Technical Support

 

The prefered way to install the drivers for the smart card reader and the smart card on MS Windows is through automatic installer for Infonotary. The automatic installer defines what to install depending on:

• devices you have
• the version of the operating system

 

 

Before you begin

• In order to work the automatic installer requires an Internet connection
• The process of the installation may take different amount of time, depending off your Internet connection

 

 

 

Using InfoNotary PNP Installer

If Infontary PNP Installer is already installed you may start it from Start menu > All Programs > InfoNotary > InfoNotary Software Installation. In case it is not installed, you can download it from HERE.

Software
InfoNotary Smart Card Manager for Microsoft Windows 8*, 10, 11	Download
InfoNotary e-Doc Signer for Microsoft Windows 8*, 10, 11	Download
*Out of Microsoft support. There are possible difficulties of installation or usage of the software.

 

 

Instructions for signing documents with qualified electronic signature in InfoNotary e-Doc Signer

• The instruction was made using a version of InfoNotary e-Doc Signer NG 2.0.6.1164

 

About

InfoNotary e-Doc Signer is a program for signing and verification of digital documents in CAdES format. The format meets the requirements of a European standard, replacing the previously used CMS / PKCS7 format

 

File extensions

InfoNotary e-Doc Signer adds the following extensions corresponding to the operations performed:

• .p7m - extension for attached signature, generic signature and long-term signature
• .p7s - extension for detached signature and detached long-term signature
• .tsr - extension for timestamp validation

 

 

Signing of file

1. Start the software or right-click on the file then select InfoNotary e-Doc Signer NG > Sign.

2. Choose Signing scheme.

• Attached Signature - add file extension .p7m
• Detached Signature - add file extension .p7s.
• Generic Signature - add file extension .p7m, it contains timestamp from the timestamp server of InfoNotary, which proves the existing of the signature at the time of signing.
• Long-term Signature - add file extension .p7m, it contains timestamp from the timestamp server of InfoNotary, which proves the signature and the protected content of the document existing at the time of signing.
• Detached long-term Signature - add file extension .p7s,it contains timestamp from the timestamp server of InfoNotary, which proves the signature and the protected content of the document existing at the time of signing.

3. Choose available certificate from the list. Click Sign and dial your PIN code.

4. The software creates a file in the directory with extension that corresponding to the signing scheme that you've chosen.

 

 

Verifying a signed file

1. Start the software or right-click on the file then select InfoNotary e-Doc Signer NG > Verify.

2. Double click on the added signature, to see more details.

 

• For verification you can also use InfoNotary qualified validation service

 

 

Timestamping

The software uses the timestamp server of InfoNotary

1. Start the software or right-click on the file then select InfoNotary e-Doc Signer NG > TimeStamp.

2. The action creates timestamp signing from independent server (not from your local computer), and create file in the directory with extension .tsr.

 

 

Before you begin

• If you have smart card reader and smart card from Infonotary, but you didn't install the drivers for them do the following Installation of smart card reader and smart card drivers in Windows

 

Set your user profile in Microsoft Outlook

In order that you sign your e-mails you must associate your user profile (account) with your digital signature, on the smart card. This can be done this way:

 

 

• For version Microsoft Outlook 2013/2016

Start Microsoft Outlook.

Choose File.

From the menu, choose Options.

From Trust Center, click on Trust Center Settings.

Choose Email Security and click Settings.

Type your e-mail in the field Security Settings Name

Choose your certificate, then for Hash Algorithm select SHA 256 and confirm with OK.

To sign a message, choose Options and click on Sign.

Every time when you send signed e-mails you must insert your smart card. When you send you will be prompted for PIN.

 

 

Before you proceed you must do

• If you have smart card reader and smart card from InfoNotary, but you didn't install the drivers for them do the following Installation of smart card reader and smart card drivers in Windows
• IMPORTANT : In the information message "Please enter the master password for InfoNotary", enter your PIN code.
• IMPORTANT : Firefox and Thunderbird use direct access to the smart card. When you have successfully installed your certificates, you SHOULD NOT delete them from there, as this will also delete the certificate, along with the private and public keys on the smart card. After that, the certificate cannot be restored and a new one must be issued.
• In order to use your certificate with Firefox and Thunderbird, the reader must be on your computer before opening the program.

