DNIe: Dealing with the electronic ID card

Although this has already been discussed previously , I wanted to give another lap to the issue DNIe under Linux. And what the hell! After spending one day and a half on the subject, I wanted to leave the tutorial available somewhere, if I have to do it again.

When I started I was recommended that I tried on Windows first and then if it works, I should try again on Linux. And although I followed the advice, it turns out I am definitely worse in Windows than in Linux (I ended up having to reinstall Windows again), so I tried again where I felt comfortable and understood what I do.

Basically I have been following this three blog posts:
* DNIe on Ubuntu
Linux DNIe Squeeze
DNIe on Ubuntu

Check your base libraries

The first thing I discovered is that one should not rely on the libraries from the repositories (I use Debian Squeeze). So I installed bare hands OpenSC and its dependencies.

First thing to do is to download the latest libraries available on the website of dnielectronico, in my case:

$ wget https://www.dnielectronico.es/descargas/PKCS11_para_Sistemas_Unix/opensc-dnie_1.4.8_amd64_lenny.tar 
 $ tar xvf opensc-dnie_1.4.8_amd64_lenny.tar
 $ cd opensc-dnie_1.4.8_amd64_lenny 

And also download the dependencies that are no longer available for Debian Squeeze:

$ wget https://ftp.es.debian.org/debian/pool/main/libt/libtool/libltdl3_1.5.26-4+lenny1_amd64.deb

$ wget https://ftp.es.debian.org/debian/pool/main/o/openct/libopenct1_0.6.14-3_amd64.deb 

Installing the dnie drivers

When this is done, we can begin to install the dnie drivers:

 # dpkg-i *. deb libltdl3

# dpkg-i *. deb libopenct

# dpkg-i *. deb libopensc2

# dpkg-i *. deb opensc_

# apt-get install pinentry-qt4

# dpkg-i *. deb opensc-dnie 

And then we make sure not to screw it in future updates, blocking the libraries:

 # echo libopenct1 hold | dpkg - set-selections

# echo opensc hold | dpkg - set-selections

# echo libopensc2 hold | dpkg - set-selections 

Now comes the nice part, where we see that everything works … or not:

 $ sudo apt-get install pcscd pcsc-tools

$ pcsc_scan

PC / SC device scanner

V 1.4.16 (c) 2001-2009, Ludovic Rousseau

Compiled with PC / SC lite version: 1.5.5

Scanning present readers ...

0: Gemplus GemPC Twin 00 00 
Mon Sep 5 20:01:11 2011
Reader 0: Gemplus GemPC Twin 00 00
Card state: Card inserted,
Electronic DNI (Spanish electronic ID card)
$ opensc-tool-l
 [opensc-tool] ctx.c: 367: load_dynamic_driver: dynamic library '/ usr/lib64/libopensc-dnie.so': invalid module version
[Opensc-tool] ctx.c: 467: load_card_drivers: Unable to load 'dnie'.
Readers Known about:
Driver Name Nr
Pcsc 0 00 00 Gemplus Twin GemPC
$ opensc-tool-a
 [opensc-tool] ctx.c: 367: load_dynamic_driver: dynamic library '/ usr/lib64/libopensc-dnie.so': invalid module version
[Opensc-tool] ctx.c: 467: load_card_drivers: Unable to load 'dnie'.
Using With A card reader: Gemplus GemPC Twin 00 00
[Opensc-tool] reader-pcsc.c: 239: pcsc_transmit: unable to transmit
[Opensc-tool] apdu.c: 394: do_single_transmit: unable to transmit APDU
3b: 7f: 38:00:00:00:6 a: 44:4 e: 49:65:10:02:4 c: 34:01:13:03:90:00
Delawar @ FZ18E: ~ $ opensc-tool-n
 [opensc-tool] ctx.c: 367: load_dynamic_driver: dynamic library '/ usr/lib64/libopensc-dnie.so': invalid module version
[Opensc-tool] ctx.c: 467: load_card_drivers: Unable to load 'dnie'.
Using With A card reader: Gemplus GemPC Twin 00 00
[Opensc-tool] reader-pcsc.c: 239: pcsc_transmit: unable to transmit
[Opensc-tool] apdu.c: 394: do_single_transmit: unable to transmit APDU
Unidentified card

