I got my free Signing Stick this week, paid by the Luxembourgish government. I can now identify myself on public service websites as well as digitally sign all my mails and documents.
Unfortunately, I ran into a few problems when I tried to activate it on my Ubuntu machine. After a few tries and an unsuccessful call to the helpdesk, I finally got it to work. Here’s a small step-by-step guide:
- Install the pcsc package from the Ubuntu repositories: apt-get install pcscd
- Install the driver (downloadable from drivers.luxtrust.lu): dpkg -i libgemsafe0_5.1.0-02_i386_v2.deb
- Start the pcsc server (it should restart automatically after a reboot): /etc/init.d/pcscd start
- Run the “pinmgt” tool: First, choose “Change PIN” and then choose “Unblock PIN” (Important! For some reason the activation didn’t work for me without this step: I constantly got a “PIN is uninitialized” error.)
- Afterwards, unplug the stick and plug it back in.
Now, you should be able to complete the activation on activate.luxtust.lu.
Hi,
is that everything you did?
I tried your howto but allways get the errors:
1)login failed
2)PKCS11 Library cannot be unloaded
At what point do you get these error messages? During or after activation? In which application?
Thanks for your answer.
I installed anything step by step like in your howto.
Then I start pinmgt and if I want to change or unlock the card I get the login failed error.
Here some debuging:
pcsc_scan
PC/SC device scanner
V 1.4.14 (c) 2001-2008, Ludovic Rousseau
Compiled with PC/SC lite version: 1.4.99
Scanning present readers
0: Gemplus GemPC Key 00 00
Sat Aug 16 15:13:47 2008
Reader 0: Gemplus GemPC Key 00 00
Card state: Card inserted,
ATR: xxxxxxxxxxxxxxx
ATR: xxxxxxxxxxxx
+ TS = 3B –> Direct Convention
+ T0 = 7D, Y(1): 0111, K: 13 (historical bytes)
TA(1) = 94 –> Fi=512, Di=8, 64 cycles/ETU (55800 bits/s at 3.57 MHz)
TB(1) = 00 –> VPP is not electrically connected
TC(1) = 00 –> Extra guard time: 0
+ Historical bytes: 80 21 80 65 B0 83 02 04 7E 83 00 90 00
Category indicator byte: 80 (compact TLV data object)
Tag: 3, len: 1 (card service data byte)
Card service data byte: 80
- Application selection: by full DF name
- EF.DIR and EF.ATR access services: by GET RECORD(s) command
- Card with MF
Tag: 6, len: 5 (pre-issuing data)
Data: B0 86 02 04 7E
Tag: 8, len: 3 (status indicator)
LCS (life card cycle): 00 (No information given)
SW: 9000 (Normal processing.)
Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
xxxxxxxxxxxx
GXP Pro R3.2 64K, GemSafe applet MPCOS v1.11
so the pcscd finds my stick and the card, but I think pinmgt can’t connect to it?!
I can’t reproduce the error message. Unfortunately, the linux drivers seem to be pretty unstable, so you should try to activate the stick on a Windows machine.
You could also try to contact the LuxTrust helpdesk. Maybe they can help you.
I’m running into the exact same issues here as Tom. (PKCS11 lib)
Only that I’m using gentoo. Judging from Tom’s pcsc_scan, I presume he’s using the same driver than me (ifd-gmpc –> /usr/lib/readers/usb/ifd-GemPC430.bundle/Contents/Linux/libGemPC430.so.1.0.3)
I rpm2tar’ed the rpm from the luxtrust site, but I can’t quite figure out where to put the files they put into /usr/lib/gemsafe (as pcscd only accepts those “bundles”.) I’ll try the various modules…to see if pcscd even accepts manually created bundles.
BTW, if you’re playing around with this stuff, you should seriously have a look @ hackerspace.lu an get in touch with us!
Ok, I got as far as receiving a new error message now:
The tool says “No Slot found” and in my syslog, there’s “winscard_clnt.c:3422:SCardCheckDaemonAvailability() PCSC Not Running”
I may be using the wrong lib in my Info.plist:
CFBundleExecutable
libPK2GemId.so.0.0.0
libgck2015x.so
If you have more information, please contribute!
Unfortunately I currently do not have time to look any deeper into this. Anyways, there are (afaik) no drivers for 64 bit machines (neither for Linux nor for Windows), so I won’t be able to test it as I am now running a 64 bit OS.
Regards,
Michel