Hello,
I own an ID card reader (for Estonian ID) and I would like to be able to sign stuff in Firefox. I have PKCS11 loader extension installed but it seems to be disabled even on pages where I can sign documents in the browser.
I have the following packages installed:
local/acsccid 1.1.10-1
PC/SC driver that supports ACS CCID smart card readers.
local/ccid 1.5.2-1
A generic USB Chip/Smart Card Interface Devices driver
local/opensc 0.23.0-1
Tools and libraries for smart cards
local/chrome-token-signing 1:1.1.5.547-1
Chrome and Firefox extension for signing with your eID on the web
local/pcsc-perl 1.4.14-14
A Perl Module for PC/SC SmartCard access
local/pcsc-tools 1.6.2-1
PC/SC Architecture smartcard tools
local/pcsclite 2.0.0-1
PC/SC Architecture smartcard middleware library
local/libdigidocpp 3.16.0.1442-1
Library for creating, signing and verification of digitally signed documents, according to XAdES and XML-DSIG standards
local/qdigidoc4 4.4.0.4447-1
DigiDoc4 Client is an application for digitally signing and encrypting documents; the software includes functionality to manage Estonian ID-card - change pin codes, update certificates etc.
Both pcscd socket and systemd services are enabled:
[sudo] password for v1rtl:
β pcscd.socket - PC/SC Smart Card Daemon Activation Socket
Loaded: loaded (/usr/lib/systemd/system/pcscd.socket; enabled; preset: disabled)
Active: active (running) since Fri 2023-09-08 12:33:16 EEST; 32min ago
Triggers: β pcscd.service
Listen: /run/pcscd/pcscd.comm (Stream)
CGroup: /system.slice/pcscd.socket
sept 08 12:33:16 Asus systemd[1]: Listening on PC/SC Smart Card Daemon Activation Socket.
β pcscd.service - PC/SC Smart Card Daemon
Loaded: loaded (/usr/lib/systemd/system/pcscd.service; indirect; preset: disabled)
Active: active (running) since Fri 2023-09-08 12:35:01 EEST; 31min ago
TriggeredBy: β pcscd.socket
Docs: man:pcscd(8)
Main PID: 2571 (pcscd)
Tasks: 11 (limit: 37895)
Memory: 6.7M
CPU: 388ms
CGroup: /system.slice/pcscd.service
ββ2571 /usr/bin/pcscd --foreground --auto-exit
sept 08 12:35:01 Asus systemd[1]: Started PC/SC Smart Card Daemon.
sept 08 12:35:01 Asus (pcscd)[2571]: pcscd.service: Referenced but unset environment variable evaluates to a>
DigiDoc4 client works completely fine, it detects the card and I'm able to sign documents. Okular also works with PDF signing. But on Firefox for whatever reason the extension is always disabled. I tried installing from Firefox Addon store, and building from source and importing xpi, none worked.
Here's how it looks when it's disabled:
For instance I can't log in to eesti.ee:
pcsc_scan output:
PC/SC device scanner
V 1.6.2 (c) 2001-2022, Ludovic Rousseau <ludovic.rousseau@free.fr>
Using reader plug'n play mechanism
Scanning present readers...
0: Alcor Micro AU9540 00 00
Fri Sep 8 13:11:11 2023
Reader 0: Alcor Micro AU9540 00 00
Event number: 1
Card state: Card inserted, Shared Mode,
+ TS = 3B --> Direct Convention
+ T0 = DB, Y(1): 1101, K: 11 (historical bytes)
TA(1) = 96 --> Fi=512, Di=32, 16 cycles/ETU
250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
TC(1) = 00 --> Extra guard time: 0
TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0
-----
TD(2) = B1 --> Y(i+1) = 1011, Protocol T = 1
-----
TA(3) = FE --> IFSC: 254
TB(3) = 45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
TD(3) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following
-----
TA(4) = 83 --> Clock stop: state H - Class accepted by the card: (3G) A 5V B 3V
Category indicator byte: 00 (compact TLV data object)
Tag: 1, len: 2 (country code, ISO 3166-1)
Country code: 23 3F
Tag: 5, len: 3 (card issuer's data)
Card issuer data: 65 49 44
Mandatory status indicator (3 last bytes)
LCS (life card cycle): 0F (unknown)
SW: 9000 (Normal processing.)
+ TCK = F1 (correct checksum)
Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
Estonia ID-card (eID)
https://id.ee
my garuda-inxi:
System:
Kernel: 6.4.12-arch1-1 arch: x86_64 bits: 64 compiler: gcc v: 13.2.1
clocksource: tsc available: acpi_pm
parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux
root=UUID=31891f4d-4b7f-4e61-a0da-e72715325014 rw rootflags=subvol=@
"acpi.dyndbg=file drivers/acpi/x86/s2idle.c +p" quiet quiet
rd.udev.log_priority=3 vt.global_cursor_default=0 loglevel=3 ibt=off
Desktop: KDE Plasma v: 5.27.7 tk: Qt v: 5.15.10 wm: kwin_wayland vt: 1
dm: SDDM Distro: Garuda Linux base: Arch Linux
Machine:
Type: Laptop System: ASUSTeK product: ROG Zephyrus G16 GU603VV_GU603VV
v: 1.0 serial: <superuser required>
Mobo: ASUSTeK model: GU603VV v: 1.0 serial: <superuser required>
UEFI: American Megatrends LLC. v: GU603VV.308 date: 04/21/2023
Battery:
ID-1: BAT0 charge: 24.7 Wh (29.0%) condition: 85.2/90.0 Wh (94.7%)
power: 24.0 W volts: 14.5 min: 15.9 model: AS3GWAF3KC GA50358 type: Unknown
serial: <filter> status: discharging
CPU:
Info: model: 13th Gen Intel Core i9-13900H bits: 64 type: MST AMCP
arch: Raptor Lake gen: core 13 level: v3 note: check built: 2022+
process: Intel 7 (10nm) family: 6 model-id: 0xBA (186) stepping: 2
microcode: 0x4119
Topology: cpus: 1x cores: 14 mt: 6 tpc: 2 st: 8 threads: 20 smt: enabled
cache: L1: 1.2 MiB desc: d-8x32 KiB, 6x48 KiB; i-6x32 KiB, 8x64 KiB
L2: 11.5 MiB desc: 6x1.2 MiB, 2x2 MiB L3: 24 MiB desc: 1x24 MiB
Speed (MHz): avg: 2772 high: 3000 min/max: 400/5200:5400:4100 scaling:
driver: intel_pstate governor: powersave cores: 1: 3000 2: 3000 3: 3000
4: 3000 5: 670 6: 3000 7: 784 8: 3000 9: 3000 10: 3000 11: 3000 12: 3000
13: 3000 14: 3000 15: 3000 16: 3000 17: 3000 18: 3000 19: 3000 20: 3000
bogomips: 119840
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
Vulnerabilities: <filter>
Graphics:
Device-1: Intel Raptor Lake-P [Iris Xe Graphics] vendor: ASUSTeK
driver: i915 v: kernel arch: Gen-13 process: Intel 7 (10nm) built: 2022+
ports: active: eDP-1 empty: DP-1,DP-2 bus-ID: 00:02.0 chip-ID: 8086:a7a0
class-ID: 0300
Device-2: NVIDIA AD107M [GeForce RTX 4060 Max-Q / Mobile] vendor: ASUSTeK
driver: nvidia v: 535.104.05 alternate: nouveau,nvidia_drm non-free: 535.xx+
status: current (as of 2023-08) arch: Lovelace code: AD1xx
process: TSMC n4 (5nm) built: 2022-23+ pcie: gen: 3 speed: 8 GT/s lanes: 8
link-max: gen: 4 speed: 16 GT/s bus-ID: 01:00.0 chip-ID: 10de:28e0
class-ID: 0300
Device-3: Quanta USB2.0 HD UVC WebCam driver: uvcvideo type: USB rev: 2.0
speed: 480 Mb/s lanes: 1 mode: 2.0 bus-ID: 3-7:3 chip-ID: 0408:30c3
class-ID: fe01 serial: <filter>
Display: wayland server: X.org v: 1.21.1.8 with: Xwayland v: 23.2.0
compositor: kwin_wayland driver: X: loaded: modesetting,nvidia
unloaded: nouveau alternate: fbdev,intel,nv,vesa dri: iris
gpu: i915,nvidia display-ID: 0
Monitor-1: eDP-1 res: 2048x1280 size: N/A modes: N/A
API: OpenGL v: 4.6 Mesa 23.1.6-arch1.4 renderer: Mesa Intel Graphics
(RPL-P) direct-render: Yes
Audio:
Device-1: Intel Raptor Lake-P/U/H cAVS vendor: ASUSTeK driver: snd_hda_intel
