úterý 27. prosince 2022

Using JsignPDF with eObcanka in Linux

So you've got your eObcanka and purchased a fully qualified certificate from some provider (PostSignum in my case). And you've decided to generate that cert to eObcanka's protected storage to be more secured and qualified as well :) Assuming you also have purchased some smart card reader which can ber used to read eObcanka's chip. Now how to use it in Linux to sign some document. 

1st you need the middleware software for that. They provide only an Ubuntu package but it can be used in other systems as well. In my case I didn't have to make any customizations in Debian Unstable.

Then you need a software to sign your PDF which is PKCS11 capable. Currently I know about three free Linux softwares which can digitally sign a document using some hardware token (PKCS11): LibreOffice, Okular (in it's latest development version with some supporting libraries - Poppler) and JSignPDF. So ... 
  • LibreOffice still quite sucks because it can sign the document but you can not place a visible mark about that anywhere. But the configuration is quite easy, IMHO it uses the same configuration as Thunderbird does.
  • Also Okular still quite sucks. Configuration is also the same as Thunderbird uses so it's good. But again, there is a problem with the visible mark of the digital signature. It's better than LibreOffice beacause at least you can place the visible mark somewhere. But you can not easily configure the text properties so it looks usually quite lousy.
  • So from the three mentioned softwares I use JSignPDF where you can do some fine-tunning of the visible mark.

How to configure JSignPDF to use PKCS11

So you have downloaded the latest version of JSignPDF (now it is 2.2.0, to use PKCS11 you need at least version 2.0.0) for example in ~/prg/JSignPDF. Now edit the conf/pkcs11.cfg and fill it with:
name=eObcanka
library=/usr/lib/x86_64-linux-gnu/libeopproxyp11.so
slot=1
After that edit the file conf/conf.properties and uncomment the line
pkcs11config.path=conf/pkcs11.cfg
After this you can put your eObcanka to the card reader and run the jsignpdf.sh. It should behave like this: 
FINE Relaxing SSL security. 
FINE Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg 
FINE PKCS11 provider registered with name SunPKCS11-eObcanka
FINE PKCS11 provider registered with name JSignPKCS11-eObcanka
Now you should see a new PKCS11 type of key and certificates storage.
Vystavil v Žádné komentáře:
Štítky: ,

středa 21. října 2020

Setting up Thunderbird for Office365 with two factor authentication

Let's walk through setup of Mozilla Thunderbird mail client to read mail from Office365 with 2-factor authentication. We will also setup the shared mailbox here.

Googling around and searching for a solution to setup mail client for use with Microsoft Office365 you can get quite a lot of manuals, for example this. However they works only with 1-factor authentication. There are two solutions how achieve the goal with 2-factor for which you have to use use OAuth2 method.

  1. Use an Owl plugin for older versions of Thunderbird (prior 78). It works quite good but costs the money.
  2. Use Thunderbird 78 and above.

So let's use the new version of Thunderbird, the account of a user in MS365 and a shared mailbox in MS365. Thunderbird settings are these then:

IMAP settings of user account

  Server Type: IMAP mail server
  Server name: outlook.office36.com
  Port: 993
  User Name: user@example.com
  Connection Security: SSL/TLS
  Authentication Method: OAuth2

SMTP settings of user account

  Server name: smtp.office36.com
  Port: 587
  Connection Security: STARTTLS
  Authentication Method: OAuth2
  User Name: user@example.com

IMAP settings of shared mailbox

  Server Type: IMAP mail server
  Server name: outlook.office36.com
  Port: 993
  User Name: shared-mailbox@example.com
  Connection Security: SSL/TLS
  Authentication Method: OAuth2

When prompted for a password for shared-mailbox@example.com in OAuth2 dialog, click "Use a different user" and provide credentials for your user account. So it's not necessary to create any password for the shared mailbox or setup the authentication method in MS365.

For SMTP of the shared mailbox just use the already configured SMTP for user.

Vystavil v Žádné komentáře:
Štítky:

pondělí 8. srpna 2016

Xorg, libinput, touchpad and mouse in docking station

Update (06. 02. 2017): after some recent updates of libinput and Xorg debian package, none of the following is needed. In fact I've commented the whole 20-natural-scrolling.conf config file.

Recently I've bought a new laptop. And decided to install a fresh new Debian testing without configuration burden from the past. One thing which I've spent the most time was to convince the X.org to invert the scrolling while using touchpad and don't invert scrolling while using the mouse to act the same way.

Yes, there is a way to do that simply with Gnome or XFCE settings manager, but that does not work for all window types. For example gnome-terminal ignores these settings :( Another way is to use directly xinput command to adjust the right property of the touchpad, but it won't survive the sleep/unsleep operation. However if someone needs that command, it is here:
xinput set-prop 12 281 1
the first number (12) can be obtained via simple xinput command, and the next (281) via xinput list-props 12 command. That is the property which description says something like
libinput Natural Scrolling Enabled (281): 0
But this is only a temporary quick-fix which won't last long and on the top of that, the xinput ID is changed every reboot.

So there are some guidelines how to do that permanently, like here or here or here. It hasn't work for me because when I looked in /var/log/Xorg.0.log I've realized that my touchpad is recognized as a regular mouse and so X.org applies the same rules on both. The final configuration is therefore little bit different and looks like this:
# cat /etc/X11/xorg.conf.d/20-natural-scrolling.conf

Section "InputClass"
       Identifier "libinput pointer catchall"
        MatchIsPointer "on"
        MatchDevicePath "/dev/input/event*"
        Driver "libinput"
        #Option "NaturalScrolling" "true"
EndSection

Section "InputClass"
        Identifier "libinput touchpad catchall"
        MatchProduct "ImPS/2 BYD TouchPad"
        #MatchIsTouchpad "on"
        MatchDevicePath "/dev/input/event*"
        Driver "libinput"
        Option "NaturalScrolling" "true"
EndSection

Usefull links:
https://wiki.gentoo.org/wiki/Xorg.conf – description of xorg.conf options
https://wiki.archlinux.org/index.php/Touchpad_Synaptics – commonly used tweaks for touchpad

Vystavil v Žádné komentáře:
Štítky:

úterý 8. prosince 2015

Overgrive sync folder can not be changed during initial set up



One of the nice synchronization solution with Google drive and Linux is overGrive. However there is a bug in initial setup dialog for version 3.1.3 beta. I have just tried it in Debian testing and couldn't change the sync folder, which was by default /home/username/Google Drive. Clicking the button "change folder" didn't work. After I run the program from the terminal instead of just clicking the icon, I've realized that this occurs because '/home/username/Google Drive' doesn't exist. So I created that folder and then the changing procedure with folder select dialog run OK. In the end I had to delete that default folder. Please, The Fan Club, fix it on will.

I am writing it here because sadly I have no permission to submit the contact form on maintainer's pages :-/
Vystavil v 1 komentář:
Štítky:
Přihlásit se k odběru: Příspěvky (Atom)