I got my free Signing Stick this week, paid by the Luxembourgish government. I can now identify myself on public service websites as well as digitally sign all my mails and documents.
Unfortunately, I ran into a few problems when I tried to activate it on my Ubuntu machine. After a few tries and an unsuccessful call to the helpdesk, I finally got it to work. Here’s a small step-by-step guide:
- Install the pcsc package from the Ubuntu repositories: apt-get install pcscd
- Install the driver (downloadable from drivers.luxtrust.lu): dpkg -i libgemsafe0_5.1.0-02_i386_v2.deb
- Start the pcsc server (it should restart automatically after a reboot): /etc/init.d/pcscd start
- Run the “pinmgt” tool: First, choose “Change PIN” and then choose “Unblock PIN” (Important! For some reason the activation didn’t work for me without this step: I constantly got a “PIN is uninitialized” error.)
- Afterwards, unplug the stick and plug it back in.
Now, you should be able to complete the activation on activate.luxtust.lu.
Hi,
is that everything you did?
I tried your howto but allways get the errors:
1)login failed
2)PKCS11 Library cannot be unloaded
At what point do you get these error messages? During or after activation? In which application?
Thanks for your answer.
I installed anything step by step like in your howto.
Then I start pinmgt and if I want to change or unlock the card I get the login failed error.
Here some debuging:
pcsc_scan
PC/SC device scanner
V 1.4.14 (c) 2001-2008, Ludovic Rousseau
Compiled with PC/SC lite version: 1.4.99
Scanning present readers
0: Gemplus GemPC Key 00 00
Sat Aug 16 15:13:47 2008
Reader 0: Gemplus GemPC Key 00 00
Card state: Card inserted,
ATR: xxxxxxxxxxxxxxx
ATR: xxxxxxxxxxxx
+ TS = 3B –> Direct Convention
+ T0 = 7D, Y(1): 0111, K: 13 (historical bytes)
TA(1) = 94 –> Fi=512, Di=8, 64 cycles/ETU (55800 bits/s at 3.57 MHz)
TB(1) = 00 –> VPP is not electrically connected
TC(1) = 00 –> Extra guard time: 0
+ Historical bytes: 80 21 80 65 B0 83 02 04 7E 83 00 90 00
Category indicator byte: 80 (compact TLV data object)
Tag: 3, len: 1 (card service data byte)
Card service data byte: 80
– Application selection: by full DF name
– EF.DIR and EF.ATR access services: by GET RECORD(s) command
– Card with MF
Tag: 6, len: 5 (pre-issuing data)
Data: B0 86 02 04 7E
Tag: 8, len: 3 (status indicator)
LCS (life card cycle): 00 (No information given)
SW: 9000 (Normal processing.)
Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
xxxxxxxxxxxx
GXP Pro R3.2 64K, GemSafe applet MPCOS v1.11
so the pcscd finds my stick and the card, but I think pinmgt can’t connect to it?!
I can’t reproduce the error message. Unfortunately, the linux drivers seem to be pretty unstable, so you should try to activate the stick on a Windows machine.
You could also try to contact the LuxTrust helpdesk. Maybe they can help you.
I’m running into the exact same issues here as Tom. (PKCS11 lib)
Only that I’m using gentoo. Judging from Tom’s pcsc_scan, I presume he’s using the same driver than me (ifd-gmpc –> /usr/lib/readers/usb/ifd-GemPC430.bundle/Contents/Linux/libGemPC430.so.1.0.3)
I rpm2tar’ed the rpm from the luxtrust site, but I can’t quite figure out where to put the files they put into /usr/lib/gemsafe (as pcscd only accepts those “bundles”.) I’ll try the various modules…to see if pcscd even accepts manually created bundles.
BTW, if you’re playing around with this stuff, you should seriously have a look @ hackerspace.lu an get in touch with us!
Ok, I got as far as receiving a new error message now:
The tool says “No Slot found” and in my syslog, there’s “winscard_clnt.c:3422:SCardCheckDaemonAvailability() PCSC Not Running”
I may be using the wrong lib in my Info.plist:
CFBundleExecutable
libPK2GemId.so.0.0.0
libgck2015x.so
If you have more information, please contribute!
Unfortunately I currently do not have time to look any deeper into this. Anyways, there are (afaik) no drivers for 64 bit machines (neither for Linux nor for Windows), so I won’t be able to test it as I am now running a 64 bit OS.
Regards,
Michel
Hi,
Same problem as tom under kubuntu 8.04
Are you sure that you have both “Libpcsc” and “Pcscd” installed on your box? Verify that using Synaptic Package Mgr.
Hey,
I got the same Stick but didn’t provide an email address while ordering.
Is there any way to get a new SIM with a new certificate or sth. without having to re-pay?
Thanks
Hey,
Recieved my stick today. Everything ok for me. Thank you for your description.
Hello,
luxtrust usb stick works under ubuntu, you just don’t have the GUI to configuer it. You also have to install libs (the one describe above).
Note that the middleware doesn’t work for x64, only x86 versions are supported
Hi
In order to get the Luxtrust Stuff working in Linux you also need to have a recent libccid.
In Ubuntu, you can easily get it via “apt-get install libccid”
Greetings,
hello
do you knew if it is possible to install luxtrust under a 64bit ubuntu?
xavier
Thank you for the article!
You could perhaps add how you can make the module work in firefox:
You have to select in Firefox: Edit -> Preferences -> Advanced -> Encryption -> Security devices -> load:
In the field “Module Name”, write “LuxTrust PKCS#11 Module”.
In the field “Module filename”, select “/usr/lib/gemsafe/ligclib.so”
To make the module work in Adobe Reader, you have to select in Adobe: Document -> Security Settings.
Under “Digital IDs” select “PKCS#11 Modules and Tokens” and click on “Attach Module”. Then select “/usr/lib/gemsafe/ligclib.so”. Afterward, you can log in when you select “PKCS#11 Cryptoki Multiplexer”.
For me, the version 9 of Adobe Reader was not working, but the version 8.