Very short entry this time to explain how to install the OpenDNIe library in the chrome / chromium browser (currently debian testing has chromium 32). Some hours ago David commented in the previous entry about OpenDNIe if I knew how to configure the Spanish eID card (DNIe) inside the google browser. I had never done it but, obviously, it should be possible. Chrome right now uses the NSS project to handle with certificates, ssl and security in general (same as firefox), but it is migrating to openssl (check this document for more information, so this method will be outdated quite soon). Although the NSS framework permits the integration of any PKCS#11 library, it seems that chrome does not give any graphical interface to configure it, therefore, it only can be done using NSS commands.
I have followed the instructions given by the Belgium eID team:
Install the NSS tools package (in my case I have the package already installed).
apt-get install libnss3-tools
Quit the browser if running and add the PKCS#11 module from opensc where the chromium NSS configuration is placed (seemingly the .pki/nssdb directory).
modutil -dbdir sql:.pki/nssdb/ -add "opensc" -libfile /home/ricky/apps/opensc/lib/opensc-pkcs11.so
If you remember the opensc-pkcs11.so is the same library that were installed inside firefox/iceweasel (that is why a standard is so great). It resulted from the opensc compilation done in the previous entry.
Check that the library is shown as a valid module.
modutil -dbdir sql:.pki/nssdb/ -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. Mozilla Root Certs
library name: libnssckbi.so
slots: 1 slot attached
status: loaded
slot: NSS Builtin Objects
token: Builtin Object Token
3. opensc
library name: /home/ricky/apps/opensc/lib/opensc-pkcs11.so
slots: 2 slots attached
status: loaded
slot: Virtual hotplug slot
token:
slot: Broadcom Corp 5880 [Contacted SmartCard] (0123456789ABCD) 00 00
token: DNI electrónico (PIN1)
4. Root Certs
library name: sql:/home/ricky/.pki/nssdb/libnssckbi.so
slots: There are no slots attached to this module
status: Not loaded
-----------------------------------------------------------
And that is all. Now the chromium browser can be started (with the DNIe inserted in your smartcard reader) and the card certificates are available (Settings -> Show advanced settings... -> Manage certificates button in HTTPS/SSL section).
The functionality was checked again accessing the DNIe tester page. You can enter without problem but the signing process fails as it happened with firefox (I am not sure but the page seems to use a Java applet that does not work with linux / icedtea plugin).>
That's all folks!
Comments