 

Install InfoNotary certificate chain

Start Mozilla Firefox. From the menu, choose Options.

From Privacy & Security, choose View Certificates.

Choose the tab Your certificates and click on Import.

Specify the path to certification chain - InfoNotary_Qualified_eIDAS.p12

Leave the field blank and click OK.

Newly installed certificates can be found in section Authorities.

In Mozilla for every certificate of a Certification Authority (CA) the user must choose a level of trust. This is done by selecting the certificate and clicking on Edit Trust. The easiest way to do this setting for the certificate "InfoNotary TSP Root" is to select the two possible options. This will make all the InfoNotary trusted certificates for all operations.

 

 

Install software security module

In order to use you digital certificate with Mozilla based applications like Firefox, Thunderbird etc., you must register PKCS#11 module, for your smart card. It is nessesary to install the drivers for the smart card before that.

Start Firefox Quantum. From the menu, choose Options.

From Privacy & Security, choose Security Devices.

To add a new device, choose Load.

Change the name of the module (Module Name), as desired.

Select PKCS # 11 library corresponding to your smart card.

• IDPrime - C:\WINDOWS\system32\eTPKCS11.dll
• Siemens - C:\WINDOWS\system32\siecap11.dll
• Charismathics - C:\WINDOWS\system32\cmP11.dll
• Bit4id - C:\WINDOWS\system32\bit4ipki.dll

In case you use 64 bits version of Firefox or Thunderbird and Charismathics smart card, path to library is C:\WINDOWS\system32\cmP1164.dll.

After you click OK, your smart card will appear in the list of available devices.

 

 

Before you proceed you must do

• If you have smart card reader and smart card from InfoNotary, but you didn't install the drivers for them do the following nstallation of smart card reader and smart card drivers in Windows
• IMPORTANT: In the information message "Please enter the master password for InfoNotary", enter your PIN code
• IMPORTANT: Firefox and Thunderbird use direct access to the smart card. When you have successfully installed your certificates, you SHOULD NOT delete them from there, as this will also delete the certificate, along with the private and public keys on the smart card. After that, the certificate cannot be restored and a new one must be issued.
• IMPORTANT: In order to use your certificate with Firefox and Thunderbird, the reader must be on your computer before opening the program.

 

 

Install Infonotary certificate chain

Start Mozilla Thunderbird. From the menu, select Options.

From Privacy & Security select Manage Certificates.

Choose the tab Your certificates and click on Import.

From the window that appears, select the pre-downloaded certification chain - InfoNotary_Qualified_eIDAS.p12

Leave the field blank and click OK.

Newly installed certificates can be found in section Authorities.

In Mozilla for every certificate of a Certification Authority (CA) the user must choose a level of trust. This is done by selecting the certificate and clicking on Edit Trust. The easiest way to do this setting for the certificate "InfoNotary TSP Root" select two possible options. This will make all the InfoNotary trusted certificates for all operations.

 

 

Install software security module

Start Mozilla Thunderbird. From the menu, select Options.

From Privacy & Security, choose Security Devices.

To add a new device, choose Load.

Change the name of the module (Module Name), as desired.

Select PKCS # 11 library corresponding to your smart card.

• IDPrime - C:\WINDOWS\system32\eTPKCS11.dll
• Siemens - C:\WINDOWS\system32\siecap11.dll
• Charismathics - C:\WINDOWS\system32\cmP11.dll
• Bit4id - C:\WINDOWS\system32\bit4ipki.dll

In case you use 64 bits version of Firefox or Thunderbird and Charismathics smart card, path to library is C:\WINDOWS\system32\cmP1164.dll.

After you click OK, your smart card will appear in the list of available devices.

 

 

Configuring use profile in Thunderbird

In order for you to sign your outgoing mails, you have to associate your account with your digital signature on your smart card. To do this follow the steps below:

From the menu, select Account Settings.

Press the Select button on "Personal certificate for digital signing" and "Personal certificate for encryption"

A window will appear where you can specify your certificate.

Choose the appropriate certificate from the smart card and confirm by clicking OK.

 

Thunderbird will offer you to choose the same certificate for decrypting messages send to you.

 

What is nessesary to work with digital signature

You need to install a suitable driver for your smart card and reader.

