Frequently Asked Questions
Google Group
https://groups.google.com/forum/#!forum/trust1connector
Interface Style Choice
All examples in this guide use the callback-based interface. For your convenience, we also provide a Promise-based interface.
Any call that has a callback parameter can have this callback function omitted and will then return a Promise.
Browser Support
The Trust1Connector solution is browser-independent; No additional browser-plugins are needed to communicate with remote device hardware. Of course browser support starts from a certain browser version. The minimal browser version should be:
Chrome 3+
Chrome Canary 50+
Firefox 3.5+
Opera 12+
Opera Neon 1.0+
Safari 4+
Internet Explorer 9+
Vivaldi 1.0+
Brave 0.11+
Blisk 0.60+
Yandex 16+
Maxthon 4+
OS Support
The Trust1Connector solution is designed to work on multiple Operation Systems. The current list of supported and tested OS's:
Windows 7 (x86 and x64)+
Windows Server 64bit 2012+
Mac OS-X 10.9+
Ubuntu 14.04+
Debian 8+
Reader support
The Trust1Connector solution is designed to work with multiple PCSC readers. The current list of supported and tested readers:
Gemalto Ezio Shield Secure Channel
ACS ACR 38U-CCID
Bit4id miniLector
SpringCard CSB6 Ultimate
Identive Cloud 4700
Gemalto Prox SU (IDBridge CL300/CL3000)
ACR39U
ACR112 NFC
ACR1252U NFC
ACR1251U NFC
ACR38U
ACR33U
Broadcom BCM5880
Gemalto Ezio Shield Secure Channel
Gemalto Ezio Shield
Gemalto IDBridge CT30
Gemalto IDBridge CT40
Gemalto IDBridge CT710
How to install the Trust1Connector on Linux
The Trust1Connector has dependencies on
init-system-helpers (>= 1.18~)
pcscd (>= 1.7)
Ubuntu 14.04
The default installed package of init-system-helpers is too low on this version. Please download a newer package (min 1.18) before installing the Trust1Connector.
The logfile can be found at /var/log/trust1connector.
Ubuntu 16.04 (> 14.04)
The logfile can be found at /var/log/trust1connector.
Debian 8 (Jessie)
The logfile can be found at /var/log/trust1connector.
Trust1Connector Compatibility
The Trust1Connector is compatible with other software which uses the Belgium eID card while the Trust1Connector is installed on the system.
BeID Middleware (v4.1.18)
The Belgium eID middleware comes with an eID viewer application which is a Java application that can be used to read the contents of the card.
The following test was executed:
With the eID viewer we started reading the Belgium eID card (Java application).
At the same time we use the
Trust1Connectorto read the full content of the card (from the browser).
Expected result: Both applications read the full content of the card without interfering with one another.
Windows
macOS
Tax on web
Here there is a difference in the test executed on Windows and on Mac OS-X.
Windows
When installing the Belgium eID middleware a driver for the Belgium eID card is also installed. Browsers can then use this driver to communicate with the card from the browser.
The following test was executed:
We surf to the tax on web site a perform a login with the Belgium eID card ==> this uses the Belgium eID card driver.
At the same time we use the
Trust1Connectorto read the full content of the card (from the browser).
Expected result: The login on tax on web succeeds and the full content of the card is read by the Trust1Connector without interfering with one another.
macOS
On Mac OS-X such a Belgium eID card driver does not exist, therefore the only way to login on tax on web on Mac OS-X is by using the Firefox extension.
The following test was executed:
We surf to the tax on web site a perform a login with the Belgium eID card ==> this uses the Belgium eID card driver.
At the same time we use the
Trust1Connectorto read the full content of the card (from the browser).
Expected result: The login on tax on web succeeds and the full content of the card is read by the Trust1Connector without interfering with one another.
Acerta
Acerta also uses the Belgium eID card driver that comes with the installation of the Belgium eID middleware.
Windows
The following test was executed:
We surf to the Acerta site a perform a login with the Belgium eID card ==> this uses the Belgium eID card driver.
At the same time we use the
Trust1Connectorto read the full content of the card (from the browser).
Expected result: The login on the Acerta platform succeeds and the full content of the card is read by the Trust1Connector without interfering with one another.
Remark: For Firefox an addition eID extension should be installed to get everything to work with Acerta (see official site of the Belgium eID middleware http://eid.belgium.be/nl/je_eid_gebruiken/de_eid-middleware_installeren).
macOS
On Mac OS-X such a Belgium eID card driver does not exist, therefore the only way to login on the Acerta platform on Mac OS-X is by using the Firefox extension.
The following test was executed:
We surf to the Acerta site a perform a login with the Belgium eID card ==> this uses the Belgium eID card driver.
At the same time we use the
Trust1Connectorto read the full content of the card (from the browser).
Expected result: The login on the Acerta platform succeeds and the full content of the card is read by the Trust1Connector without interfering with one another.
Remark:Reading the card content on Safari and Chrome with the Trust1Connector from the browser works without issues.
Isabel
On Isabel you need your Belgium eID card to activate Isabel (https://www.isabel.eu/en/forbusiness/solutions/isabel6/simplenewcob/isabel-pincode3.html).
The Isabel site itself only works with IE under Windows, this can be verified by surfing to the login page of Isabel on any other browser.
Windows
The following test was executed:
We surf to the Acerta site a perform a login with the Belgium eID card ==> this uses the Belgium eID card driver.
At the same time we use the
Trust1Connectorto read the full content of the card (from the browser).
Expected result: The login on the Acerta platform succeeds and the full content of the card is read by the T1C without interfering with one another.
Connection reset / SSL_CIPHER_FALLBACK
The Trust1Connector uses HTTPS as the underlying communication protocol and only supports modern ciphers. However in the past we have released of a version of the Trust1Connector that uses a SSL certificate that is nowadays considered unsafe (SHA-1 + key length too short). Newer versions of the Trust1Connector should auto detect this and regenerate the SSL certificate.
If a customer has a connection reset issue, with the SSL_CIPHER_FALLBACK as underlying cause then it is probably the SSL certificate that is invalid. To force the Trust1Connector to regenerate the SSL certificate the following has to be done:
Open the Windows Certificate Manager by running certmgr.msc
In the Certificate Manager you should see a folder named “Trusted Root Certificate Authorities”.
This folder has a subfolder named “Certificates”.
In the list of Certificates you should see a certificate named “localhost”.
This is the SSL certificate used by the GCL ==> you should delete it.
Afterwards you should restart the PC and the SSL certificate will be generated again, or you can also do an uninstall + install of the Trust1Connector.
My reader has a Pinpad but T1C-GCL return pinpad: false
Make sure the correct drivers are installed and not the default driver on Windows. After installing relaunch the card-readers request and verify if the pinpad value has changed.
How can I reset the PIN of my Belgian eID test card
Test eID Card repo: https://github.com/Fedict/eid-test-cards
Docker container: https://hub.docker.com/r/fedict/eid-test-ca/
OpenSC: https://github.com/OpenSC/OpenSC/wiki/Belgian-Belpic
PUK-code test card: 111111222222 or 222222111111
If a Testcard gets blocked, can you use its PUK code to reset it?
Where / how? Any application available? -- AnonYmous - 06 Dec 2005 12:46:40
Just send the following APDU to the test card to unblock it: 00200084082C222222111111FF -- AnonYmous - 07 Dec 2005 15:27:12
Je l'ai essai, appremment ça ne marche pas. -- AnonYmous - 10 Aug 2006 11:27:34
help -- AnonYmous - 24 Aug 2006 11:24:32
How does this unblock the card? The APDU above just verifies the admin (?) PIN, but doesn't reset the retry counter on the user PIN. How to reset the counter and change the user PIN? -- AnonYmous - 26 Nov 2008, 12:00:43
Hi, the above-mentioned APDU consists of the presentation of the "activation" PIN to the card. It resets the PIN counter to 3.
This activation PIN consists of the concatenation of PIN2 (six two's) and PIN1 (six ones)...
You can change the PIN using the change pin command... -- DannyDeCock - 26 Nov 2008, 12:33:34
Hi, thanks, but the command does not reset the pin counter (I still get a 6983 when trying to verify or change the user PIN). Also, the user PIN is lost, so I can't use change PIN, but would need to reset it to a new value. -- AnonYmous - 27 Nov 2008, 14:38:18
Hi, what response do you get when sending the APDU 00200084082C222222111111FF to the card?
There also exist a few cards that reset the PIN retry counter with the APDU 00200084082C111111222222FF.
You should get the status words 9000 with one of these commands... -- DannyDeCock - 01 Dec 2008, 07:32:16
I'm using the second variety which returns 9000. -- AnonYmous - 01 Dec 2008, 09:22:33
The correct command is: 00 2C 00 01 08 2C 22 22 22 11 11 11 FF -- AnonYmous - 13 Apr 2010, 14:29:04
Which command is correct depends on the type of test card... Each of the APDUs listed above works with a certain type of test card... So you have to figure out which APDU matches your's... -- DannyDeCock - 14 Apr 2010, 10:51:28
Last updated