Use your digital signature in Google Chrome/Chromium for Linux

От Infonotary
Версия от 17:34, 21 януари 2026 на Inskushev (беседа | приноси)
(разл) ← По-стара версия | Текуща версия (разл) | По-нова версия → (разл)
Направо към навигацията Направо към търсенето

Before you begin

If you have a smart card and reader from InfoNotary but have not installed the drivers for them, follow the instructions in use repositories of InfoNotary.

  • IMPORTANT: When using the smart card with Google Chrome, direct access to the card is used, meaning that mistakenly deleting the certificates from the browser will lead to the irreversible deletion of the public and private keys.
  • IMPORTANT: To use your electronic signature certificate with Google Chrome, the card reader must be connected to the computer before launching the browser.

Adding the Certification Chain and Installing the Cryptographic Module

For successful use of the Qualified Electronic Signature (QES) through the Google Chrome browser, you first need to add the certification chain, followed by installing the cryptographic module corresponding to the model of your smart card.

  1. Close Google Chrome and disconnect the card reader from the computer.
  2. Install the NSS tools. In Debian and its derivatives, the package is libnss3-tools - sudo apt install libnss3-tools
  3. Create the directory for the NSS database - mkdir -p $HOME/.pki/nssdb
  4. Download the InfoNotary certification chain and add it to the database (the chain has no password) - pk12util -d sql:$HOME/.pki/nssdb -i /path/to/InfoNotary_Qualified_eIDAS.p12
  5. Add the cryptographic module for your smart card:
  • For IDPrime - modutil -add "IDPrime" -libfile libIDPrimePKCS11.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY
  • For Bit4ID - modutil -add "Bit4id" -libfile libbit4ipki.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY
  • For OpenSC - modutil -add "OpenSC" -libfile onepin-opensc-pkcs11.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY

Connect the smart card reader to the computer, start the Google Chrome browser, and try accessing the electronic services portal with your certificate.

Sample Setup: 

* skk@skk:~$ sudo apt install libnss3-tools

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  libnss3-tools

* skk@skk:~$ mkdir -p $HOME/.pki/nssdb
* skk@skk:~$ pk12util -d sql:$HOME/.pki/nssdb -i '/home/skk/Downloads/InfoNotary_Qualified_eIDAS.p12' 
Enter password for PKCS12 file: 
pk12util: PKCS12 IMPORT SUCCESSFUL

* skk@skk:~$ modutil -add "IDPrime" -libfile libIDPrimePKCS11.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY

WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 

Module "IDPrime" added to database.


Взето от „http://wiki.infonotary.com/index.php?title=Use_your_digital_signature_in_Google_Chrome/Chromium_for_Linux&oldid=2975“.