[okular] [Bug 451060] New: don't force user to go command-line to get SmartCard signing to work.

bugzilla_noreply at kde.org bugzilla_noreply at kde.org
Wed Mar 2 23:49:57 GMT 2022 

https://bugs.kde.org/show_bug.cgi?id=451060

            Bug ID: 451060
           Summary: don't force user to go command-line to get SmartCard
                    signing to work.
           Product: okular
           Version: unspecified
          Platform: Archlinux Packages
                OS: Linux
            Status: REPORTED
          Severity: wishlist
          Priority: NOR
         Component: PDF backend
          Assignee: okular-devel at kde.org
          Reporter: ludwig.maes at gmail.com
  Target Milestone: ---

Add GUI button in Settings -> Configure Backends -> PDF:   ["Add Security
Device"]
***
NOTE: If you are reporting a crash, please try to attach a backtrace with debug
symbols.
See
https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***

Before I resolved my problem, the okular error message when trtying to add a
signature was cryptic. It found the Certificate Database, but it didnt
automatically contain the security device (just like say firefox doesnt out of
the box), but Okular does not provide a GUI means of adding the security device
.so module (whereas Firefox does).

Currently the user is expected to have already added the <security device> to
the certificate database, say through firefox, where there is a button security
devices, and then add/load where you can give:

* a pretty name for the security device
* the location of the relevant security device library (in my case
/usr/lib/opensc-pkcs11.so

This can be found by running say:
p11-kit list-modules
and then using find / -name on the opensc .so

Wondering what firefox was doing under the hood, I found it at:

https://gist.github.com/PhilipSchmid/a82b9642e1ec2bf2d16823d72cffc589

so I ran the following command:

modutil -dbdir $HOME/.pki/nssdb/ -add "Mijn eID" -libfile
"/usr/lib/opensc-pkcs11.so" -force

and probably unnecessarily also the command

modutil -dbdir $HOME/.pki/nssdb/ -enable "Mijn eID" -force

I say unnecessarily because according to arch-wiki instructions for FireFox and
Chromium:
https://wiki.archlinux.org/title/Smartcards#Configuration

It seems unneccesary to run the -enable command for Chromium (whereas FireFox
does these commands under the hood, and  shows GUI method, what I request for
Okular)

I would also like to note that it doesn't seem necessary to install the
government supplied middleware at all! OpenSC works.
The only weird thing was that I had to select the authentication certificate,
it seemed to ask an extra password for the signing certificate but my PIN code
did not work! Whereas it worked for the authentication certificate... I think
the middlewares of all the different countries are just de-quirking the
non-compliance with smartcard standards?

my apologies for my messy submisssion, I am not familiar with reporting
bugs/wishes...

STEPS TO REPRODUCE
1. 
2. 
3. 

OBSERVED RESULT


EXPECTED RESULT


SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Okular-devel mailing list