UPDATE year 2014 : by now the mobile BankID is avaialble on smartphones,
and most sites having BankID login also support mobile BankID.
It is an app you run in your phone, and can validate login on both the phone but also any login you initiate on any other computer.
You need to register at your bank to get mobille BankID acess.
This makes this issue less important, however it is normally more conveient to have it on the computer.
This HOWTO is about the Swedish BankID which have very bad support for Linux.
( The Norwegian BankID do support most Linux distributions
https://www.bankid.no/Hjelp-og-nyttige- ... ormstotte/ )
Not having this secure authentication method working may be a road blocker for many to switch OS. So here let me bust that roadblock
Nexus Personal BankID client is a browser plugin that is used mainly in Sweden for authenticating users logging into bank, tax authority, social security and more.
There exist competing systems used by other banks. Many banks, the tax authority, social security and more have several alternate ways.
I wish to mention the solution administered by phone company by telia as they have another native Linux version (which I have not tested)
from secmaker.com, that officially support 64 and 32 bit Ubuntu install: https://cve.trust.telia.com/TeliaElegNG/NetId/
Unfortunately my local bank only use BankID, and I have been struggeling logging in using Linux for years...
"Unfortunately" I say because they do not support any other Linux than 32 bit Ubuntu, and on linux only Firefox browser. Some bank say it do not work on Linux at all...
But that is merely a political lazy decision, because the stupid install script is made only for ubuntu 32 bit.
They claim not want to test security on every OS and browser, but as you will se we can do that anyway so it is not protected, and if they wanted security they should instead stop MSWindows and MSIE...
There actually do exist a free client that works for many people, depending on what version of key their bank use:
FriBID, http://www.fribid.se/, And it is packaged for Mageia: https://bugs.mageia.org/show_bug.cgi?id=983#c28
Enough talking!
Below I have compiled a guide to install and use Nexus client on Mageia both 32 and 64 bit - all tested on Mageia 2 KDE and Firefox 10 ESR and 17 ESR. (And I experienced it also work using Opera 12.x on most sites without any more work, see below.) It work for some other distributions too.
UPDATE 2013-12-02: OK in Mga3-64bit, Firefox ESR 24.1.1
UPDATE 2014-01-30: 64 bit Mageia 4: there are problems regarding nspluginwrapper on mga4 and some other recent distros, see bugs.mageia.org/show_bug.cgi?id=12011 And to use the alternate solution of running 32 bit Firefox on 64 bit OS also fail: for me even running /usr/local/bin/personal quietly exits when starting it alone and trying to remove a key, and also dies during use with 32 bit firefox. I have not tested 32 bit mageia 4. Only solution for latest 64 bit linux systems to somewhat reliably run BankID seem to be to use i.e virtualbox and in that install elder 32-bit minimal system for BankID
( Possibly also when using latest 32-bit systems and you experience problems, BankID need be installed in a virtual machine with elder 32-bit system )Overwiew
Nexus BankID application is normally started by the web browser and use locally stored keys in files under users home, and keyword entered by the user.
For getting the initial key you get a code from your bank. Before it expires (1 year) you can get a new key after logging into your bank.
INSTALLATION
1) Install these 32 bit packages (even on 64 bit system): in terminal become root and
- Code: Select all
# urpmi libpng12_0 libcanberra-gtk0 liboxygen-gtk libgcrypt11 libidn11
3) Unpack the file, go into the unpacked folder and down again in subfolder BISP-4.19.1.11663 (version number change by time)
4) there grab personal.desktop program start link and copy to your desktop if you like,
5) open terminal in that folder, become root and run the installer:
- Code: Select all
# ./install.4.19.1.11663.sh i
# ln -s /usr/local/lib/personal/libplugins.so /usr/lib/mozilla/plugins/
Then chose A, B or C:
A) If your system is 32 bit Mageia: go to "Testing and key"!
B) If your system is 64 bit Mageia, you have to execute:
- Code: Select all
# urpmi nspluginwrapper
# nspluginwrapper -i /usr/local/lib/personal/libplugins.so
C) Alternate method for 64 bit system if B) above fail: use 32 bit Firefox
- Code: Select all
# urpme nspluginwrapper-i386 firefox
Then you install Firefox i586 and your language file. Possibly you want flash-player-plugin to work in firefox. So install that too, 32-bit version. (I have not tested. And I do not know if you can have 64-bit installed at the same time (for use by other browser), it it can not uninstall 32-bit version, or use nspluginwrapper to use 64-bit on 32-bit firefox. How to do that is not my cup of tea, but ask in forum if needed, and please add solution in this thread.)
On 64 bit Mageia (regardless of method B or C above)
Some sites force us to hide we use a 64 bit Linux system !
In Firefox use an extension to change the user-agent the browser reports. I used User Agent Changer, and now User Agent Quick Switch. I removed the CPU info (x86_64) so it became: "Mozilla/5.0 (X11; Linux; rv:10.0.11) Gecko/20100101 Firefox/10.0.11" Without this change I could use BankID everywhere except entering test.bankid.com (but tests shows OK once entered) and I also could not fetch a new key.
You can check what your browser say at http://whatsmyuseragent.com/
Testing and key
1) Close Firefox.
2) In a terminal as normal user issue /usr/local/bin/personal and the BankID window should become visible.
If there is some problem you will see output in terminal. Any more package needed?
3) Start Firefox and goto https://test.bankid.com/testbankidcom/ and see if it thinks BankID is installed and good.
If it say Bankid can not be installed on your system, check if your browser "spoof correctly", see above.
4a) If you alreday have BankID keys: Close Firefox, BankID, Terminal, copy in your keys as per chapter "Copying and moving keys" below, then restart /usr/local/bin/personal and you shoud see it finds them.
4b) OR get an initial code and instructions from your bank for retrieving a key.
5) Revisit test.bankid.com and verify you can log in and sign.
6) Try logging in everywhere you need. Celebrate
! Keep the unpacked folder (or the archive) - if you need to repair or downgrade from future version.
Problems?
§ Are you running the latest version?
§ Perform 2) from "Testing and key" above.
§ On 64-bit Linux with 64 bit firefox, see "Issue on 64 bit Mageia" below
§ In firefox, see if plugin is found by browsing to about:plugins
§ Weird errors may happen if the plugin is not linked/wrapped correctly after update, so redo the ln -s line from beginning of install instruction, and if on 64-bit Linux execute the described ndiswrapper -i line.
§ Still not working? Try reading links below, do a web search, ask here, and in any case post here how you solved it!
Card reader
It can use USB connected card reader but I have not bothered to get one such so it is not covered here. See links below.
HOUSEKEEPING
Reminder: On 64 bit Mageia: do not forget to in the browser select a user-agent string that do not say 64 bit Linux
Issue on 64 bit Mageia: stopped working after flash plugin update
Suddenly it did not work. I tracked it to an automatic update of flash browser plugin;
Updating flash-player-plugin makes libplugins.so loose the wrapper! Mageia bug 9053.
# nspluginwrapper -l
listed nothing, so I "rewrapped" it again using
# nspluginwrapper -i /usr/local/lib/personal/libplugins.so
And it is working again.
Update BankID version
I do no think uninstall is necessary
Just get the new install file, unpack and run the installer. libplugins.so is linked so it follows automatically on 32 bit.
But on 64-bit system nspluginwrapper should be run to update the plugin:
- Code: Select all
# nspluginwrapper -u /usr/lib64/mozilla/plugins/npwrapper.libplugins.so
Uninstall
If you want your keys elsewhere, export them (see next chapter)
Uninstall by running the installer program with "u" instead of "i", like this: # /usr/local/lib/personal/install* u
And optionally clean anything else you have done, and remove ~/.personal if you do not need it
Copying and moving keys
Alternative 1) If you already have run BankID on Linux on another system, then copy ~/.personal from that to current system. ! Make sure to have the correct file ownership! ( #chown -R myusername:mygroup ~/.personal)
Alternative 2) export/import as per Nexus manual (see "Documentation by Nexus" below. (also works between operating system types)
APPENDIX
Other browsers
I have only tried Opera. Some sites require user-agent forging; In Opera: Tools > Quick settings > Settings for site > Network > Identify > Identify as Firefox
Works most sites. Alternatively also try *Masquerading* as Firefox. Masquerading as IE it even works at test.bankid.com !
Documentation by Nexus
Go to https://install.bankid.com/ and to the right there is a pdf link.
(that ugly URI happen to work in Opera but not Firefox. Say a bit about the dedication at Nexus to provide quality software...)
.txt and .htm files in /usr/local/lib/personal/ (they are also in the folder you unpacked)
And you can read the install*.sh script in an editor to see what it does.
References and other guides and discussions, in Swedish
Card reader: http://mageiasv.blogspot.se/2012/10/ban ... asare.html
Swedish Ubuntu forum have lots of info: http://ubuntu-se.org/wiki/NexusPersonal
64 bit Ubuntu: http://larsemil.se/ubuntu-11-04-64bit-och-bankid/
64 bit OpenSUSE: http://www.linuxportalen.se/forums/2011 ... -firefox-8
32 bit debian: http://www.linuxportalen.se/forums/2012 ... an-l-sning
Critics of bad Linux support: http://www.idg.se/2.1085/1.300896/e-tja ... webblasare
Push for better support for Linux. Example: http://forslag.forsakringskassan.se/ide ... versionen/
And of course do a web search on BankID Linux for up to date infos;
http://sv.wikipedia.org/wiki/E-legitimation