Not that easy

At this point, we learn that we have screwed up somewhere in the installation. Now OpenSC is waiting for a version of the module that is not what we have installed. Do not panic, there is a solution . We “only” have to create a module that uses the module installed. But deceiving OpenSC by saying it is another version.

My module version is 1.0.4 and opensc the 0.11.13-1.1, you must change this numbers with yours:

 $ mkdir / tmp / dnie
 $ cd / tmp / dnie
 $ cp / usr/lib/libopensc-dnie.so.1.0.4 libopensc-dnie.so.1.0.4_orig

Edit a file:

 $ vi patch.c
 char * version_maligna = "0.11.13-1.1";
 sc_driver_version char * () {
 version_maligna return;

Patching the library and place it where it belongs:

$ gcc-fpic -g-c-Wall patch.c

$ objcopy - redefine-sym-libopensc sc_driver_version = orig_sc_driver_version libopensc-dnie.so.1.0.4 dnie.so.1.0.4_orig

$ chmod + x libopensc-dnie.so.1.0.4

$ gcc-shared-Wl,-soname, libwrapper-dnie.so libopensc-dnie.so.1.0.4 patch.o-o-dnie.so.1.0.0 libwrapper

$ sudo cp-dnie.so.1.0.0 libwrapper libopensc-dnie.so.1.0.4 / usr / lib

$ sudo ldconfig

Now that we have the library, we make opensc to use it in the file / etc / opensc / opensc.conf, replacing module = / usr / lib / libopensc-dnie.so, by < em> module = / usr / lib / libwrapper-dnie.so, .

Now opensc recognizes our electronic ID:

$ opensc-tool -l Known Readers about: Driver Name Nr Pcsc 0 00 00 Gemplus Twin GemPC

How to use the browser or an application to sign has already been extensively described in other manuals, including the official pages of the electronic ID.

The importance of open data

I’ve been thinking for a while about writing about the importance of open data, but is with the advertising given to Google Map Maker when I really understood the urgency of the matter.

Can you imagine a country with so poor geographic data that even the government doesn’t known which cities and towns do they have? How could they invest on roads, literacy, drinking water or even know that there are people who live there? How could they collect taxes or… count votes in elections!? Can you imagine that a battalion of soldiers use maps that are wrong and establish a base in the nearest country? An absurdity that happened recently on the border between Nicaragua and Costa Rica , which almost causes an international conflict.

Public Data

If institutions publish their data and leave it to free access, anyone can verify the accuracy of the data and may suggest changes or corrections. But while this data remains locked away in dusty archives, the same mistakes will be made over and over again. We are not talking about sensitive data or national security, we discuss data that anyone who is physically present at the location can check whether it is correct.

But it is important not only that the open data is freely available. It is also important to be free in their use. I gain nothing by looking at a map on page X of the Public Service if I can not use the data I am seeing. Seeing the traffic before you leave home can help you, but if my GPS can not use that information to guide me through the best path, it is useless.

Well, someone may say, if the source of the data (for example, the government) provide all services we will be needing, we don’t need a free use of the data. It is not enough. Why? Because open data may have myriad of uses. It is a newly opened market to explore.

Private Map Providers

But, how does it benefit the private map provider? Are we suggesting to have data servers and offer free data without charging for its use? Is it the culture of all free? Of course not, nobody in their right mind would ever ask for this. The private provider can get great benefits releasing their data (others than charging for services based on this data) :

The first benefit is straightforward: if you manage a large community, the cost of renovation and expansion of their data will be greatly reduced. Vendors like TomTom or Nokia begin to understand the importance of these updates from their own users. OpenStreetMap is another clear example and direct the power of users: a source of geographic data that can compete (and win) on Google Maps or Bing created entirely and only by a combination of free data supplied by its users.

