Luxtrust

From LiluxWiki
Revision as of 13:17, 23 September 2016 by Alex L (talk | contribs) (added link to libssl0.9.8)
Jump to navigationJump to search

As of June 2012, Luxtrust now fully supports 64 bit systems.

A 64-bit middleware is available from their site, and moreover they've made available a "wrapper" to allow bank applets to call this middleware.

As an end user, you only need to download and install the middleware. Banks install the wrapper jar on their site, as an end user you do normally not need to worry about this, unless banks did a mistake setting up the wrapper.

The following versions of the wrapper are relevant to the discussions below:

  • 1.3 : last version without 64 bit support. Deployed at Raiffeisen and BGL
  • 1.4 : first version with 64 bit support, but with buggy 32 bit support. This version is unfortunately deployed at BCEE and CCP
  • 1.4.1 : 64 bit support, bug with 32 bit support fixed. Deployed on Luxtrust's own site (certificate test).

BGL, Raiffeisen

As of August 22nd 2012, BGL and Raiffeisen still use the 1.3 version of the Luxtrust wrapper, which does not yet support 32 bit.

However, this mail explains how to set up a program which automatically replaces the 32 bit JNI with a 64 bit version downloaded from Luxtrust's site.


BCEE

As of June 13th 2012, BCEE has deployed the buggy 1.4 version of the wrapper. Moreover, their javascript responsible for detecting the browser's architecture and loading the appropriate wrapper does not distinguish between Linux 32 bit and Linux 64 bit, and always loads the 32 bit version.

Which means that BCEE's SNET now works neither in 32 bits, nor in 64 bits. In 32 bit, the following error message is displayed:

LuxTrust error: 131081 - LTEC:131081:Middleware is not installed!

The reason for this message is that due to a typo in a config file included in the cryptoTI jar of the 1.4 wrapper, it looks for the middleware under the location for Macintosh rather than for Linux, and thus can't find it.

A workaround exists though, using the following bookmarklet:

javascript:(function(){oslib=navigator.platform.toLowerCase();if(/^lin.*64/.exec(oslib)){oslib='64';}else{oslib='32'};sel=document.querySelector('applet');txt=sel.archive;txt=txt.replace(/[^,]*LIN32_[a-z0-9.]*.jar/,'https://managing.luxtrust.lu/applets/public/LuxTrust_Gemalto_CryptoTI_Adapter_LIN'+oslib+'_1.4.1.jar');sel.setAttribute('archive',txt);sel.outerHTML+='';})()]

This replaces the pointer to the faulty copy of the Luxtrust jar on the bank site with a pointer to the original on Luxtrust's own site.

To install, right-click on your bookmark folder, chose New Bookmark and set the above string as the Location.

Alternatively, you may also go to http://www.alain.knaff.lu/Luxtrust/bookmarklet.html and simply drag the Fix homebanking link to your bookmark folder.

Then go to bcee.lu and navigate to SNET normally. When the error message pops up, click the bookmark.

Incidentally, this also works for Raiffeisen (64 bit) and CCP, but not for BGL (64 bit) because BGL re-signs the Luxtrust applet jars with their own key.

CCP

Since July 23rd, CCP now also uses the faulty 1.4 version.

The bookmarklet as described above for BCEE is able to work around the problem with CCP too, but with a twist:

for some weird reason CCP has chosen to manipulate the settings of your browser such that the window has almost no bars, so the bookmarklet is inaccessible to the CCP connect window. However, the URL bar still shows, and you can just copy-paste that URL into the URL bar into another window, and then the bookmarklet is accessible.

Or just go to https://secure.ccp-connect.lu/ccpgate/xlogin?page=1&lang=en&channel=B2C

On newer distributions (such as Ubuntu 16.04) installing the Middleware is not possible due to failed dependencies (libssl0.9.8). For some weird reason the MiddleWare for LuxTrust needs libssl0.9.8 and libssl1.0.0, but the version 0.9.8 is not in the repositories anymore. The simpliest way to solve this dependency is to install libssl0.9.8 from an earlier distribution (For Ubuntu, it's here