Mac OSX application constantly asking permissing to read E-ID. How to avoid this?

[Joris Mans]

Hi

I am writing a Cocoa app using the eID Middleware. However each time
my app tries to read card data I get a popup asking to give permission
to my app to read the data. That is really annoying and useless in my
case.

Is there a way to e.g. sign the app so it always is authorized to read
eID data?

Thanks

[Frederik Vernelen]

Hello Joris,

We are indeed obliged to show that dialog each time the carddata is read (the first time after the card is inserted).

A way to get around this would be to compile the pkcs11 libs yourself without that dialog.

The latest release's source code can be found under tags/4_0_2
In directory pkcs11, there is a file 'object.c', which contains the function 'C_FindObjectsInit'. In this C_FindObjectsInit function the check is made if the card may be read out (allowCardRead = AllowCardReading()). Setting this allowCardRead always to true, should keep the popup away.

Another option would be to specify the NO_DIALOGS flags, but then also the askPIN dialogs won't show up anymore (its up to the calling app to show a dialog then)

The downside of building and distributing your own pkcs11 is of course that you might want to rebuild and redistribute when new versions of the eID Middleware are released, but we'll post it here when such releases are made.

Wkr,
 Frederik

2012/3/23 Joris Mans <irfu...@gmail.com>

--
Je hebt dit bericht ontvangen, omdat je je hebt aangemeld bij de groep 'eID Middleware' van Google Discussiegroepen.
Als je een bericht in deze groep wilt plaatsen, stuur je een e-mail naar eid...@googlegroups.com.
Als je je wilt afmelden voor deze groep, stuur je een e-mail naar eid-mw+...@googlegroups.com.
Bezoek deze groep op http://groups.google.com/group/eid-mw?hl=nl voor meer opties.

[Joris Mans]

Thanks!

The NO_DIALOGS flag, is this a compile time flag for the library or
can I pass it somewhere in my app? I do not need the pincode anyway,
so maybe this solution is simpler.

[Frederik Vernelen]

You're welcome,

It is a compile time flag (we were not allowed to foresee any means to avoid the popup of the eID Middleware pkcs11, but when you recompile the pkcs11 (it is LGPL 3.0), it is no longer our pkcs (nor our responsability to show that dialog)).

2012/3/26 Joris Mans <irfu...@gmail.com>

[Koen De Causmaecker]

Hi Joris,

Anyhow, in some way you should warn the eID card holder that his data
is being read.

wkr,

Koen

2012/3/26 Frederik Vernelen <frederik...@gmail.com>:

--
Koen De Causmaecker
koe...@gmail.com

[Joris Mans]

> A way to get around this would be to compile the pkcs11 libs yourself
> without that dialog.
>
> The latest release's source code can be found under tags/4_0_2
> In directory pkcs11, there is a file 'object.c', which contains the
> function 'C_FindObjectsInit'. In this C_FindObjectsInit function the check
> is made if the card may be read out (allowCardRead = AllowCardReading()).
> Setting this allowCardRead always to true, should keep the popup away.
>

I did that change, fiddled a bit with the project (see other post in
this group) and it works perfectly!

Thanks a lot!

[Joris Mans]

Don't you think that the fact that the person inserts an eID in the
reader is clear enough to tell this person that his data will be read?
The popup doesn't tell which data is being read anyway.

It's for registration. Either we input the personal data (name
address ...) by hand, or we read it from the person's eID. He can
choose what option he wants. I don't think having another popup to
tell them the program is going to read his eID is really helpful.

On Mar 26, 11:28 am, Koen De Causmaecker <koe...@gmail.com> wrote:
> Hi Joris,
>
> Anyhow, in some way you should warn the eID card holder that his data
> is being read.
>
> wkr,
>
> Koen
>

> 2012/3/26 Frederik Vernelen <frederik.verne...@gmail.com>:

>
>
>
>
>
>
>
>
>
> > You're welcome,
>
> > It is a compile time flag (we were not allowed to foresee any means to avoid
> > the popup of the eID Middleware pkcs11, but when you recompile the pkcs11
> > (it is LGPL 3.0), it is no longer our pkcs (nor our responsability to show
> > that dialog)).
>

> > 2012/3/26 Joris Mans <irfue...@gmail.com>

>
> >> Thanks!
>
> >> The NO_DIALOGS flag, is this a compile time flag for the library or
> >> can I pass it somewhere in my app? I do not need the pincode anyway,
> >> so maybe this solution is simpler.
>
> >> --
> >> Je hebt dit bericht ontvangen, omdat je je hebt aangemeld bij de groep
> >> 'eID Middleware' van Google Discussiegroepen.
> >> Als je een bericht in deze groep wilt plaatsen, stuur je een e-mail naar
> >> eid...@googlegroups.com.
> >> Als je je wilt afmelden voor deze groep, stuur je een e-mail naar
> >> eid-mw+...@googlegroups.com.

> >> Bezoek deze groep ophttp://groups.google.com/group/eid-mw?hl=nlvoor meer

> >> opties.
>
> > --
> > Je hebt dit bericht ontvangen, omdat je je hebt aangemeld bij de groep 'eID
> > Middleware' van Google Discussiegroepen.
> > Als je een bericht in deze groep wilt plaatsen, stuur je een e-mail naar
> > eid...@googlegroups.com.
> > Als je je wilt afmelden voor deze groep, stuur je een e-mail naar
> > eid-mw+...@googlegroups.com.

