![]() So I personally don't really recommend to spread that info with all your e-mails since you never know where it ends after a few forward of virusses on the receiving end. You should be aware that your social security number ("rijksregister nummer"), is included in all signed messages and documents. Now the e-mail signing is nice and fine, but probably not all that useful. That's because your e-mail address is not included in the eID certificate, so Thunderbird is not able to verify the security on it's own. The message you receive should have a sealed letter with a question mark on it on the right. You'll get a pop-up that prompts for your eID pincode. Select No there, since the EID certificates can't be used for encryption.įinally close the account settings window by clicking OK.Ĭreate a new mail to yourself and in the Security dropdown, select Digitally Sign This Message. You'll probably be prompted to select an encryption certificate too. (make sure to check, the default is probably the authentication certificate). ![]() You should get a pop-up where you select the Signature certificate in the dropdown on the top. Now for each account where you want to sign with your EID, in the Security settings go to the field Digital Signing and click Select. (and again: keep the account settings open) Ĭonfirm with OK and also click OK to close the device manager. On my Ubuntu laptop with eid-mw 4.4, this is /usr/lib/x86_64-linux-gnu/pkcs11/beidpkcs11.so. Click Load to configure our security device:Īdd a free description and for Module filename the path to beidpkcs11.so on your system. There you have to add a new security device for your E-ID. In the account security settings, click on the last button Security Devices. Select both options and hit OK.Īlso close the Certificate Manager by hitting OK once more. There select Import to import the CA we just exported (use the pem file).Ī window should appear where you can select to trust the CA to idenitfy websites and e-mail users. To import the certificate, select Manage Certificates. ![]() In Thunderbird, go to Preferences > Account Settings and select Security for an account. $ openssl x509 -inform DER -in ca.der > ca.pem $ pkcs11-tool -login -read-object -id 06 -type cert -output-file ca.der The CA is ID 06 in my case (and I suppose this will be the case on all cards, but didn't check :)).Įxport the root CA from your card and convert it to a pem: Subject: DN: C=BE, CN=Citizen CA/serialNumber=201510 Subject: DN: C=BE, CN=Luc Stroobant (Signature), SN=Stroobant, GN=Luc/serialNumber=XXXXXXXXXXXX Subject: DN: C=BE, CN=Luc Stroobant (Authentication), SN=Stroobant, GN=Luc/serialNumber=XXXXXXXXXXXXĪccess: always authenticate, sensitive, always sensitive, never extractable, local List the objects on your smartcard to find the CA object (you'll be prompted for the eID pin for every pkcs11-tool command here):Īccess: sensitive, always sensitive, never extractable, local The most secure way to get it, is probably to export it from your eID. I tried to google for a download, but couldn't find a correct and up to date version. You have to trust the root CA from Belgium to be able to sign and check signatures. Import the Belgium root CA into Thunderbird To use your Belgian eID in Thunderbird, you have to add some configuration. LibreOffice is using the Thunderbird Security Modules and Devices manager. Your eID should be in the smartcard reader while configuring and you should know your PIN. I suppose you already have the eID middleware installed, a working smartcard reader and opensc installed. It took me a while to figure out how to get it working, so I'll try to glue all parts together in this blog post. ![]() Or information on how to sign a PDF with eID on Windows or Mac with Adobe reader, but not on Linux. Mainly on how to use LibreOffice to sign a document, but not on how to use your Belgian eID there. when I started looking for information on how to do that on Linux, I could only find partial info. In Belgium we have the possibility to legally sign documents with a certificate stored on our eID (smartcard). With the current Covid-19 lockdown, more and more transactions are getting handled remote. ![]()
0 Comments
Leave a Reply. |