How Not To Support The Mac In Your Government

I’ve , but here’s an update: the software distributed by the government for the new, trendy electronic ID card is, in my personal opinion, a dismal failure – because, for starters, it cannot be used by most users.

Why?

Because, for unfathomable reasons, it is written to work solely with and Thunderbird instead of using the (excellent and fully standard) native support for cryptography and smart cards, which would make it possible to support the eID card in every single native application.

And, to add insult to injury, there is enough manual installation required to make it completely unfeasible that anyone but the most technical of users will ever set this up. The included README file reads as follows:

Software for the Portugese eID card

The information in this readme file may be useful after the installation of this software. We recommend you make a copy of this text for future reference by using the print or save button on the lower edge of this window.

Supported versions of Mac OS X

This software is designed to run on the following versions of Max OS X 

  • Mac OS X 10.4 “Tiger” PPC

It supports both PPC and for MacIntel computers.

Supported Applications

This software supports the following browsers and e-mail clients:

  • Firefox browser
  • Thunderbird e-mail client
  • Mozilla browser and e-mail
  • NetscapeTM browser and e-mail client

In the Applications folder in Finder, a Cartao de Cidadao folder is made,containing the following applications:

  • Cartao de Cidadao
  • pteidtrayapplet

The SDK is located in /Developer/pteid , the JNI lib in /Library/Java/Extensions.

4 step registration in Mozilla, Netscape and Firefox web browsers

This package will simply install the PKCS#11 bundle on your MacTM. After installation you’ll have to register the PKCS#11 bundle manually in the applications of your choice. For Netscape, Mozilla and Firefox the process of registering and unregistering the PKCS#11 bundle is partly automated by means of a Javascript contained in 2 html pages that are installed in your Applications folder. 

To register the PKCS#11 bundle in a browser do the following:

  1. Start the browser and make sure that Javascript is on
  2. In the URL bar type:  file:///Applications
  3. From the list select the folder Portugal Identity Card
  4. From the list select the file pteid__ _pkcs11_register.htm
unregister the PKCS#11 bundle, do the following:
  1. Start the browser and make sure that Javascript is on
  2. In the URL bar type:  file:///Applications
  3. From the list select the folder Portugal Identity Card
  4. From the list select the file pteid__ _pkcs11_unregister.htm

Note: make sure to enter 3 “/” in file:///Applications

Drag-and-drop registration in Mozilla, Netscape and Firefox web browsers

This package will simply install the PKCS#11 bundle on your MacTM. After installation you’ll have to register the PKCS#11 bundle manually in the applications of your choice. For Netscape, Mozilla and Firefox the process of registering and unregistering the PKCS#11 bundle is partly automated by means of a Javascript contained in 2 html pages that are installed in your Applications folder. 

To register the PKCS#11 bundle in a browser do the following:

  1. Go in Finder to the map Applications / Portugal Identity Card
  2. Drag the file pteid_pkcs11_register.htm en and drop it in the Mozilla/Firefox/Netscape pictogram in de Applications’-map

To unregister the PKCS#11 bundle, do the following:

  1. Go in Finder to the map Applications / Portugal Identity Card
  2. Drag the file pteid_pkcs11_unregister.htm en and drop it in the Mozilla/Firefox/Netscape pictogram in de Applications’-map

Manual registration in the Thunderbird e-mail application

Unfortunately installation in Thunderbird is a bit more involved. In the Thunderbird main application menu choose Preferences. Than, via Advanced, go to Manage Security Devices. You must now Load the eID’s PKCS#11 bundle as a new security device. In Module Name change the suggested default name to a suitable name like “PT eID PKCS#11”. In Module Filename enter the following:  /usr/local/lib/pteidpkcs11.bundle.

Can you envision anyone actually doing this?

This level of (un)support from an official entity (and what is likely to be their most important information technology project in years to come) is enough for me to wonder if the government (whichever one, I loathe politics and won’t get into petty party arguments) really gets information technology or if they simply hand it all out to contractors.

Because if the latter case is true, I know more than a few people who could code this properly, and in a fully native framework.

This page is referenced in: