20131126 (Tuesday, 26 November 2013)

Reading Belgian eID cards

The EIDReader applet project encounters two important problems:

  • Java sucks
  • No supporting community

Maybe less important, but the last straw that breaks the camel’s back: I realized that an applet will always act only “upon user request”. More elegant than eidreader would be an action which starts automatically when the user inserts an eid card.

The client machines who want to read eid cards would need to install and run a background task which listens to the smartcard slot and when it finds a card, instead of popping up a window it writes that data to a configurable place on the Lino server. And the server would then watch that directory and read every incoming file.

The official way is to use the eID Middleware which “enables you to use the content of the electronic identity card from a desktop application”. The SDK has no Python binding, only C++,C#, VB and Java. So I would still need to write Java code. But at least not an applet.

The alternative way might be to write such an application in Python using pssi, written by Eric Bourry and Julien Flaissy, for which Laurent Léonard has written a belgian_eid plugin. pssi is a “Python script that provides an abstract layer for smartcard reading. Thanks to it, it is possible to read a smartcard by simply adding its structure in the form of a plugin, without taking care of the communication layer. The tool comes with several plugins, namely SIM, EMV, Navigo and Belgian eID.”

I installed pssi in order to see whether it works.

pssi requires the smartcard module which needs either system-wide or (if you want it in a virtualenv klike me) manual installation. Downloaded it from pyscard, then:

$ tar xvzf ~/Downloads/pyscard-1.6.12.tar.gz
$ cd ~/snapshots/pyscard-1.6.12
$ pip install -e .

The setup.py requires certain additional system packages:

$ sudo aptitude install swig
$ sudo aptitude install libpcsclite-dev

Then I checked out pssi from pssi and can run the pssi.py script directly:

~/repositories/pssi-read-only/pssi$ python pssi.py plugins/belgian-eid
Failed to load symbol for: SCardCancelTransaction, /lib/i386-linux-gnu/libpcsclite.so.1: undefined symbol: SCardCancelTransaction!

 ATR                         : 3B 98 13 40 0A A5 03 01 01 01 AD 13 11
 Content
    DF ID
       ID
          Card Number                 : 123-1234567-12                      ()
          Chip Number                 : 123c123e12345678901d123456789123    ()
          Card validity date begin    : 19.08.2011                          (DD.MM.YYYY)
          Card validity date end      : 19.08.2016                          (DD.MM.YYYY)
          Card delivery municipality  : Tallinn                             ()
          National Number             : 68.06.01-012.34                     ()
          Name                        : Saffre                              ()
          2 first given names         : Luc Johannes                        ()
          First letter of 3rd given names :                                     ()
          Nationality                 : Belgier                             ()
          Birth location              : Eupen                               ()
          Birth date                  : 01.JUN. 1968                        (DD mmmm YYYY or DD.mmm.YYYY (German))
          Sex                         : Man                                 ()
          Noble condition             :                                     ()
          Document type               : Belgian citizen                     ()
          Special status              : No status                           ()
          Hash photo                  : 56bf0a64c8c6914727670093b7f99063a71d4ff2 (SHA-1)

Cool!

Summary (so far)

Both the official and the alternative way seem possible. The latter would have the advantage of using Python. And of being “international”: support operation in places where different eId cards from different nations need to be read.

But for installation this is not an advantage: clients anyway need the official middleware and a Java JRE. Since I have no customer who requires international operation, I’d rather implement it as a Java application.

Sphinx has a new beta release

Georg Brandl announced a new beta release of Sphinx.

$ pip install -U sphinx

Which solved the problem of those thousands of “cannot read css stylesheet” messages. Thanks!

And here! See what I have been missing! sphinx-apidoc now can generate a separate page for each module! Cool!

TODO:

  • I noticed that the “(source code)” link of the API docs still refers to the Google repository.

Tx25: No handler for Guardians

Added new handler for “Guardians” element of a tx25.

TODO:

  • The run_action_from_console method of tables.Table can be removed.