 

 

Reader Circle

• For macOS 12 and newer

Четец ACS

• For macOS 12 and newer

Driver for smart card

Depend of the model of your card you have to use different driver. The model of the card is on the Personal Access Rights, which you receive with your card.

Smart card IDPrime

• For macOS 12 and newer

Smart card Bit4ID/Idemia

Please write to support@infonotary.com, and we will send you the driver.

You can continue to the instruction for installing certificate chain on macOS.

 

 

• IMPORTANT: In order to use your digital signature with Safari, Mail and other programs, that supports Keychain integrations, first you have to install InfoNotary certificate chain.
• IMPORTANT: LINK FOR DOWNLOAD HERE.

 

Once the certification chain is downloaded and opened, it will start automatically Keychain Access, where you need to select InfoNotary TSP Root from the Certificates category.

Click on Always Trust to make InfoNotary root certificate trusted.

Keychain Access will ask for the password of the currently logged-in user.

Trust status will be changed to "This certificate is marked as trusted for this account".

⚠ After the installation of our certificate chain you must continue with Installation of smart card reader and smart card drivers in macOS.

 

 

Before you proceed you must do

• If you have smart card reader and smart card from InfoNotary, but you didn't install the drivers for them do the following Installation of smart card reader and smart card drivers in Mac OS X
• IMPORTANT: In the information message "Please enter the master password for InfoNotary", enter your PIN code.
• IMPORTANT: Firefox and Thunderbird use direct access to the smart card. When you have successfully installed your certificates, you SHOULD NOT delete them from there, as this will also delete the certificate, along with the private and public keys on the smart card. After that, the certificate cannot be restored and a new one must be issued.
• IMPORTANT: In order to use your certificate with Firefox and Thunderbird, the reader must be on your computer before opening the program.

 

 

Install Infonotary certificate chain

 

Start Mozilla Firefox. From the menu, choose Preferences.

From Privacy & Security, choose View Certificates.

Choose the tab Your certificates and click on Import.

Specify the path to certification chain - InfoNotary_Qualified_eIDAS.p12

Leave the field blank and click OK.

Newly installed certificates can be found in section Authorities.

In Mozilla for every certificate of a Certification Authority (CA) the user must choose a level of trust. This is done by selecting the certificate and clicking on Edit Trust. The easiest way to do this setting for the certificate "InfoNotary TSP Root" select two possible options. This will make all the InfoNotary trusted certificates for all operations.

 

 

Install software security module

In order to use you digital certificate with Mozilla based applications like Firefox, Thunderbird etc., you must register PKCS#11 module, for your smart card. It is nessesary to install the drivers for the smart card before that.

Start Firefox Quantum. From the menu, choose Preferences.

From Privacy & Security, choose Security Devices.

To add a new device, choose Load.

Change the name of the module (Module Name), as desired.

Select PKCS # 11 library corresponding to your smart card.

• IDPrime - /Library/Frameworks/eToken.framework/Versions/A/libIDPrimePKCS11.dylib
• OpenSC - /Library/OpenSC/lib/opensc-pkcs11.so
• Bit4ID - /Library/bit4id/pkcs11/libbit4ipki.dylib
• Siemens - /usr/local/lib/libsiecap11.dylib

 

After you click OK, your smart card will appear in the list of available devices.

Software
InfoNotary e-Doc Signer (11 Big Sur and later versions)	Download
InfoNotary Smart Card Manager (11 Big Sur and later versions)	Download

For Ubuntu 21.04 and older, Debian and Mint

1. Add the InfoNotary PGP key to the apt trusted key list:

wget -qO - https://repository.infonotary.com/install/linux/INotaryCodeSigningD.key.asc | sudo apt-key add -

2. Download the configuration file to the directory where the apt repository information is stored:

sudo wget https://repository.infonotary.com/install/linux/infonotary.list -qO /etc/apt/sources.list.d/infonotary.list

3. Update the repository information with the following command:

sudo apt-get update

 

 

For Ubuntu 22.04

1. Add the InfoNotary PGP key to the apt trusted key list:

wget -qO - https://repository.infonotary.com/install/linux/INotaryCodeSigningD.key.asc | sudo tee /etc/apt/trusted.gpg.d/INotaryCodeSigningD.key.asc

2. Download the configuration file to the directory where the apt repository information is stored:

sudo wget https://repository.infonotary.com/install/linux/infonotary_u2204.list -qO /etc/apt/sources.list.d/infonotary.list

3. Update the repository information with the following command:

sudo apt-get update

After completing the above steps, you will be able to install the software from the repository via apt-get, aptitude, Software Center or Synaptic.

