Lecture simple d'une EID via PHP-HTML
459 views
Skip to first unread message
vna.alai...@gmail.com
Apr 18, 2017, 4:30:35 AM4/18/17
to eID Middleware Dev
Bonjour,
A l'heure d'aujourd'hui, y a-t-il encore un moyen 'simple' de récupérer, après identification par code PIN, les données d'une EID en utilisant PHP-HTML.
En effet, même en prenant la dernière version de l'applet Fedict (.jar), JAVA la bloque pour une question de sécurité.
On parle de re-signer le .jar ... oui, mais avec quels paramètres ? Pourquoi le Fedict n'actualise-t-il pas son fichier pour ceux qui ne travaillent pas en C++, C#, Java ou .Net ?
Merci pour vos réponses.
A.N.
Wouter Verhelst
Apr 18, 2017, 4:55:06 AM4/18/17
to eid-middl...@googlegroups.com
Hi Nicolas,
(I'm sorry this email is in English; I'm a consultant, not a public
servant, and my French just isn't good enough).
> A l'heure d'aujourd'hui, y a-t-il encore un moyen '_*simple*_' de
currently. As you point out, Java is blocked by most browsers these
days, so it is necessary to use some other method (re-signing the applet
won't work, since it is java as a whole which is blocked, rather than
"just" the applet). Because of this, the applet has been officially
deprecated.
There are a few alternatives you can attempt:
- If the correctness of the data is not crucial: recent versions of the
eID viewer have implemented drag-and-drop functionality to export the
XML data (i.e., the same format as the files you get when you choose
"save to file" in the viewer) into another application. To do so, you
need to drag the photo from the viewer onto the other application. An
example of how this is supposed to work, with a proof-of-concept HTML
file, can be found at
<https://github.com/Fedict/eid-viewer/tree/master/xml>. Do note,
however, that by using this, the signature of the national register is
*not* checked. This means that it is trivially easy for people to
"forge" their identity (i.e., it can only be used to make it easier for
people to fill out a webform or something along those lines).
- If the correctness of the data *is* crucial, you need another
solution. There are various "identity providers" on the market today,
who will allow you to read identity information from the card through
other means than the eID applet (i.e., browser-specific plugins or
extensions, native programs to talk to, etc). In this scenario, you
would redirect the user to the identity provider's site, which then
reads out the eID card for you, and sends a (signed) response back to
you containing the relevant information. You can then be certain that
the card data has not been modified.
Hope this helps,
--
Wouter Verhelst
(I'm sorry this email is in English; I'm a consultant, not a public
servant, and my French just isn't good enough).
> A l'heure d'aujourd'hui, y a-t-il encore un moyen '_*simple*_' de
> récupérer, après identification par code PIN, les données d'une EID en
> utilisant PHP-HTML.
I'm afraid that isn't possible with any software provided by Fedict
> utilisant PHP-HTML.
currently. As you point out, Java is blocked by most browsers these
days, so it is necessary to use some other method (re-signing the applet
won't work, since it is java as a whole which is blocked, rather than
"just" the applet). Because of this, the applet has been officially
deprecated.
There are a few alternatives you can attempt:
- If the correctness of the data is not crucial: recent versions of the
eID viewer have implemented drag-and-drop functionality to export the
XML data (i.e., the same format as the files you get when you choose
"save to file" in the viewer) into another application. To do so, you
need to drag the photo from the viewer onto the other application. An
example of how this is supposed to work, with a proof-of-concept HTML
file, can be found at
<https://github.com/Fedict/eid-viewer/tree/master/xml>. Do note,
however, that by using this, the signature of the national register is
*not* checked. This means that it is trivially easy for people to
"forge" their identity (i.e., it can only be used to make it easier for
people to fill out a webform or something along those lines).
- If the correctness of the data *is* crucial, you need another
solution. There are various "identity providers" on the market today,
who will allow you to read identity information from the card through
other means than the eID applet (i.e., browser-specific plugins or
extensions, native programs to talk to, etc). In this scenario, you
would redirect the user to the identity provider's site, which then
reads out the eID card for you, and sends a (signed) response back to
you containing the relevant information. You can then be certain that
the card data has not been modified.
Hope this helps,
--
Wouter Verhelst
miked...@gmail.com
Apr 24, 2017, 4:48:48 AM4/24/17
to eID Middleware Dev
I had the same problem and I'm looking at:
They have some kind of JavaScript that can be translated in php (because it only uses https calls)
I tried a proof of concept, from a web and native application using the same component installed on the referenced site.
Still further investigating how this works, because on the application, I could have a PDF extracted and digitally signed within some seconds.
Jean-Pol Dupont
Oct 11, 2017, 2:25:48 AM10/11/17
to eID Middleware Dev
Bonjour, quelle solution avez-vous mis en place ? Merci pour le suivi de ce post !
Jean-Pol Dupont
Oct 11, 2017, 2:25:48 AM10/11/17
to eID Middleware Dev
Hello, have you been able to set up your eid authentication with readmycards.eu? Is it really free?
I do not understand why such an easy-to-use solution is not created at the federal level for a simple use of eid ...
Reply all
Reply to author
Forward
0 new messages