v: kernel alternate: snd_sof_pci_intel_tgl bus-ID: 00:1f.3
chip-ID: 8086:51ca class-ID: 0403
Device-2: NVIDIA vendor: ASUSTeK driver: snd_hda_intel v: kernel pcie:
gen: 3 speed: 8 GT/s lanes: 8 link-max: gen: 4 speed: 16 GT/s
bus-ID: 01:00.1 chip-ID: 10de:22be class-ID: 0403
API: ALSA v: k6.4.12-arch1-1 status: kernel-api with: aoss
type: oss-emulator tools: N/A
Server-1: PipeWire v: 0.3.79 status: active with: 1: pipewire-pulse
status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
4: pw-jack type: plugin tools: pactl,pw-cat,pw-cli,wpctl
Network:
Device-1: Intel Raptor Lake PCH CNVi WiFi driver: iwlwifi v: kernel
bus-ID: 00:14.3 chip-ID: 8086:51f1 class-ID: 0280
IF: wlo1 state: up mac: <filter>
Device-2: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet
vendor: ASUSTeK driver: N/A modules: r8169 pcie: gen: 1 speed: 2.5 GT/s
lanes: 1 port: 3000 bus-ID: 3a:00.0 chip-ID: 10ec:8168 class-ID: 0200
Bluetooth:
Device-1: Intel driver: btusb v: 0.8 type: USB rev: 2.0 speed: 12 Mb/s
lanes: 1 mode: 1.1 bus-ID: 3-10:4 chip-ID: 8087:0033 class-ID: e001
Report: btmgmt ID: hci0 rfk-id: 0 state: up address: <filter> bt-v: 5.3
lmp-v: 12 status: discoverable: no pairing: no class-ID: 7c010c
Drives:
Local Storage: total: 953.87 GiB used: 148.34 GiB (15.6%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Micron model: 2400 MTFDKBA1T0QFM
size: 953.87 GiB block-size: physical: 512 B logical: 512 B speed: 63.2 Gb/s
lanes: 4 tech: SSD serial: <filter> fw-rev: V3MA003 temp: 33.9 C
scheme: GPT
Partition:
ID-1: / raw-size: 953.57 GiB size: 953.57 GiB (100.00%)
used: 148.34 GiB (15.6%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
ID-2: /boot/efi raw-size: 300 MiB size: 299.4 MiB (99.80%)
used: 576 KiB (0.2%) fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1
ID-3: /home raw-size: 953.57 GiB size: 953.57 GiB (100.00%)
used: 148.34 GiB (15.6%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
ID-4: /var/log raw-size: 953.57 GiB size: 953.57 GiB (100.00%)
used: 148.34 GiB (15.6%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
ID-5: /var/tmp raw-size: 953.57 GiB size: 953.57 GiB (100.00%)
used: 148.34 GiB (15.6%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
Swap:
Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default) zswap: no
ID-1: swap-1 type: zram size: 30.97 GiB used: 0 KiB (0.0%) priority: 100
comp: zstd avail: lzo,lzo-rle,lz4,lz4hc,842 max-streams: 20 dev: /dev/zram0
Sensors:
System Temperatures: cpu: 36.0 C mobo: N/A
Fan Speeds (rpm): cpu: 2300
Info:
Processes: 412 Uptime: 28m wakeups: 2 Memory: total: 32 GiB note: est.
available: 30.97 GiB used: 9.04 GiB (29.2%) Init: systemd v: 254
default: graphical tool: systemctl Compilers: gcc: 13.2.1 clang: 16.0.6
Packages: pm: pacman pkgs: 1608 libs: 485 tools: octopi,paru Shell: fish
v: 3.6.1 running-in: konsole inxi: 3.3.29
Garuda (2.6.16-1):
System install date: 2023-08-27
Last full system update: 2023-09-08 β»
Is partially upgraded: No
Relevant software: snapper NetworkManager dracut nvidia-dkms
Windows dual boot: No/Undetected
Failed units: nmb.service