 

 

Installation of programs from the repository

Installation for Bit4id smart cards:

sudo apt-get install bit4id-ipki

Installation for Siemens smart cards:

sudo apt-get install opensc

Installation of our smart card management software (Smart Card Manager) and for signing documents (e-Doc Signer)

sudo apt-get install infonotary-client-software

• IMPORTANT for Ubuntu 22.04: After installing the driver for your smart card is necessary to start PC/SC Smart Card Daemon.

Please, write the following commands in terminal:

systemctl enable pcscd

service pcscd start

 

 

For Fedora, RHEL, CentOS

To register the Infonotary repository in yum or dnf, you need to install the following rpm package. This can be done with the following command:

sudo rpm -Uvh https://repository.infonotary.com/install/linux/RPMS/infonotary-repository-1-1.noarch.rpm

All packages in the repository are signed with a gpg key with the following fingerprint:

   9c14 29cf 1cdb 76bd 5efe 9cf1 ade8 9959 0dae 44fe

 

Installation of programs from the repository

Installation for Bit4id smart cards:

sudo yum install bit4id-ipki

Installation for Siemens smart cards:

sudo yum install opensc

Installation of our smart card management software (Smart Card Manager) and for signing documents (e-Doc Signer)

sudo yum install infonotary-client-software

 

 

Before proceeding you must do

If you have smart card reader and smart card from InfoNotary, but you didn't install the drivers for them do the following use repositories of InfoNotary.

• IMPORTANT: Chromium uses direct access to the smart card. When you have successfully installed your certificates, you SHOULD NOT delete them from there, as this will also delete the certificate, along with the private and public keys on the smart card. After that, the certificate cannot be restored and a new one must be issued.

 

 

Install InfoNotary certificate chain

 

Before you proceed, you need to download InfoNotary trusted certificates.

• To install start Chromium and go to Settings > Privacy and security > Security > Manage certificates
• Choose section "Your certificates", click button "Import" and choose the path to the dowloaded file – InfoNotary_Qualified_eIDAS.p12.

After that you will be asked for password. leave the field blank and click OK.

• From section "Authorities" search for InfoNotary TSP Root and click "Edit"

• Marks as it is shown on the screen below:

 

 

Adding your smart card PKCS11 library

• After the certificate chain is installed you need to add a PKCS#11 library for your smart card. Because Chromium doesn't have an interface for adding libraries you must do the following:

1. Install NSS tools. In Debian based distributions the package is libnss3-tools
2. Close Chromium and unplug your reader from your computer.
3. Start Terminal
4. Create a directory for the database of NSS with the following command - mkdir -p $HOME/.pki/nssdb
5. After that add the library using this command:

• for IDPrime - modutil -add "IDPrime" -libfile libIDPrimePKCS11.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY
• for Bit4ID - modutil -add "Bit4id" -libfile libbit4ipki.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY
• for OpenSC - modutil -add "OpenSC" -libfile onepin-opensc-pkcs11.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY

In case you have Siemens driver you must chanhe the library with libsiecap11.so, and the name to Siemens.

 

 

Plus the reader and start Chromium.

• Now you can see your certificates in the settings and use them for logins in sites, which require QES.

 

Example for adding Bit4ID module:

* skk@skk:~$ sudo apt-get install libnss3-tools

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  libnss3-tools
0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.
Need to get 0 B/1021 kB of archives.
After this operation, 5046 kB of additional disk space will be used.
Selecting previously unselected package libnss3-tools.
(Reading database ... 187133 files and directories currently installed.)
Preparing to unpack .../libnss3-tools_2%3a3.61-1ubuntu2_amd64.deb ...
Unpacking libnss3-tools (2:3.61-1ubuntu2) ...
Setting up libnss3-tools (2:3.61-1ubuntu2) ...
Processing triggers for man-db (2.9.4-2) ...


* skk@skk:~$ mkdir -p $HOME/.pki/nssdb
* skk@skk:~$ modutil -add "Bit4id" -libfile libbit4ipki.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY

WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 

Module "Bit4id" added to database.

 

You can list all added libraries with the following command

modutil -dbdir sql:$HOME/.pki/nssdb -list

 

For example:

* skk@skk:~$ modutil -dbdir sql:$HOME/.pki/nssdb -list

Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal PKCS #11 Module
	   uri: pkcs11:library-manufacturer=Mozilla%20Foundation;library-description=NSS%20Internal%20Crypto%20Services;library-version=3.61
	 slots: 2 slots attached
	status: loaded

	 slot: NSS Internal Cryptographic Services
	token: NSS Generic Crypto Services
	  uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203

	 slot: NSS User Private Key and Certificate Services
	token: NSS Certificate DB
	  uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203

  2. Bit4id
	library name: libbit4ipki.so
	   uri: pkcs11:library-manufacturer=bit4id%20srl;library-description=bit4id%20PKCS%2311;library-version=1.2
	 slots: There are no slots attached to this module
	status: loaded
-----------------------------------------------------------

If want to delete an added library you have to change -add with -delete

modutil -delete "Bit4id" -libfile libbit4ipki.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY

 

For example:

* skk@skk:~$ modutil -delete "Bit4id" -libfile libbit4ipki.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY 
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q ' to abort, or  to continue: 

Module "Bit4id" deleted from database.

 

 

Before proceeding you must do

• If you have smart card reader and smart card from InfoNotary, but you didn't install the drivers for them do the following use repositories of InfoNotary
• IMPORTANT: In the information message "Please enter the master password for InfoNotary", enter your PIN code.
• IMPORTANT: Firefox and Thunderbird use direct access to the smart card. When you have successfully installed your certificates, you SHOULD NOT delete them from there, as this will also delete the certificate, along with the private and public keys on the smart card. After that, the certificate cannot be restored and a new one must be issued.
• IMPORTANT: In order to use your certificate with Firefox and Thunderbird, the reader must be on your computer before opening the program.
• IMPORTANT for Ubuntu 22.04: The installed Firefox Snap in Ubuntu 22.04 have problems loading libraries for smart cards. It is necessary to download a standard Mozilla Firefox

 

 

Install InfoNotary certificate chain

Start Mozilla Firefox. From the menu, choose Preferences.

From Privacy & Security, choose View Certificates.

Choose the tab Your certificates and click on Import.

Specify the path to certification chain - InfoNotary_Qualified_eIDAS.p12

Leave the field blank and click OK.

Newly installed certificates can be found in section Authorities.

In Mozilla for every certificate of a Certification Authority (CA) the user must choose a level of trust. This is done by selecting the certificate and clicking on Edit Trust. The easiest way to do this setting for the certificate "InfoNotary TSP Root" is to select the two possible options. This will make all the InfoNotary trusted certificates for all operations

 

 

Install software security module

In order to use you digital certificate with Mozilla based applications like Firefox, Thunderbird etc., you must register PKCS#11 module, for your smart card. It is nessesary to install the drivers for the smart card before that.

 

Start Firefox Quantum. From the menu, choose Preferences.

From Privacy & Security, choose Security Devices.

To add a new device, choose Load.

Change the name of the module (Module Name), as desired.

 

Choose PKCS#11 library, that correspondents to your smart card.

 

IDPrime

• Standart location - /usr/lib/libIDPrimePKCS11.so
• 64 bit version of RedHat/Fedora - /usr/lib64/libIDPrimePKCS11.so

 

OpenSC - in dependents of your distribution, which you use, it could be:

• 64 bits Debian distributions (Debian, Ubuntu, Mint) - /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
• 32 bits Debian distributions (Debian, Ubuntu, Mint) - /usr/lib/i386-linux-gnu/opensc-pkcs11.so
• Old versions of Debian/Ubuntu and 32 bit versions of RedHat/Fedora - /usr/lib/opensc-pkcs11.so
• 64 bit versions of RedHat/Fedora - /usr/lib64/opensc-pkcs11.so

 

Bit4ID

• Standart location - /usr/lib/libbit4ipki.so
• 64 bit version of RedHat/Fedora - /usr/lib64/libbit4ipki.so

 

Siemens

• Standart location - /usr/local/lib/libsiecap11.so

 

After you click OK, your smart card will appear in the list of available devices.

