20 November 2014

603. Mobile bankid; works fine in a VM too

Turns out I got it wrong in my earlier post -- mobile bankid has nothing to do with the telecom network.

How it works:
1. Phone: Start BankID on your phone. The program will say that it's waiting for a connection.
2. Computer: You go to your bank/government service web page, select Mobile BankID, then type in your 'person nummer' (like SSN).
3. Phone: BankID on your phone will then prompt you for your PIN.
4. Computer: You're logged in.

It's all happening over the internet. Sure, it might not work if you change SIM, for example, but at least it's not telephony based.

Best of all, I could get an activation code for mobile bankid using the win 7 bankid instance I set up in http://verahill.blogspot.com.au/2014/11/602-surviving-bankid-rant-moving-nge.html and now I never have to use it again.

[if you're on linux and in Scandinavia, just install mobile bankid on your phone or on android in a vm]

So, if you're on linux and you've been using the official bankid application and you happen to be a couple of continents removed from Scandinavia follow this post which basically does the following:
1. Install ubuntu 10.04 LTS in a VM
2. Install bankid 4.19.XXXX or earlier in the ubuntu VM
3. Copy your ~/.personal from your regular linux computer to the ubuntu VM
4. export your key using persadm export to a USB stick
5. Install windows 7 in a VM using the free, legal isos and the free, legal installation key. The copy will expire after 30 days (but will still continue working).
6. Install bankid in the Win 7 VM
7. Under File/Preferences in bankid add the directory on your USB stick with the exported bankid key
8. Log in to your BankID issuer (probably your bank) using bankid 'on file', and request a mobile bankid. You'll get an activation code
9. Install the bankid app on your phone (e.g. bankid from the play store on android)
10. Start the bankid app on your phone, and type in your personnummer and the activation code. Create a pin, which is your password
11. You're done.

I mean, sure, it's a very awkward way of going about it, but it works and is conceptually simple.

Android in a VM
And there's absolutely no reason you can't use mobile bankid it in a virtualbox VM if you want to -- I used an android 4.4 x86 iso and created a virtual machine, and then set up bankid which works fine.

19 November 2014

602. Surviving bankid + rant. Exporting bankid files from linux to windows

This post probably isn't interesting unless you live/have lived in Sweden (Scandinavia)/deal with Swedish(Scandinavian) banks and their unbelievably crappy electronic ID solution.

This post will not show you how to use BankID on Linux -- it will show you how to move bankid files from debian linux to windows 7. Nor is the method elegant as it involves using two VMs.

I should make a long rant about how the company, Finansiell ID teknik, behind BankID should be sued into oblivion and the Swedish  politicians allowing it to be used to access government service without requiring open specifications be jailed indefinitely. But I'm tired.

[looks like I got into a rant after all]
rant begin:
Long story short: BankID has always been a real pain in the backside to use on linux, and now support has ended altogether. Support for Windows XP has been dropped as well, which will become relevant later.

No more linux announcement: https://support.bankid.com/syskrav

Either way, there's no linux-friendly solution out there, as in moving from v4 to v5 of bankid the format has changed completely. To my understanding, that means that fribid also will not work with providers requiring bankid versions newer than

There's a linux-friendly solution: mobile bankid, which runs on android. However, it seems to require a Swedish (or northern European) SIM card. Actually, I have no idea how it works since there's hardly any bloody information out there -- the bankid.com website is incredibly bad. The most detailed info I've found is this, which says that it's SIM card and service provider dependent: https://www.bankid.no/Dette-er-BankID/BankID-pa-mobil/. On the other hand, this page says it isn't: http://www.stockholm.se/mobiltbankid

[NOPE -- that's not how it works -- it's actually a lot better. See here instead: linktocome ]

In the end it doesn't matter since you'll have to walk into a Swedish bank in person to order a new bankid set-up code. Not something you can do if you're abroad.

There's one other solution available -- ID via the Swedish tax office. Unfortunately it is only available for people residing in Sweden. Anyone who has business with Sweden but lives abroad is SOL.
rant end.

Step 1. Windows 7 in a VM -- overview
So, I had to find a pragmatic solution, and quickly since my current ID key is expiring. I have an old Windows XP disk that I could install in a VM, but since XP isn't supported anymore, that wouldn't work anyway.

I then decided to see how much a copy of Windows 7 costs. I'm not keen on throwing money at MS, but I was still at the point of simply investigating solutions. According to http://www.cheapaussiesoftware.com/microsoft-windows/microsoft-windows-7  the cheapest copy is $124. Not keen.

I am surrounded by computers with Windows 7 Pro OA stickers (that are running debian), so I figured if I could only get my hands on a DVD I could use the license that has already been paid for. I also had a vague memory of the Windows 7 isos being freely and legally available from Microsoft via download.