> > Bezoek deze groep ophttp://groups.google.com/group/eid-mw?hl=nlvoor meer

[Frederik Vernelen]

Excellent,

Please notice we found a bug in the pkcs11 (in tags/4_0_2) (when requesting certain data objects, they were not retrieved)
The fix is in tags/4_0_3 (in file pkcs11/object.c)

Wkr,
 Frederik

[Damien Detrain]

Hello,

I try to change to not have the warning but without success.

around the problem is this code:

public void FindObjectsInit (uint hSession, CK_ATTRIBUTE [] pTemplate) {

C_FindObjectsInit = proc (C_FindObjectsInit) DelegateUtil.GetDelegate (this.hLib, typeof (C_FindObjectsInit));
             if (null == pTemplate | | pTemplate.Length <1)
checkCKR (proc.Invoke (hSession, null, 0));
else
checkCKR (proc.Invoke (hSession, pTemplate, (uint) pTemplate.Length));
}

I can not find what I need to change. I have not used C # so be conciliatory.

Thank you in advance.

Damie Detrain.

[Frederik Vernelen]

Hello Damien,

In order to remove the SDK read data warnings, there is no need to change the C# wrapper.

The warning message is in the pkcs11 C library (in pkcs11/object.c).

There are some issues with the C# wrapper however, this might be what you are facing now
please check the readme in the SDK's C# example folder.

Wkr,
 Frederik

Ga naar https://groups.google.com/d/msg/eid-mw/-/YX6yCBgh_p4J om deze discussie op het internet te bekijken.

[Damien Detrain]

Hello,

In order to achieve the necessary changes to I seek "Qt 3.3.4" and "Qt 4.5.0_Static."

Can you tell me where I can find them?

I am looking for on the site of Qt but impossible to get your hands on these specific version.

Thank you in advance.

Yours.

Damien Detrain

[Frederik Vernelen]

Hi,

Are you running the windows build script? (in 4_0_4\eid-mw\windows\make_win.bat)
If so, this script builds the entire middleware, so will need quite a few dependencies.
(e.g. QT 4.5 is needed on windows to build the quickinstaller)

It might be easier to build the pkcs11 library from the visual studio project (4_0_4\eid-mw\_src\eidmw\_Builds\BeidEasyBuild.sln). (just build the pkcs11 project, it will also build common, cardlayer and dialogs, but if I remember correctly, no external dependencies are needed)

Wkr,
 Frederik

Ga naar https://groups.google.com/d/msg/eid-mw/-/NJ64zQxf8xIJ om deze discussie op het internet te bekijken.

[Damien Detrain]

Hello,

Thank you for your explanations.

I reach my goal but I still have a concern, in fact, during the regeneration project PKCS11, I get the following errors:

 

Erreur 3 error C2491: 'asn1_get_item' : définition de fonction dllimport non autorisée c:\tmp\eid-mw\_src\eidmw\cardlayer\asn1.c 232 pkcs11
Erreur 4 error C2491: 'asn1_next_item' : définition de fonction dllimport non autorisée c:\tmp\eid-mw\_src\eidmw\cardlayer\asn1.c 340 pkcs11
Erreur 5 error C2491: 'asn1_find_item' : définition de fonction dllimport non autorisée c:\tmp\eid-mw\_src\eidmw\cardlayer\asn1.c 354 pkcs11
Erreur 6 error C2491: 'dec_oid' : définition de fonction dllimport non autorisée c:\tmp\eid-mw\_src\eidmw\cardlayer\asn1.c 442 pkcs11
Erreur 7 fatal error C1083: Impossible d'ouvrir le fichier include : 'opensc/scconf.h' : No such file or directory c:\tmp\eid-mw\_src\beid-2.6\src\newpkcs11\src\libopensc\opensc.h 35 pkcs11

Thank you for telling me what I need to do to run this project.

Yours.

Damien Detrain

[Frederik Vernelen]

Hello Damien,

Do you see these errors when using following solution file :4_0_4\eid-mw\_src\eidmw\_

Builds\BeidEasyBuild.sln. (using the latest revision of branch 4_0_4)
In what configuration are you running the build? (Release / Win32)

The first 4 errors you see, look like a "EIDMW_STATIC_LIB" flag (preprocessor definition) is missing.
I just tried it here with a clean checkout in multiple configurations, but cannot reproduce the issues.

About error 7: which project is being build when you see this error?

Wkr,
 Frederik

--

Je hebt dit bericht ontvangen, omdat je je hebt aangemeld bij de groep 'eID Middleware' van Google Discussiegroepen.

Ga naar https://groups.google.com/d/msg/eid-mw/-/4-n1OvcnndAJ om deze discussie op het internet te bekijken.

[Damien Detrain]

Hello,

Thank you for your answer.

I'm confused. I took the file BeidEasyBuild_VS2008.sln instead of  BeidEasyBuild.sln.

The recompilation was uneventful.

Thank you again.

I come back to you if I have any other question.

Yours.

[Damien Detrain]

Hello,

I still have a question.

I see that the project is targeted for the PKCS11 Framework 2. Y'-he means to target framework to 4 easily?

Meric advance.

Yours.

Damien Detrain