 

 

Before you proceed you must do

• If you have smart card reader and smart card from InfoNotary, but you didn't install the drivers for them do the following use repositories of InfoNotary
• IMPORTANT: In the information message "Please enter the master password for InfoNotary", enter your PIN code.
• IMPORTANT: Firefox and Thunderbird use direct access to the smart card. When you have successfully installed your certificates, you SHOULD NOT delete them from there, as this will also delete the certificate, along with the private and public keys on the smart card. After that, the certificate cannot be restored and a new one must be issued.
• IMPORTANT: In order to use your certificate with Firefox and Thunderbird, the reader must be on your computer before opening the program.

 

 

Install Infonotary certificate chain

Start Mozilla Thunderbird. From the menu, select Preferences.

From Privacy & Security select Manage Certificates.

Choose the tab Your certificates and click on Import.

From the window that appears, select the pre-downloaded certification chain - InfoNotary_Qualified_eIDAS.p12

Leave the field blank and click OK.

Newly installed certificates can be found in section Authorities.

In Mozilla for every certificate of a Certification Authority (CA) the user must choose a level of trust. This is done by selecting the certificate and clicking on Edit Trust. The easiest way to do this setting for the certificate "InfoNotary TSP Root" select two possible options. This will make all the InfoNotary trusted certificates for all operations.

 

 

Install software security module

Start Mozilla Thunderbird. From the menu, select Preferences.

From Privacy & Security select Security Devices.

To add a new device, choose Load.

Change the name of the module (Module Name), as desired.

Choose PKCS#11 library, that correspondents to your smart card.

 

IDPrime

• Standart location - /usr/lib/libIDPrimePKCS11.so
• 64 bit version of RedHat/Fedora - /usr/lib64/libIDPrimePKCS11.so

 

OpenSC - in dependents of your distribution, which you use, it could be:

• 64 bits Debian distributions (Debian, Ubuntu, Mint) - /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
• 32 bits Debian distributions (Debian, Ubuntu, Mint) - /usr/lib/i386-linux-gnu/opensc-pkcs11.so
• Old versions of Debian/Ubuntu and 32 bit versions of RedHat/Fedora - /usr/lib/opensc-pkcs11.so
• 64 bit versions of RedHat/Fedora - /usr/lib64/opensc-pkcs11.so

 

Bit4ID

• Standart location - /usr/lib/libbit4ipki.so
• 64 bit version of RedHat/Fedora - /usr/lib64/libbit4ipki.so

 

Siemens

• Standart location - /usr/local/lib/libsiecap11.so

 

After you click OK, your smart card will appear in the list of available devices.

 

 

Configuring use profile in Thunderbird

In order for you to sign your outgoing mails, you have to associate your account with your digital signature on your smart card. To do this follow the steps below:

 

From the menu, select Account Settings.

Press the Select button on "Personal certificate for digital signing" and "Personal certificate for encryption"

A window will appear where you can specify your certificate.

Choose the appropriate certificate from the smart card and confirm by clicking OK.

 

 

Thunderbird will offer you to choose the same certificate for decrypting messages send to you.

 

 

Before proceeding you must do

• IMPORTANT: More information about Okular
• IMPORTANT: Make sure you have installed the necessary drivers for your smart card and reader from HERE
• IMPORTANT: The following instruction is tested on Ubuntu 22.04 and Okular 21.12.3

 

 

Installation of Okular

Install the program thru Terminal with command:

sudo apt-get install okular

 

 

Adding your smart card library in NSS

Configure your NSS repository:

• Install the NSS tools. In Debian based distribution the necessary package is libnss3-tools:

sudo apt-get install libnss3-tools

• Create a directory for the database of NSS with the following command:

mkdir -p $HOME/.pki/nssdb

• Add the library of your smart card using this command:

For IDPrime:

modutil -add "IDPrime" -libfile libIDPrimePKCS11.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY

For Bit4ID:

modutil -add "Bit4id" -libfile libbit4ipki.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY

For OpenSC:

modutil -add "OpenSC" -libfile onepin-opensc-pkcs11.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY

 

 

Signing PDF documents in Okular

1. Choose the PDF file with File > Open

2. From Tools choose Digitally Sign

3. Using your mouse, click drag and draw the area where you would like the signature to appear.

4. Choose your signature and dial your PIN code.