Using google a bit I eventually found it: http://www.heidoc.net/joomla/technology-science/microsoft/14-windows-7-direct-download-links
which provides Windows 7 isos freely and legally via Digital River. Note that you'll still need to find your own activation key.

Activation key -- you can either:
* get that legally by paying for it. Not interested in paying that much money for something I'm not going to use much.

* use google for a few minutes, find tons of activation keys which appear to work during installation but really don't allow you to activate your copy (go to Computer, Properties and click on Activate Now). This is obviously not legal.

* Put in an installation key (D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV... read more) which allows you to finish the installation but won't activate your copy. Actually, reading the linked post you might not have to enter anything.

Either way, after 30 days your copy will expire. You can still use it -- the only things that change is the background (goes black), you can't install updates anymore, and Aero turns off. See here. This is fine by me.

As OA licenses are limited and I really don't care about using Windows for anything but bankid, I went with the last option.

Installing Windows 7 Ultimate 64 bit in VirtualBox went without a hitch, and I awarded it 30 Gb HDD and 2 gb RAM (I have 4 Tb HDD and 8 Gb RAM on my system). So far so good..

From within Windows 7 I then downloaded bankid v 6.1 from here: https://install.bankid.com/ (ignore the whole linux/ubuntu link -- that's for v 4 which isn't supported by most banks anymore...)

Step 2. Ubuntu (yup) in a VM *yup).
At this point I figured I was doing pretty well. I connected a USB stick to my computer (i.e. debian) and ran persadm.
me@beryllium:/media/highio$ persadm export BankID Security Application 4.19.1 Available tokens: 0: (140110 yy.xx) Me - BankID on file 1: (130304 yy.xx) Me - BankID on file Choose token: 0 Enter pin: Enter removable media export directory (must exist): /media/fat32/bid Failed to export token. The reason might be that the export directory is not on a removable media, or that you don't have permission to write to it.
No matter what I tried in terms of permissions and destination file systems made any difference.

In desperation I then copied the ~/.personal structure containing the bankid keys from my debian box to my USB stick, fired up an old Ubuntu virtual machine with bankid installed (you may want to download bankid for ubuntu from here for THAT purpose: https://install.bankid.com/)

Running persadmin in the Ubuntu 10.04 LTS 32 bit VM worked perfectly, and I now had the exported .nge file in a folder on my USB stick.
me@me-desktop:~$ persadm export BankID Security Application 4.19.1 Available tokens: 0: (140110 yy.xx) Me - BankID on file 1: (130304 yy.xx) Me - BankID on file Choose token: 0 Enter pin: Enter removable media export directory (must exist): /media/fat32/bid Successfully exported token.
In retrospect you might be able to do this in a chrooted ubuntu instance under debian. Who knows?

Step 3. Importing the BankID key files
I then fired up the Windows 7 VM, started BankID and went to File/Preferences. Under locations I added the folder on the USB stick that held the exported BankID file, clicked Add, then Save, and everything was good.

Well, apart from the fact that I had to use two VMs, and am now stuck with a Windows 7 VM.

My Win 7 .vdi file is about 9 Gb, which as a tar.gz file is compressed to 3.8 Gb. I've backed it up in three different locations, so hopefully there won't be any issues with losing the bankid due to MS update idiocies.

13 November 2014

601. Linphone on windows XP with llinphone's sip server

This post is meant as a step by step guide that more computer savvy users on linux (who'd be interested in using linphone) can share with less computer savvy users on windows.

I'd like to be able to do a video chat with a specific person who told me about issues with installing skype on their laptop. Given that I'm having issues with skype on some of my computers as well, and the general nuisance of having to deal with i386 libs just for the sake of skype, and the fact that I'm using linphone for my iinet voip service as well as freecall, I'm keen on getting that person switched to linphone.

(I presume that easier solutions would involve e.g. google talk in a browser, but where's the fun in that?)
The following was done on a native installation of windows xp which I remotely connected to using remmina (via rdp).

1. Get Linphone.

Note that the current version, 3.7.0, which is available by clicking on the download button on the website does not work on windows XP (for me), as it gives the following:

Instead, go to http://download-mirror.savannah.gnu.org/releases/linphone/3.6.x/win32/ and download 3.6.1.
version 3.4 works too
2. Install Linphone
Nothing odd here:

2b. Register for a SIP service
For Linphone to work you need to register for a SIP service. Linphone offers a free one. NOTE that you can register for a SIP service during the installation of Linphone i.e. you don't need to follow this step. Might be useful if you've already got Linphone installed and want to manually register though.

3. Set up Linphone
If you're asked whether to unblock, click unblock.
The wizard:

If you didn't sing up separately for a SIP account you can choose to do so as part of the setup using the wizard. Otherwise you can manually set it up, and that's what I'll show here:

That's the end of the wizard.

You can add contacts just like you would in any other 'chat' program, although here you use SIP addresses.