Arch Linux User Repository

Yes, pcscd needs to be restarted to reload its IFD drivers. I'm really not sure why they are not included with SAC 10.8 even though it's supposed to support the 5110.

Once pcscd sees the device, either the 10.8 or legacy 10.0 PKCS#11 modules should work identically, even without the SACSrv daemon (I think that's only used by the GUI components).

After restarting the pcscd daemon, the device was visible. So either I installed the sac-legacy package before starting the daemon, either something else was wrong, but I did manage to see the device with this. Thank you and sorry about the noise!

Thank you for the quick reply! Sorry, forgot to mention that I also have core-legacy installed and the safenet service running. So that does not fix things.

SAC 10.8 only has partial support for 5110 and is missing the PCSC "USB card reader driver" (aks-ifdh). You'll need to have sac-core-legacy installed for that.

My Safenet 5110 device is not displayed by SACTools even though I can use it in Windows and I see it in the dmesg when plugging it in. Are there any extra steps I need to run before starting SACTools? Is there any extra documentation I should read? Thank you!

I see that libeToken.so loads libcrypto.1.1 at run-time, but it seems to be optional – the PKCS#11 module still works without. Is there some functionality that requires OpenSSL?

Missing dependency openssl-1.1

A new version is out (10.8.28). I got this PKGDBUILD to work normally by replacing the source link with the link for the previous version "https://installer.id.ee/media/etoken/older%20versions/SAC%2010.7%20Linux.zip", but I suppose it could be tested with the new version and then updated.

Hi, thanks for maintaining this! Why are the GUI tools not included? They were useful to me on my previous Ubuntu setup. If it's not too hard, could they be included?

Accessing the certificate isn't the problem. Literally any program implementing PKCS#11 can access the certificate through SafeNet's PKCS#11 module, so that's probably 95% of all certificate-related programs.

The problem is in dealing with the actual documents. What document formats are you working with? What signature formats do you need? There are plenty, and saying "like in windows" really doesn't say a lot.

If you don't need any special formats and you're just signing those PDFs straight in Acrobat Reader, then I think KDE's Okular has recently gained the ability to do that. LibreOffice might work too. It looks like LO uses NSS so you'll need to load the PKCS#11 module using modutil (or through Firefox GUI). I don't know what Okular uses, but it might be p11-kit (in which case you use ~/.config/pkcs11/modules), I'll try to check it later.

For Word .docx documents (not legacy .doc), LibreOffice's XML-DSig support looks like it might work, but the last time I tried it, it wasn't entirely compatible with MS Office. I think it was more oriented towards .odt than .docx at the time.

Creating for example .asice or .bdoc files (for government documents in Europe) is a different matter.