InfoNotary SmartCard config in Firefox and Chrome on Debian Stretch
Author: Делян Кръстев
InfoNotary maintain a useful wiki on the subject here:
Configure the reader and the smart card
My reader is:
# lsusb
Bus 006 Device 002: ID 076b:6622 OmniKey AG CardMan 6121The installation instructions are here:
http://wiki.infonotary.com/index.php/Инсталация_на_драйвери_за_четец_и_смарт_карта_в_Linux
Not all steps described there are needed. Here are mine:
- Install
pcscdandopenscpackages - Check that
openctis not installed (Not found in Debian Stretch when I'm writing this.)
pcscd depends on libccid which should NOT be installed.
I've installed the pcsc-omnikey package which has the necessary Provides and purged libccid.
pcsc-omnikey is available in the InfoNotary Debian package repository:
http://wiki.infonotary.com/index.php/Използване_на_хранилищата_на_InfoNotary
# wget -qO - http://repository.infonotary.com/install/linux/INotaryCodeSigning.key.asc | sudo apt-key add -
# wget http://repository.infonotary.com/install/linux/infonotary.list -qO /etc/apt/sources.list.d/infonotary.list
# apt-get updateI use aptitude and do the libccid purging and pcsc-omnikey install in one step. Then:
# systemctl stop pcscd.service
# pcscd --foregroundCheck the pcscd output for the reader and use Ctrl+C to stop it.
I do NOT install the official OmniKey driver ifdokccid_linux .
Edit the file /etc/opensc/opensc.conf find the following section and set these values:
reader_driver pcsc {
max_send_size = 0;
max_recv_size = 0;Then you can:
# systemctl start pcscd.serviceConfigure Firefox
The instructions are here:
On this page they recommend installation by using a FireFox extension. I do it manually though and it is shown with screens here:
Download the InfoNotary certs from here (from the menu - "публичен регистър->удостоверения на ИнфоНотари"):
http://www.infonotary.com/site/?p=doc_g1_3
You can import the individual "cer" files in the Authories section or the entire chain "p12" file. Do not forget to check the trust of individual imported certs.
Then on the same page:
it is shown how to activate the reader in Firefox. The path to the lib in Debian Stretch x86_64 is:
/usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.soThe signing functionality has been removed from Firefox 35+, so in order to do signing from the browser you need a Firefox extension. There are two which are known to work and you can try them one by one "SignTextJS" and "SignTextJS plus"
Configure Google Chrome
It is well described here:
Further
I use the SmartCard for access to:
- epay
- FiBank
- НАП
For НАП access these certs should also be imported into Chrome/Firefox:
![[Atom Feed]](/i/atom.png){kind=small}