Skip to content

Instantly share code, notes, and snippets.

@angelyordanov
Last active December 27, 2022 13:38
Show Gist options
  • Save angelyordanov/c89409dc565e3d92c1fc361222dff465 to your computer and use it in GitHub Desktop.
Save angelyordanov/c89409dc565e3d92c1fc361222dff465 to your computer and use it in GitHub Desktop.
BTrust MacOS setup

Building signTextJS

  1. Clone https://github.com/angelyordanov/signTextJS
  2. Run travis/osx..install script or open it and run the steps manually
  3. Run travis/osx..script
  4. If all goes well you'll have a signtextjs_plus-0.0.0-macos.dmg in the repo root

BTrust MacOS setup

  1. Install Gemalto drivers. Open https://www.b-trust.bg/services/signature-installation, enter your email and install just the Gemalto drivers (the one behind the MacOS link).

  2. Install firefox 68 ESR and disable auto updates (source)

    • Mount Firefox 68.12.0esr.dmg and copy Firefox.app to /Applications renamed as Firefox 68 ESR

    • Remove quarantine set by macOS.

      xattr -r -d com.apple.quarantine Firefox\ 68\ ESR.app

      If you see an error on startup that says: Firefox is damaged and can’t be opened. You should move it to the Trash.. This means that you did not run this command.

    • Deploy policies.json with auto updates disabled

      cd Firefox\ 68\ ESR.app/Contents/Resources
      mkdir distribution
      cd distribution
      tee policies.json << EOF
      {
          "policies": {
              "AppAutoUpdate": false
          }
      }
      EOF
  3. Add the following root certificates to the firefox chain.

    • B-Trust Root Qualified CA

    • B-Trust Operational Qualified CA

    • B-Trust Root Advanced CA

    • B-Trust Operational Advanced CA

    • The "Advanced" certificates are only required if you want to use the https://test.b-trust.org and not get a SSL error

    Option 1: Open B-Trust certification chains page in firefox and install the certificates by clicking on the PEM link and adding all checkboxes in the dialog that FF shows.

    Option 2:
    1. Set firefox to use the keychain root certs by setting security.enterprise_roots.enabled to true in about:config
    2. Open B-Trust certification chains page and download the certificates by clicking on the DER link
    3. Add them to the keychain by double clicking on each
    4. Open Keychain Access, find the certificates and move them to System
    5. Open each certificate in Keychain Access and set Always Trust on all fields

    Note: Only option 1 seems to work, as option 2 gives the error error:internalError. Probably manually trusting the root certificate authorities inside Firefox View Certificates... will work but has not been tested. See this issue for details jasp00/signTextJS#29 (comment) (translation)

  4. Install the https://addons.mozilla.org/bg/firefox/addon/signtextjs-plus/ extension to firefox

  5. Install signtextjs' native backend

    1. Make sure you have a folder /Library/Application Support/Mozilla/NativeMessagingHosts/ (check the correct name in here)
    2. Open the signtextjs_plus-0.0.0-macos.dmg created with the build_signTextJS.md (or one downloaded from https://github.com/jasp00/signTextJS/releases)
    3. Move the two files signtextjs_plus.app and signtextjs_plus.json in the NativeMessagingHosts folder that should be symlinked in the DMG
  6. Load the Gemalto PKSC#11 Module in Firefox

    1. In Preferences open Security Devices (at the bottom of the page)
    2. Press Load and enter Gemalto PKSC#11 Module as the module name and /Library/Gemalto/libidprimepkcs11.dylib as the module filename
    3. Close the device manager and verify your smart card by opening View Certificates... and selecting the tab Your Certificates
  7. Verify signtext js installation by downloading locally https://raw.githubusercontent.com/jasp00/signTextJS/master/test/html/test.html and opening it in Firefox

  8. Thank me later :)

  1. Install Gemalto drivers. Open https://www.b-trust.bg/services/signature-installation, enter your email, download the installer and unarchive it wit 7zip, install just the Gemalto drivers.

  2. Install firefox 78 ESR and disable automatic updates by placing the following policies.json in folder distribution next to where the firefox EXE is.

    C:\Program Files\Mozilla Firefox\distribution\policies.json
    
    {
      "policies": {
        "AppAutoUpdate": false
      }
    }
    
  3. Add the following root certificates to the firefox chain.

    • B-Trust Root Qualified CA

    • B-Trust Operational Qualified CA

    • B-Trust Root Advanced CA

    • B-Trust Operational Advanced CA

    • The "Advanced" certificates are only required if you want to use the https://test.b-trust.org and not get a SSL error

    Open B-Trust certification chains page in firefox and install the certificates by clicking on the PEM link and adding all checkboxes in the dialog that FF shows.

  4. Install the https://addons.mozilla.org/bg/firefox/addon/signtextjs-plus/ extension to firefox

  5. Install signtextjs' native backend vy downloading the latest release from the github page https://github.com/jasp00/signTextJS

  6. Load the Gemalto PKSC#11 Module in Firefox

    1. In Preferences open Security Devices (at the bottom of the page)
    2. Press Load and enter Gemalto PKSC#11 Module as the module name and /Library/Gemalto/libidprimepkcs11.dylib as the module filename
    3. Close the device manager and verify your smart card by opening View Certificates... and selecting the tab Your Certificates
  7. Verify signtext js installation by downloading locally https://raw.githubusercontent.com/jasp00/signTextJS/master/test/html/test.html and opening it in Firefox

@the-veloper
Copy link

Take my internet points, bro. Thanks

@achuchev
Copy link

achuchev commented Feb 7, 2022

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment