19 November 2014

602. Surviving bankid + rant. Exporting bankid files from linux to windows

This post probably isn't interesting unless you live/have lived in Sweden (Scandinavia)/deal with Swedish(Scandinavian) banks and their unbelievably crappy electronic ID solution.

This post will not show you how to use BankID on Linux -- it will show you how to move bankid files from debian linux to windows 7. Nor is the method elegant as it involves using two VMs.

I should make a long rant about how the company, Finansiell ID teknik, behind BankID should be sued into oblivion and the Swedish  politicians allowing it to be used to access government service without requiring open specifications be jailed indefinitely. But I'm tired.

[looks like I got into a rant after all]
rant begin:
Long story short: BankID has always been a real pain in the backside to use on linux, and now support has ended altogether. Support for Windows XP has been dropped as well, which will become relevant later.


No more linux announcement: https://support.bankid.com/syskrav

Either way, there's no linux-friendly solution out there, as in moving from v4 to v5 of bankid the format has changed completely. To my understanding, that means that fribid also will not work with providers requiring bankid versions newer than

There's a linux-friendly solution: mobile bankid, which runs on android. However, it seems to require a Swedish (or northern European) SIM card. Actually, I have no idea how it works since there's hardly any bloody information out there -- the bankid.com website is incredibly bad. The most detailed info I've found is this, which says that it's SIM card and service provider dependent: https://www.bankid.no/Dette-er-BankID/BankID-pa-mobil/. On the other hand, this page says it isn't: http://www.stockholm.se/mobiltbankid

[NOPE -- that's not how it works -- it's actually a lot better. See here instead: linktocome ]

In the end it doesn't matter since you'll have to walk into a Swedish bank in person to order a new bankid set-up code. Not something you can do if you're abroad.

There's one other solution available -- ID via the Swedish tax office. Unfortunately it is only available for people residing in Sweden. Anyone who has business with Sweden but lives abroad is SOL.
rant end.


Step 1. Windows 7 in a VM -- overview
So, I had to find a pragmatic solution, and quickly since my current ID key is expiring. I have an old Windows XP disk that I could install in a VM, but since XP isn't supported anymore, that wouldn't work anyway.

I then decided to see how much a copy of Windows 7 costs. I'm not keen on throwing money at MS, but I was still at the point of simply investigating solutions. According to http://www.cheapaussiesoftware.com/microsoft-windows/microsoft-windows-7  the cheapest copy is $124. Not keen.

I am surrounded by computers with Windows 7 Pro OA stickers (that are running debian), so I figured if I could only get my hands on a DVD I could use the license that has already been paid for. I also had a vague memory of the Windows 7 isos being freely and legally available from Microsoft via download.

Using google a bit I eventually found it: http://www.heidoc.net/joomla/technology-science/microsoft/14-windows-7-direct-download-links
which provides Windows 7 isos freely and legally via Digital River. Note that you'll still need to find your own activation key.

Activation key -- you can either:
* get that legally by paying for it. Not interested in paying that much money for something I'm not going to use much.

* use google for a few minutes, find tons of activation keys which appear to work during installation but really don't allow you to activate your copy (go to Computer, Properties and click on Activate Now). This is obviously not legal.

* Put in an installation key (D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV... read more) which allows you to finish the installation but won't activate your copy. Actually, reading the linked post you might not have to enter anything.

Either way, after 30 days your copy will expire. You can still use it -- the only things that change is the background (goes black), you can't install updates anymore, and Aero turns off. See here. This is fine by me.

As OA licenses are limited and I really don't care about using Windows for anything but bankid, I went with the last option.

Installing Windows 7 Ultimate 64 bit in VirtualBox went without a hitch, and I awarded it 30 Gb HDD and 2 gb RAM (I have 4 Tb HDD and 8 Gb RAM on my system). So far so good..

From within Windows 7 I then downloaded bankid v 6.1 from here: https://install.bankid.com/ (ignore the whole linux/ubuntu link -- that's for v 4 which isn't supported by most banks anymore...)


Step 2. Ubuntu (yup) in a VM *yup).
At this point I figured I was doing pretty well. I connected a USB stick to my computer (i.e. debian) and ran persadm.
me@beryllium:/media/highio$ persadm export BankID Security Application 4.19.1 Available tokens: 0: (140110 yy.xx) Me - BankID on file 1: (130304 yy.xx) Me - BankID on file Choose token: 0 Enter pin: Enter removable media export directory (must exist): /media/fat32/bid Failed to export token. The reason might be that the export directory is not on a removable media, or that you don't have permission to write to it.
No matter what I tried in terms of permissions and destination file systems made any difference.

In desperation I then copied the ~/.personal structure containing the bankid keys from my debian box to my USB stick, fired up an old Ubuntu virtual machine with bankid installed (you may want to download bankid for ubuntu from here for THAT purpose: https://install.bankid.com/)

Running persadmin in the Ubuntu 10.04 LTS 32 bit VM worked perfectly, and I now had the exported .nge file in a folder on my USB stick.
me@me-desktop:~$ persadm export BankID Security Application 4.19.1 Available tokens: 0: (140110 yy.xx) Me - BankID on file 1: (130304 yy.xx) Me - BankID on file Choose token: 0 Enter pin: Enter removable media export directory (must exist): /media/fat32/bid Successfully exported token.
In retrospect you might be able to do this in a chrooted ubuntu instance under debian. Who knows?

Step 3. Importing the BankID key files
I then fired up the Windows 7 VM, started BankID and went to File/Preferences. Under locations I added the folder on the USB stick that held the exported BankID file, clicked Add, then Save, and everything was good.



Well, apart from the fact that I had to use two VMs, and am now stuck with a Windows 7 VM.

My Win 7 .vdi file is about 9 Gb, which as a tar.gz file is compressed to 3.8 Gb. I've backed it up in three different locations, so hopefully there won't be any issues with losing the bankid due to MS update idiocies.

1 comment: