All relevant information about the eIDClientCore can be found at: http://sar.informatik.hu-berlin.de/BeID-lab/eIDClientCore
Warning: This is just proof-of-concept code and should NOT be used in production environments
- Windows
- Linux
- Mac OS X
- Android
- iOS
- Travis CI (Ubuntu Linux)
For using eIDClientCore applications should use
eIDClientCore.h
The application initiates the electronic identification by calling
nPAeIdPerformAuthenticationProtocol. To enter the PIN, the application shall
define a user interaction call back. Also, the state call back informs the
application about completed protocol steps.
The application may also choose to use eIDClientConnection.h which, by default, is basically a wrapper around libcurl. However, you may want to choose to replace the implementation of eIDClientConnection with a wrapper to your platform dependent solution.
For android we build JNI wrappers to our C++ implementation. The public Java interface is accessed through the EidClient class Electronic identification is triggered similar to its C-counterpart. Additionally the Android application has to pass an implementation of the Reader class to do the actual communication with the card.
First you have to download the eIDClientCore Git-Repository in your target intstallation directory:
git clone https://github.com/BeID-lab/eIDClientCore.gitYou can then change in the eIDClientCore directory and install the prerequisites and the eIDClientCore by:
cd eIDClientCore
make allIf you want to install manually you can use the following guide. We assume that PREFIX is set to the directory eIDClientCore in the target installation directory.
eIDClientCore has the following dependencies:
- Crypto++
- asn1c (at least version 0.9.23)
- libexpat
- PC/SC development files (if PC/SC smart card readers shall be used)
- OpenSSL patched for RSA-PSK
- libcurl (using the patched OpenSSL)
svn checkout https://svn.code.sf.net/p/cryptopp/code/trunk/c5 cryptopp
sed -i.org -e "s%^#.*\(CXXFLAGS += -fPIC.*\)%\1%g" ${PREFIX}/cryptopp/GNUmakefile
make -C cryptopp all libcryptopp.so
make -C cryptopp install PREFIX=${PREFIX}You can skip compilation of Crypto++ when using your distributions version of the library.
wget https://lionet.info/soft/asn1c-0.9.24.tar.gz --ca-certificate=trusted_ca/COMODORSADomainValidationSecureServerCA.pem
tar xzf asn1c-0.9.24.tar.gz
cd asn1c-0.9.24
./configure --prefix=${PREFIX}
make install
cd -If you want to use your distributions version of asn1c you will propably have to edit eidasn1's Makefile.am. You need to change the commented lines so that they meet the version of asn1c.
wget http://sourceforge.net/projects/expat/files/expat/2.1.0/expat-2.1.0.tar.gz
echo "b08197d146930a5543a7b99e871cba3da614f6f0 expat-2.1.0.tar.gz" | sha1sum -c -
tar xzf expat-2.1.0.tar.gz
cd expat-2.1.0
./configure --prefix=${PREFIX}
make install
cd -You can skip compilation of libexpat when using your distributions version of the library.
cd ${PREFIX}/OpenSSL_1_0_2-stable
git submodule init
git submodule update
./config --prefix=${PREFIX} shared
make
make install_sw OpenSSL is the only library that needs to be patched since it does currently not support RSA-PSK.
wget https://github.com/bagder/curl/releases/download/curl-7_44_0/curl-7.44.0.tar.gz
tar xzf curl-7.44.0.tar.gz
cd curl-7.44.0
./configure --prefix=${PREFIX} \
PKG_CONFIG_PATH=${PREFIX}/lib/pkgconfig:${PREFIX}/lib64/pkgconfig
make install
cd -If you want to use your distributions version of curl will need to make sure it uses the patched version of OpenSSL at runtime (see above).
To build the SimpleClient wxWidgets (Release >= 3.0.0) is required. The name of the required package in OpenSuse is wxWidgets-3_0-devel. Alternatively wxWidgets can be downloaded and compiled manually (https://wiki.wxwidgets.org/Install):
wget https://github.com/wxWidgets/wxWidgets/releases/download/v3.1.0/wxWidgets-3.1.0.tar.bz2
tar -xjf wxWidgets-3.1.0.tar.bz2
cd wxWidgets-3.1.0
mkdir gtk-build
cd gtk-build
../configure --enable-unicode --enable-debug --prefix=${PREFIX}
make > /dev/null
make install
cd -git clone https://github.com/BeID-lab/eIDClientCore.git
cd eIDClientCore
autoreconf -vis
env LD_LIBRARY_PATH=${PREFIX}/lib:${PREFIX}/lib64 ./configure --prefix=${PREFIX} \
--with-openssl=${PREFIX} --with-libcurl=${PREFIX} \
PKG_CONFIG_PATH=${PREFIX}/lib/pkgconfig:${PREFIX}/lib64/pkgconfig \
ASN1C=${PREFIX}/bin/asn1c
make install
cd -We added a Makefile to automatically build eIDClientCore and its prerequisites for android. We assume that ANDROID_NDK_ROOT and ANDROID_SDK_ROOT are set to the root directory of Android's SDK and NDK respectively. Also, asn1c and ant should be available in the PATH.
git clone https://github.com/BeID-lab/eIDClientCore.git
cd eIDClientCore/android
make ANDROID_NDK_ROOT=$ANDROID_NDK_ROOT ANDROID_SDK_ROOT=$ANDROID_SDK_ROOTOn successfull compilation you can find a jar-file containing the library in eIDClientCore/android. Building for android has been verified on Debian/Wheezy with android-ndk-r9 and adt-bundle-linux-x86-20130729.
- ANDROID_API defines the Android API version to use, we choose 'android-14' as default
- ANDROID_ARCH defines the architecture to use, we choose 'arm' as default
To use the library in your project, you have two possibilities:
-
Add eIDClientLib/bin/classes.jar to your build path and copy the following listed shared objects into your libs/armeabi folder:
- libeidclient-wrapper.so
- libexternalReader.so
- libstlport_shared.so
-
Reference the library with the android tools (see Android documentation). In this case all necessary files are copied automatically.
android update project \
--path path/to/your/project \
--library path/to/eiDClientLibThe eIDClientCore is used in the project Selbstauskunft in the middle. This project provides a docker image containing the eIDClientCore to simplify performing the scenario "Selbstauskunft in the middle". The docker images for this project can be found here.
- Add abstraction layer between ePACard and cryptographic functions
- Remove unused/bloated interfaces
- Check try...catch block around C-Interfaces
- use OOP in nPA-EAC
- Check the hash of the SSL/TLS certificate from the SP with the SP's Terminal certificate
- Check if the Terminal certificate is up to date
- Check the Subject URL of the Terminal certificate
- remove the use of exceptions