Difference between revisions of "Luxtrust"
AlainKnaff (talk | contribs) |
AlainKnaff (talk | contribs) (Link Lionel Élie's Floss driver from this page, so that it doesn't get misidentified as spam) |
||
(11 intermediate revisions by 3 users not shown) | |||
Line 6: | Line 6: | ||
The following versions of the wrapper are relevant to the discussions below: | The following versions of the wrapper are relevant to the discussions below: | ||
− | * 1.3 : last version without 64 bit support | + | * 1.3 : last version without 64 bit support. Deployed at Raiffeisen and BGL |
− | * 1.4 : first version with 64 bit support, but with buggy 32 bit support | + | * 1.4 : first version with 64 bit support, but '''with buggy 32 bit support'''. This version is unfortunately deployed at BCEE and CCP |
− | * 1.4.1 : 64 bit support, bug with 32 bit support fixed. | + | * 1.4.1 : 64 bit support, bug with 32 bit support fixed. Deployed on Luxtrust's own site (certificate test). |
+ | |||
+ | [[FLOSS Luxtrust|FLOSS driver for the Luxtrust smartcard and signing stick]] | ||
== BGL, Raiffeisen == | == BGL, Raiffeisen == | ||
Line 15: | Line 17: | ||
However, [http://prophecy.lu/pipermail/lilux-help/2012-June/001619.html this mail] explains how to set up a program which automatically replaces the 32 bit JNI with a 64 bit version downloaded from Luxtrust's site. | However, [http://prophecy.lu/pipermail/lilux-help/2012-June/001619.html this mail] explains how to set up a program which automatically replaces the 32 bit JNI with a 64 bit version downloaded from Luxtrust's site. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== BCEE == | == BCEE == | ||
Line 30: | Line 22: | ||
As of June 13th 2012, BCEE has deployed the buggy 1.4 version of the wrapper. Moreover, their javascript responsible for detecting the browser's architecture and loading the appropriate wrapper does not distinguish between Linux 32 bit and Linux 64 bit, and always loads the 32 bit version. | As of June 13th 2012, BCEE has deployed the buggy 1.4 version of the wrapper. Moreover, their javascript responsible for detecting the browser's architecture and loading the appropriate wrapper does not distinguish between Linux 32 bit and Linux 64 bit, and always loads the 32 bit version. | ||
− | Which means that BCEE's SNET now works neither in 32 bits, nor in 64 bits. | + | Which means that BCEE's SNET now works neither in 32 bits, nor in 64 bits. In 32 bit, the following error message is displayed: |
+ | <code>LuxTrust error: 131081 - LTEC:131081:Middleware is not installed!</code> | ||
+ | |||
+ | The reason for this message is that due to a typo in a config file included in the cryptoTI jar of the 1.4 wrapper, it looks for the middleware under the location for Macintosh rather than for Linux, and thus can't find it. | ||
A workaround exists though, using the following bookmarklet: | A workaround exists though, using the following bookmarklet: | ||
Line 44: | Line 39: | ||
Then go to bcee.lu and navigate to SNET normally. When the error message pops up, click the bookmark. | Then go to bcee.lu and navigate to SNET normally. When the error message pops up, click the bookmark. | ||
− | Incidentally, this also works for Raiffeisen and CCP, but not for BGL ( | + | Incidentally, this also works for Raiffeisen (64 bit) and CCP, but not for BGL (64 bit) because BGL re-signs the Luxtrust applet jars with their own key. |
+ | |||
+ | == CCP == | ||
+ | |||
+ | Since July 23rd, CCP now also uses the faulty 1.4 version. | ||
+ | |||
+ | The bookmarklet as described above for BCEE is able to work around the problem with CCP too, but with a twist: | ||
+ | |||
+ | for some weird reason CCP has chosen to manipulate the settings of your browser such that the window has almost no bars, so the bookmarklet is inaccessible to the CCP connect window. However, the URL bar still shows, and you can just copy-paste that URL into the URL bar into another window, and then the bookmarklet is accessible. | ||
+ | |||
+ | Or just go to https://secure.ccp-connect.lu/ccpgate/xlogin?page=1&lang=en&channel=B2C | ||
+ | |||
+ | On newer distributions (such as Ubuntu 16.04) installing the Middleware is not possible due to failed dependencies (libssl0.9.8). For some weird reason the MiddleWare for LuxTrust needs libssl0.9.8 and libssl1.0.0, but the version 0.9.8 is not in the repositories anymore. The simpliest way to solve this dependency is to install libssl0.9.8 from an earlier distribution (For Ubuntu, it's [http://www.loes.org.lu/files/libssl0.9.8_0.9.8o-7ubuntu3.2.14.04.1_amd64.deb here]). | ||
+ | |||
+ | A full guide will also be found on my [http://www.loes.org.lu/Linux/Webbanking.html site]. | ||
+ | For stuff from the state like [http://guichet.lu Guichet.lu] you don't need this fix. You don't even need Oracle's java. Openjre(Iced Tea) does it also. | ||
+ | |||
+ | |||
+ | == Update December 2018: == | ||
+ | |||
+ | |||
+ | Installing the actual Luxtrust Middleware on Debian, the package complains that it cannot find libssl1.0.0. Therefore, you have to install the package libssl1.0.0_1.0.1t-1+deb8u10_amd64.deb from https://packages.debian.org/jessie/amd64/libssl1.0.0/download [https://packages.debian.org/jessie/amd64/libssl1.0.0/download] before installing the Gemalto and then the luxtrust middleware. I will investigate to find another solution, as libssl1.0.0 is not recent anymore. |
Latest revision as of 15:42, 12 December 2021
As of June 2012, Luxtrust now fully supports 64 bit systems.
A 64-bit middleware is available from their site, and moreover they've made available a "wrapper" to allow bank applets to call this middleware.
As an end user, you only need to download and install the middleware. Banks install the wrapper jar on their site, as an end user you do normally not need to worry about this, unless banks did a mistake setting up the wrapper.
The following versions of the wrapper are relevant to the discussions below:
- 1.3 : last version without 64 bit support. Deployed at Raiffeisen and BGL
- 1.4 : first version with 64 bit support, but with buggy 32 bit support. This version is unfortunately deployed at BCEE and CCP
- 1.4.1 : 64 bit support, bug with 32 bit support fixed. Deployed on Luxtrust's own site (certificate test).
FLOSS driver for the Luxtrust smartcard and signing stick
BGL, Raiffeisen
As of August 22nd 2012, BGL and Raiffeisen still use the 1.3 version of the Luxtrust wrapper, which does not yet support 32 bit.
However, this mail explains how to set up a program which automatically replaces the 32 bit JNI with a 64 bit version downloaded from Luxtrust's site.
BCEE
As of June 13th 2012, BCEE has deployed the buggy 1.4 version of the wrapper. Moreover, their javascript responsible for detecting the browser's architecture and loading the appropriate wrapper does not distinguish between Linux 32 bit and Linux 64 bit, and always loads the 32 bit version.
Which means that BCEE's SNET now works neither in 32 bits, nor in 64 bits. In 32 bit, the following error message is displayed:
LuxTrust error: 131081 - LTEC:131081:Middleware is not installed!
The reason for this message is that due to a typo in a config file included in the cryptoTI jar of the 1.4 wrapper, it looks for the middleware under the location for Macintosh rather than for Linux, and thus can't find it.
A workaround exists though, using the following bookmarklet:
javascript:(function(){oslib=navigator.platform.toLowerCase();if(/^lin.*64/.exec(oslib)){oslib='64';}else{oslib='32'};sel=document.querySelector('applet');txt=sel.archive;txt=txt.replace(/[^,]*LIN32_[a-z0-9.]*.jar/,'https://managing.luxtrust.lu/applets/public/LuxTrust_Gemalto_CryptoTI_Adapter_LIN'+oslib+'_1.4.1.jar');sel.setAttribute('archive',txt);sel.outerHTML+='';})()]
This replaces the pointer to the faulty copy of the Luxtrust jar on the bank site with a pointer to the original on Luxtrust's own site.
To install, right-click on your bookmark folder, chose New Bookmark
and set the above string as the Location
.
Alternatively, you may also go to http://www.alain.knaff.lu/Luxtrust/bookmarklet.html and simply drag the Fix homebanking
link to your bookmark folder.
Then go to bcee.lu and navigate to SNET normally. When the error message pops up, click the bookmark.
Incidentally, this also works for Raiffeisen (64 bit) and CCP, but not for BGL (64 bit) because BGL re-signs the Luxtrust applet jars with their own key.
CCP
Since July 23rd, CCP now also uses the faulty 1.4 version.
The bookmarklet as described above for BCEE is able to work around the problem with CCP too, but with a twist:
for some weird reason CCP has chosen to manipulate the settings of your browser such that the window has almost no bars, so the bookmarklet is inaccessible to the CCP connect window. However, the URL bar still shows, and you can just copy-paste that URL into the URL bar into another window, and then the bookmarklet is accessible.
Or just go to https://secure.ccp-connect.lu/ccpgate/xlogin?page=1&lang=en&channel=B2C
On newer distributions (such as Ubuntu 16.04) installing the Middleware is not possible due to failed dependencies (libssl0.9.8). For some weird reason the MiddleWare for LuxTrust needs libssl0.9.8 and libssl1.0.0, but the version 0.9.8 is not in the repositories anymore. The simpliest way to solve this dependency is to install libssl0.9.8 from an earlier distribution (For Ubuntu, it's here).
A full guide will also be found on my site. For stuff from the state like Guichet.lu you don't need this fix. You don't even need Oracle's java. Openjre(Iced Tea) does it also.
Update December 2018:
Installing the actual Luxtrust Middleware on Debian, the package complains that it cannot find libssl1.0.0. Therefore, you have to install the package libssl1.0.0_1.0.1t-1+deb8u10_amd64.deb from https://packages.debian.org/jessie/amd64/libssl1.0.0/download [1] before installing the Gemalto and then the luxtrust middleware. I will investigate to find another solution, as libssl1.0.0 is not recent anymore.