[Lilux-help] Luxtrust now works in 64 bit with BGL, CCP and Raiffeisen! (Was: Re: LuxTrust using middleware Ubuntu 64-bit)

Alain Knaff alain at knaff.lu
Tue Jun 12 20:08:09 CEST 2012


Hello all,

After a bit of investigation, I've found that the only reason why BGL,
CCP and Raiffeisen bank do not yet work in 64 bit is because the banks
have not deployed LuxTrust's new version of their java JNI shim.
(This shim allows java applets to call the PKCS11 middleware directly,
bypassing java's normal security framework, and allowing to propose a
menu if multiple card readers are present)

So far this shim has existed only for 32 bits (which is expected, as the
middleware itself only existed for 32 bit). Now, Luxtrust also have made
a 64 bit version, but the banks (apparently) haven't deployed this yet.
This is understandable, but why was there nobody at BGL who could point
this out? (BGL was the only bank among the 3 listed above that I
contacted, as it is the only one where I've got an account. I've also
contacted BCEE, but the issue with their site is apparently unrelated)

However, Luxtrust themselves have already installed this shim on their
own site!

To get it, go to test.luxtrust.lu (with javascript activated :-( ), and
click yourself through the test.

Just before the final screen, a file named
LT_CTI_CC_GEM_9176010884699777019.tmp of size 130203 bytes will show up
in /tmp (the exact digits in the name will change each time).

This is the 64 bit version of the shim (if you performed the "test" with
a 64 bit browser, else you will get a 32 bit version of 120041 bytes).

Copy this to LT_CTI_CC_64.tmp both to /tmp and to your home directory.

Now run the attached fix64.pl script. The script watches for new
LT_CTI_CC_GEM_???????????????????.tmp files to appear in /tmp, and as
soon as one appears, it is replaced immediately with a symlink to the
LT_CTI_CC_64.tmp that you placed there in the previous step.

Now, while the script is running, visit again one of the BGL, CCP or
Raiffeisen sites: it should work now!

Probably, in a couple of days (or weeks... :-( ), once all banks have
deployed the new version of the Luxtrust shim, this "hack" should no
longer be necessary.


Many thanks to Mr Hellers for pointing me to the Luxtrust test site and
to the BGL team for fixing a previous issue with a leftover Fortis class.

Regards,

Alain
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix64.pl
Type: text/x-perl
Size: 525 bytes
Desc: not available
URL: <http://prophecy.lu/pipermail/lilux-help/attachments/20120612/ec563dc4/attachment.pl>


More information about the Lilux-help mailing list