firefox-pkcs11-loader
firefox-pkcs11-loader copied to clipboard
open-eid
PKCS11 loader Add-on is not enabled.
Hello I followed all the instructions for using Lithuanian SmartID cards and executed the installation script https://www.id.ee/en/plugins/.
I am able to read ID card information on my host machine, but the browser extension seems to be not enabled (see screenshot below)
OS: Kubuntu 22.04.3 LTS x86_64 Host: Latitude 7490 Browser: Firefox 120.0 (64bit), non-snap, Debian package
Same. I try to get the fedora open-eid package running. I have inspected the extension:
14:08:51.728 module is not installed: idemiaawppkcs11 background.js:41:17 14:08:51.756 Unable to load module: Error: An unexpected error occurred background.js:34:15 load moz-extension://d139bc19-0508-43ec-8d36-26508813ea3d/background.js:34
This extension suffers from the windows methodology to hide any useful error messages :)
Anyway, not sure if its the same reason it is not working for you. And I don't know how to fix it yet :)
/usr/lib64/mozilla/pkcs11-modules/idemiaawppkcs11.json
{
"name": "idemiaawppkcs11",
"description": "IDEMIA AWP PKCS#11 Module",
"type": "pkcs11",
"path": "/usr/local/AWP/lib/libOcsPKCS11Wrapper.so",
"allowed_extensions": ["{02274e0c-d135-45f0-8a9c-32b35110e10d}"]
}
file /usr/local/AWP/lib/libOcsPKCS11Wrapper.so
/usr/local/AWP/lib/libOcsPKCS11Wrapper.so: cannot open `/usr/local/AWP/lib/libOcsPKCS11Wrapper.so' (No such file or directory)
I cannot find any package providing that libOcsPKCS11Wrapper.so
Same. I try to get the fedora open-eid package running. I have inspected the extension:
14:08:51.728 module is not installed: idemiaawppkcs11 background.js:41:17 14:08:51.756 Unable to load module: Error: An unexpected error occurred background.js:34:15 load moz-extension://d139bc19-0508-43ec-8d36-26508813ea3d/background.js:34
This extension suffers from the windows methodology to hide any useful error messages :)
extension reports all errors that are available. It is the firefox that hides errors
Anyway, not sure if its the same reason it is not working for you. And I don't know how to fix it yet :)
Do you have installed the package system ? The extension does not work standalone.
/usr/lib64/mozilla/pkcs11-modules/idemiaawppkcs11.json
{ "name": "idemiaawppkcs11", "description": "IDEMIA AWP PKCS#11 Module", "type": "pkcs11", "path": "/usr/local/AWP/lib/libOcsPKCS11Wrapper.so", "allowed_extensions": ["{02274e0c-d135-45f0-8a9c-32b35110e10d}"] }file /usr/local/AWP/lib/libOcsPKCS11Wrapper.so /usr/local/AWP/lib/libOcsPKCS11Wrapper.so: cannot open `/usr/local/AWP/lib/libOcsPKCS11Wrapper.so' (No such file or directory)I cannot find any package providing that libOcsPKCS11Wrapper.so
Ignore the idemia. It is obsolete and actualy the whole extension is obsolete. OpenSC contains own pkcs11 register service for module
Ah yes, I read the debugging message wrong. The error occurs while loading this one onepinopenscpkcs11, the other message is just informational. Mhh, need to check why it cannot find that one.
Do you have installed the package system
yes, there's an open-eid fedora package which I am trying to get running
This extension suffers from the windows methodology to hide any useful error messages :)
extension reports all errors that are available. It is the firefox that hides errors
Ok, it reports it, but not to the user :) I guess the extension would need to catch its exceptions and provide some kind of UI notification, even if it would be just an window.alert()
I checked the other lib and it is actually available where the add on seems to expect it
➜ cat /usr/lib64/mozilla/pkcs11-modules/onepinopenscpkcs11.json
{
"name": "onepinopenscpkcs11",
"description": "OpenSC PKCS#11 Module",
"type": "pkcs11",
"path": "/usr/lib64/pkcs11/onepin-opensc-pkcs11.so",
"allowed_extensions": ["{02274e0c-d135-45f0-8a9c-32b35110e10d}"]
}
➜ file /usr/lib64/pkcs11/onepin-opensc-pkcs11.so
/usr/lib64/pkcs11/onepin-opensc-pkcs11.so: symbolic link to ../onepin-opensc-pkcs11.so
➜ file /usr/lib64/onepin-opensc-pkcs11.so
/usr/lib64/onepin-opensc-pkcs11.so: symbolic link to opensc-pkcs11.so
➜ file /usr/lib64/opensc-pkcs11.so
/usr/lib64/opensc-pkcs11.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=c8f10e211e4aa4fd96470fe9f123994e65d66eb2, stripped
Don't know why it fails to load
This extension suffers from the windows methodology to hide any useful error messages :)
extension reports all errors that are available. It is the firefox that hides errors
Ok, it reports it, but not to the user :) I guess the extension would need to catch its exceptions and provide some kind of UI notification, even if it would be just an window.alert()
Update: Ok you were right with firefox hiding the error, at least for any low level information. The exception occurred when the extension tries to install the onepinopenscpkcs11 module. I found the reason for this, there was an pkcs-proxy (or something like that) cryptographic module loaded, which was accessing the same card. After I have unloaded that module, the extension is now able to install the onepinopenscpkcs11 module. It shows the correct card data and I can log in using the PIN (using the firefox settings dialog here). Unfortunately, eesti.ee still does not recognize the card. Need to investigate further.
Wohoo, working now (almost). I missed to install the Web eID addon + web-eid package. Now I have the PIN dialogue, looks fine. I get an another authentication error, but I guess that's out of scope and only because the card is not activated yet.
I had this issue on arch linux because I was missing the manifest files. I got the two files "idemiaawppkcs11.json" and "onepinopenscpkcs11.json" from the root of this repo and put them into "~/.mozilla/pkcs11-modules/", then the extension worked.
Also, for anyone else on Arch: I had to install the web-eid-native and web-eid-firefox packages from AUR.