The second advantage is perhaps more complex to understand because it is not so straightforward. Ignoring all the classic advantages of freedom, there is still one more: You can always charge for commercial or intensively use. Although it does not benefit you at the beginning, if your data is good enough, sooner or later someone will think of some utility .

Google Map Maker

Some hustlers will have, at this point, if this is not what Google Map Maker does. Do they not collect updates of their users, giving them maps for free and charging only for intensive or commercial? No. To begin with, data isn’t free. This means that if you collaborate with Google Map Maker and update their maps and tomorrow you want to use these data to set up a commercial service, you couldn’t do it without going through a convoluted series of licenses. However, if instead of working with Google Map Maker, you contributed with a free platform for geographic data, you will be able to use this data on your service without problems.

Does this mean that I think Google Map Maker is useless? Neither. Probably someone will find a good use. But whatever the intended use, you can always get at least the same functionality with OpenLayers , OpenStreetMap data and free PNOA and the Cadastre (recently released). So why use an exclusive platform when you can use a free platform much more powerful?

But Google is good, someone may say, it offers free, quality data. Sure, and no doubt. But never forget that Google, beyond any good intentions, remains a business. And finally, the top priority of a company is to generate business to survive. And if Google has to change its way, to get ride of free offerings that are inconsistent with their business, they will. In fact, they already do it .

High Concurrency

When facing high concurrency applications, we often find a number of generic problems. In this article I will focus on the problems of resources (CPU and memory). For now on, I will focus on the most typical and most direct solutions.

When we discover threads and the advantages of parallel processing it can happen that we end up abusing their use. We have a lot of threads (100 ¿? 1000?) simultaneously, and the processor will be jumping from one to another without stopping, not letting them finish, no matter how fast is their real excution. And over time there will be more and more threads only slowing down the process. To the cost of execution of each thread, we must consider also the added cost of creating and destroying threads. It can can become significant when we talk about so many threads at once.

High Concurrency with the Thread Pool Pattern
High Concurrency with the Thread Pool Pattern

Threads: the holy grail

In this case, the first method that we think of is the Thread Pool Pattern . This pattern will limit the number of threads running at the same time.
Instead of creating new threads, we create tasks, which are piled. Also, we have a pool of threads that will work picking these up and running as soon as possible. A classic example of this thread can be found on SwingWorker. If we want to implement bare hands our own pattern, we should take a look at the interface ExecutorService.

If you have a background thread that is making heavy use of processor, but we do not mind slowing it down for performance, we can use the command sleep ( Thread.sleep (...)) to periodically release the thread processor, allowing other threads to run faster .

This is useful for threads running in maintenance mode, which must be kept running but do not have to respond in real time. Another way to temporarily stop a running thread while another is using the method join ( Thread.Join () ), which makes a thread wait until another thread ends. Although more useful if we have a clearly higher priority thread than another, it is not viable if we can not have a reference to a higher priority thread from the lowest priority to tell which thread has to wait.

High Concurrency issues

But the high turnout is not given only by the use of the processor. It may be that multiple threads need access to large amounts of information almost simultaneously. These threads will not only be repeating the information in memory but often will be repeating the entire process of extracting that information.

This problem is usually solved in the majority of data access libraries (mostly database). For example, we have ehcache , which uses threads to store information ( Thread-Specific Storage Pattern ). This way, access and storage of this information is shared. Thus decreasing both the memory usage required and the processor time required to extract and shape information. As the threads wants to process this information, they will be asking ehcache for the data, which will optimize these hits.

To improve this solution have the concurrent collections. This allow different threads to use the same objects without any problems of concurrency.

There are more solutions to improve the high turnout (without going into optimizations to the code itself). But those described here are usually good ideas to start.

Useful References: