Frequently Asked Questions

Google Group

https://groups.google.com/forum/#!forum/trust1connector

Interface Style Choice

All examples in this guide use the callback-based interface. For your convenience, we also provide a Promise-based interface.

Any call that has a callback parameter can have this callback function omitted and will then return a Promise.

Browser Support

The Trust1Connector solution is browser-independent; No additional browser-plugins are needed to communicate with remote device hardware. Of course browser support starts from a certain browser version. The minimal browser version should be:

• Chrome 3+

• Chrome Canary 50+

• Firefox 3.5+

• Opera 12+

• Opera Neon 1.0+

• Safari 4+

• Internet Explorer 9+

• Vivaldi 1.0+

• Brave 0.11+

• Blisk 0.60+

• Yandex 16+

• Maxthon 4+

OS Support

The Trust1Connector solution is designed to work on multiple Operation Systems. The current list of supported and tested OS's:

• Windows 7 (x86 and x64)+

• Windows Server 64bit 2012+

• Mac OS-X 10.9+

• Ubuntu 14.04+

• Debian 8+

Reader support

The Trust1Connector solution is designed to work with multiple PCSC readers. The current list of supported and tested readers:

• HID 532x - DI
• HID 502x CL
• HID 3021 - C
• HID 5321 - CL
• HID 392 - C
• HID 3111 - C
• HID 3121 - C
• HID 4040 PCMCIA - C
• HID 6321 dongle - C
• Identiv SCR3310 - C
• Identiv uTrust 2700 R - C
• Identiv uTrust 2700 F - CL
• Identiv uTrust 470x F - DI
• Identiv uTrust 370x F - CL
• Identiv uTrust 2900 R - C
• Identiv uTrust 2910 R - C
• Tactivo mini for Android - C
• Tactivo mini for iOS - C
• Tactivo for iPad - C
• Vasco Digipass 870 - C
• Vasco Digipass 875 - C unconnected using bluetooth
• Vasco Digipass 855 (for iOS) - C
• Springcard Crazy writer legacy (VCOM)
• Springcard Crazy writer PC/SC met SAM module
• ASK CPL Coupler
• Gemalto Ezio Shield Secure Channel

• ACS ACR 38U-CCID

• Bit4id miniLector

• SpringCard CSB6 Ultimate

• Identive Cloud 4700

• Gemalto Prox SU (IDBridge CL300/CL3000)

• ACR39U

• ACR112 NFC

• ACR1252U NFC

• ACR1251U NFC

• ACR38U

• ACR33U

• Broadcom BCM5880

• Gemalto Ezio Shield Secure Channel

• Gemalto Ezio Shield

• Gemalto IDBridge CT30

• Gemalto IDBridge CT40

• Gemalto IDBridge CT710

How to install the Trust1Connector on Linux

The Trust1Connector has dependencies on

• init-system-helpers (>= 1.18~)

• pcscd (>= 1.7)

Ubuntu 14.04

The default installed package of init-system-helpers is too low on this version. Please download a newer package (min 1.18) before installing the Trust1Connector.

# install the pcsc daemon
sudo apt-get install pcscd

# update the init-system-helpers package
sudo dpkg -i init-system-helpers_1.18_all.deb

# install the trust1connector package
sudo dpkg -i trust1connector_1.2.4_amd64.deb

# start the service
sudo initctl start trust1connector

# Request the status, supported commands are [start|stop|restart|status]
sudo initctl status trust1connector

The logfile can be found at /var/log/trust1connector.

Ubuntu 16.04 (> 14.04)

# install the pcsc daemon
sudo apt-get install pcscd

# install the trust1connector package
sudo dpkg -i trust1connector_1.2.4_amd64.deb

# Request the status, supported commands are [start|stop|restart|status]
sudo systemctl status trust1connector

The logfile can be found at /var/log/trust1connector.

Debian 8 (Jessie)

# install the pcsc daemon
sudo apt-get install pcscd

# install the trust1connector package
sudo dpkg -i trust1connector_1.2.4_amd64.deb

# start the service
sudo initctl start trust1connector

# Request the status, supported commands are [start|stop|restart|status]
sudo initctl status trust1connector

The logfile can be found at /var/log/trust1connector.

Trust1Connector Compatibility

The Trust1Connector is compatible with other software which uses the Belgium eID card while the Trust1Connector is installed on the system.

BeID Middleware (v4.1.18)

The Belgium eID middleware comes with an eID viewer application which is a Java application that can be used to read the contents of the card.

The following test was executed:

• With the eID viewer we started reading the Belgium eID card (Java application).

• At the same time we use the Trust1Connector to read the full content of the card (from the browser).

Expected result: Both applications read the full content of the card without interfering with one another.

Windows

OS	IE	Chrome	Firefox
Windows 10 x64	OK	OK	OK
Windows 10 x86	OK	OK	OK

macOS

OS	Safari	Chrome	Firefox
Mac OS-X 10.11	OK	OK	OK

Tax on web

Here there is a difference in the test executed on Windows and on Mac OS-X.

Windows

When installing the Belgium eID middleware a driver for the Belgium eID card is also installed. Browsers can then use this driver to communicate with the card from the browser.

The following test was executed:

• We surf to the tax on web site a perform a login with the Belgium eID card ==> this uses the Belgium eID card driver.

• At the same time we use the Trust1Connector to read the full content of the card (from the browser).

Expected result: The login on tax on web succeeds and the full content of the card is read by the Trust1Connector without interfering with one another.

OS	IE	Chrome	Firefox
Windows 10 x64	OK	OK	OK
Windows 10 x86	OK	OK	OK

macOS

On Mac OS-X such a Belgium eID card driver does not exist, therefore the only way to login on tax on web on Mac OS-X is by using the Firefox extension.

The following test was executed:

• We surf to the tax on web site a perform a login with the Belgium eID card ==> this uses the Belgium eID card driver.

• At the same time we use the Trust1Connector to read the full content of the card (from the browser).

Expected result: The login on tax on web succeeds and the full content of the card is read by the Trust1Connector without interfering with one another.

OS	Safari	Chrome	Firefox
Mac OS-X 10.11	N/A	N/A	OK

Acerta

Acerta also uses the Belgium eID card driver that comes with the installation of the Belgium eID middleware.

Windows

The following test was executed:

• We surf to the Acerta site a perform a login with the Belgium eID card ==> this uses the Belgium eID card driver.

• At the same time we use the Trust1Connector to read the full content of the card (from the browser).

Expected result: The login on the Acerta platform succeeds and the full content of the card is read by the Trust1Connector without interfering with one another.

OS	IE	Chrome	Firefox
Windows 10 x64	OK	OK	OK
Windows 10 x86	OK	OK	OK

Remark: For Firefox an addition eID extension should be installed to get everything to work with Acerta (see official site of the Belgium eID middleware http://eid.belgium.be/nl/je_eid_gebruiken/de_eid-middleware_installeren).

macOS

On Mac OS-X such a Belgium eID card driver does not exist, therefore the only way to login on the Acerta platform on Mac OS-X is by using the Firefox extension.

The following test was executed:

• We surf to the Acerta site a perform a login with the Belgium eID card ==> this uses the Belgium eID card driver.

• At the same time we use the Trust1Connector to read the full content of the card (from the browser).

Expected result: The login on the Acerta platform succeeds and the full content of the card is read by the Trust1Connector without interfering with one another.

OS	Safari	Chrome	Firefox
Mac OS-X 10.11	N/A	N/A	OK

Remark:Reading the card content on Safari and Chrome with the Trust1Connector from the browser works without issues.

Isabel

On Isabel you need your Belgium eID card to activate Isabel (https://www.isabel.eu/en/forbusiness/solutions/isabel6/simplenewcob/isabel-pincode3.html).

The Isabel site itself only works with IE under Windows, this can be verified by surfing to the login page of Isabel on any other browser.

Windows

The following test was executed:

• We surf to the Acerta site a perform a login with the Belgium eID card ==> this uses the Belgium eID card driver.

• At the same time we use the Trust1Connector to read the full content of the card (from the browser).

Expected result: The login on the Acerta platform succeeds and the full content of the card is read by the T1C without interfering with one another.

OS	IE	Chrome	Firefox
Windows 10 x64	OK	N/A	N/A
Windows 10 x86	OK	N/A	N/A

Connection reset / SSL_CIPHER_FALLBACK

The Trust1Connector uses HTTPS as the underlying communication protocol and only supports modern ciphers. However in the past we have released of a version of the Trust1Connector that uses a SSL certificate that is nowadays considered unsafe (SHA-1 + key length too short). Newer versions of the Trust1Connector should auto detect this and regenerate the SSL certificate.

If a customer has a connection reset issue, with the SSL_CIPHER_FALLBACK as underlying cause then it is probably the SSL certificate that is invalid. To force the Trust1Connector to regenerate the SSL certificate the following has to be done:

• Open the Windows Certificate Manager by running certmgr.msc

• In the Certificate Manager you should see a folder named “Trusted Root Certificate Authorities”.

• This folder has a subfolder named “Certificates”.

• In the list of Certificates you should see a certificate named “localhost”.

• This is the SSL certificate used by the GCL ==> you should delete it.

Afterwards you should restart the PC and the SSL certificate will be generated again, or you can also do an uninstall + install of the Trust1Connector.

My reader has a Pinpad but T1C-GCL return pinpad: false

Make sure the correct drivers are installed and not the default driver on Windows. After installing relaunch the card-readers request and verify if the pinpad value has changed.

How can I reset the PIN of my Belgian eID test card

Test eID Card repo: https://github.com/Fedict/eid-test-cards

Docker container: https://hub.docker.com/r/fedict/eid-test-ca/

OpenSC: https://github.com/OpenSC/OpenSC/wiki/Belgian-Belpic

PUK-code test card: 111111222222 or 222222111111

• If a Testcard gets blocked, can you use its PUK code to reset it?

• Where / how? Any application available? -- AnonYmous - 06 Dec 2005 12:46:40
• Just send the following APDU to the test card to unblock it: 00200084082C222222111111FF -- AnonYmous - 07 Dec 2005 15:27:12
• Je l'ai essai, appremment ça ne marche pas. -- AnonYmous - 10 Aug 2006 11:27:34
• help -- AnonYmous - 24 Aug 2006 11:24:32
• How does this unblock the card? The APDU above just verifies the admin (?) PIN, but doesn't reset the retry counter on the user PIN. How to reset the counter and change the user PIN? -- AnonYmous - 26 Nov 2008, 12:00:43
• Hi, the above-mentioned APDU consists of the presentation of the "activation" PIN to the card. It resets the PIN counter to 3.

• This activation PIN consists of the concatenation of PIN2 (six two's) and PIN1 (six ones)...

• You can change the PIN using the change pin command... -- DannyDeCock - 26 Nov 2008, 12:33:34
• Hi, thanks, but the command does not reset the pin counter (I still get a 6983 when trying to verify or change the user PIN). Also, the user PIN is lost, so I can't use change PIN, but would need to reset it to a new value. -- AnonYmous - 27 Nov 2008, 14:38:18
• Hi, what response do you get when sending the APDU 00200084082C222222111111FF to the card?

• There also exist a few cards that reset the PIN retry counter with the APDU 00200084082C111111222222FF.

• You should get the status words 9000 with one of these commands... -- DannyDeCock - 01 Dec 2008, 07:32:16
• I'm using the second variety which returns 9000. -- AnonYmous - 01 Dec 2008, 09:22:33
• The correct command is: 00 2C 00 01 08 2C 22 22 22 11 11 11 FF -- AnonYmous - 13 Apr 2010, 14:29:04
• Which command is correct depends on the type of test card... Each of the APDUs listed above works with a certain type of test card... So you have to figure out which APDU matches your's... -- DannyDeCock - 14 Apr 2010, 10:51:28