2010-11-02

Estonian ID Card: SK update 2010-11

SK has rolled out ID card software for Mac OS X and Linux. The package includes:

  • Firefox addon: a useless macro that runs
    Preferences / Advanced / Encryption / Security Devices / Add / opensc-pkcs11.so
    -- something you could do manually.
  • Utility to access ID card data, partly translated from Estonian.
  • Utility to read and sign documents (those utilities or at least something very similar produced by Smartlink I've seen two years ago).
  • A separate (why?) utility to encrypt documents.

Funny thing is: Ubuntu 10.04 Lucid support announced three weeks later after Ubuntu 10.10 Maverick was released. Anyway, all packages seem to install successfully.

$ uname -a
Linux e6410 2.6.35-22-generic #35-Ubuntu SMP Sat Oct 16 20:36:48 UTC 2010 i686 GNU/Linux


For those of you who were also waiting for a miracle like I did: no miracle for today. Nothing changed for Ubuntu users: sign-in works, digital signatures fail in Internet banks (SEB and Nordea tested). Still the same applet is used for signatures, and still it is not functional on my machine.

java version "1.6.0_20"
OpenJDK Runtime Environment (IcedTea6 1.9.1) (6b20-1.9.1-1ubuntu3)
OpenJDK Server VM (build 17.0-b16, mixed mode)
init, version: 1.3.12
Loading resources from jar
Loading resources from: jar://SignAppletLabels.properties
Dialog begin: window.SetDigiSign, [... base64 blob containing raw XML with bank account number and tag names in Estonian -- skipped ...]
Dialog end
checkLibraries()
initPKCS11()
module: libesteid-pkcs11.so
Init module: libesteid-pkcs11.so
PKCS11 init err: library already loaded or not found
LIBRARY LOAD ERROR: java.lang.UnsatisfiedLinkError - no pkcs11wrapper in java.library.path
java.lang.UnsatisfiedLinkError: no pkcs11wrapper in java.library.path
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1681)
at java.lang.Runtime.loadLibrary0(Runtime.java:840)
at java.lang.System.loadLibrary(System.java:1047)
at iaik.pkcs.pkcs11.wrapper.PKCS11Implementation.ensureLinkedAndInitialized(PKCS11Implementation.java:113)
at iaik.pkcs.pkcs11.wrapper.PKCS11Implementation.(PKCS11Implementation.java:148)
at iaik.pkcs.pkcs11.wrapper.PKCS11Connector.connectToPKCS11Module(PKCS11Connector.java:79)
at iaik.pkcs.pkcs11.Module.getInstance(Module.java:199)
at ee.itpe.signapplet.PKCS11Sign$1.run(Unknown Source)
at ee.itpe.signapplet.PKCS11Sign$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at ee.itpe.signapplet.PKCS11Sign.initPKCS11(Unknown Source)
at ee.itpe.signapplet.PKCS11Sign.getAvailableTokenNames(Unknown Source)
at ee.itpe.signapplet.CardReaderThread.run(Unknown Source)
Card init thread exiting!


There are still some hacks to try (like this one from Ideelabor), but I do not really believe in any success.

Maybe Open EstEID project results are worth trying.

3 comments:

Anonymous said...

won't work with openjdk, try sun java. works for me according to the sk manual

id card printing said...

The government will always exempt those people living on the margins of society and exemption from the ID card requirement as they have always done.

Juri said...

> The government will always exempt those people living on the margins of society and exemption from the ID card requirement as they have always done.

Well, this has nothing to do with identity and government relations with marginals. This is just an infra screw-up of several commercial banks and partly SK itself.

By the way, government is doing its part of the job fine here -- e-voting worked perfectly previous 2 times I tried that.