The Terrible BankID (on Firefox and Gentoo)


Published on 2010-05-23


From and for the history books:

BankID is a credential system pushed by several Swedish banks and sold as a mean for innocent citizens to validate their tax calculation excerpts to the Swedish Tax Agency.

Some banks use this system to authenticate users because of the SSL reneg hole and bad imagination. The system has an unproven security model and is generally just terrible.

Rants

  1. Why not use GnuPG? It’s a free alternative which works on most, if not all, platforms. I know its inevitable that corporate retards will push for the “security through obscurity” model and as such I can understand why we are using a proprietary, non-transparent and unproven system.
  2. Why on earth are the banks authenticating the users’ identities when they’re doing their tax return? Really WTF?! Isn’t the logical choice for a country’s central user authentication system the Tax Agency itself?
  3. Anyway the Swedish Tax Agency and the rest of the official Swedish Agencies needs to coordinate and rethink their internet architectures.

Ok enough of my rants! Lets get this piece of crap working!

Technical

If you’re running a 64bit system then you’re out of luck, install everything through WINE instead.

Now.. The steps we are going to pursue as root are:

  1. Install mozilla-firefox, libxinerama (ubuntu legacy) and libidn, this is a library which enables your browser to resolve non ascii domains:
    emerge net-dns/libidn x11-libs/libXinerama www-client/mozilla-firefox
  1. Download the bank id distribution from here (version 4.10.2.16)
    md5sum ~/Downloads/LinuxPersonal.tgz
    f1957f69ead1ae25e38acc032da935d4
  1. Redesignate some installation paths. This is to make the installation more coherent with the FHS. You should look at these scripts, they are so terrible it isn’t even funny:
    sed -i -e "s,\/usr\/local\/lib,\/opt\/nexus-personal-4.10.2.16,g" \ 
    install.4.10.2.16.sh persadm.sh personal.sh
  1. Add a link to the plugin so firefox will find it
    ln -s /opt/nexus-personal-4.10.2.16/personal/libplugins.so \
    /usr/lib/nsbrowser/plugins
  1. Tell ld, the dynamic linker, where to find libraries
    echo LDPATH=\"/opt/nexus-personal-4.10.2.16/\" >> /etc/env.d/99bankid
  1. Update your environment to use the new linker directive
    env-update

This “should” work on Chromium as well but doesn’t due to the fact that Chromium is a modern browser. As general that statement may seem I do stand by it. The BankID plugin uses X toolkit intrinsics, since it just redirects calls to the application, to inject directives to the main eventloop. Chromium doesn’t support this and it is definitely deprecated even when writing mozilla browser plugins.

Now visit BankID to test your installation. Done!

Last Notes

      rm ~/.personal-*

Comments