 B/1021 kB of archives. After this operation, 5046 kB of additional disk space will be used. Selecting previously unselected package libnss3-tools. (Reading database ... 187133 files and directories currently installed.) Preparing to unpack .../libnss3-tools_2%3a3.61-1ubuntu2_amd64.deb ... Unpacking libnss3-tools (2:3.61-1ubuntu2) ... Setting up libnss3-tools (2:3.61-1ubuntu2) ... Processing triggers for man-db (2.9.4-2) ... * skk@skk:~$ mkdir -p $HOME/.pki/nssdb * skk@skk:~$ modutil -add "Bit4id" -libfile libbit4ipki.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q <enter>' to abort, or <enter> to continue: Module "Bit4id" added to database.
You can list all added libraries with the following command
modutil -dbdir sql:$HOME/.pki/nssdb -list
For example:
* skk@skk:~$ modutil -dbdir sql:$HOME/.pki/nssdb -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal PKCS #11 Module uri: pkcs11:library-manufacturer=Mozilla%20Foundation;library-description=NSS%20Internal%20Crypto%20Services;library-version=3.61 slots: 2 slots attached status: loaded slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 slot: NSS User Private Key and Certificate Services token: NSS Certificate DB uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 2. Bit4id library name: libbit4ipki.so uri: pkcs11:library-manufacturer=bit4id%20srl;library-description=bit4id%20PKCS%2311;library-version=1.2 slots: There are no slots attached to this module status: loaded -----------------------------------------------------------
If want to delete an added library you have to change -add with -delete
modutil -delete "Bit4id" -libfile libbit4ipki.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY
For example:
* skk@skk:~$ modutil -delete "Bit4id" -libfile libbit4ipki.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q <enter>' to abort, or <enter> to continue: Module "Bit4id" deleted from database.