1 A proxy to be able to use Buypass (www.buypass.no) smart cards on Linux.
2 Roughly equivalent to Buypass' official “Javafri” application (aka SCProxy),
3 but obviously highly unofficial.
5 Licensed under GPLv2+. If you use this for anything, you're clearly insane.
8 To build, you'll need a bazillion Rust crates, because who can serve HTTPS
9 and talk to a smartcard reader without 105 dependencies. Generate a self-signed
12 openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650 -nodes -subj "/C=NO/CN=localhost CA for multipass"
13 openssl rsa -in key.pem > cert.rsa
15 If you want it to work in Chrome, you'll actually need to go via a CA, so slightly
18 openssl req -x509 -newkey rsa:4096 -keyout CA-key.pem -out CA-cert.pem -days 3650 -nodes -subj "/C=NO/CN=localhost CA for multipass"
19 openssl req -newkey rsa:4096 -keyout key.pem -out server-cert.csr -days 3650 -nodes -subj "/C=NO/CN=127.0.0.1" -addext "subjectAltName = IP.1:127.0.0.1"
20 cat <<EOF >extensions.conf
22 basicConstraints = CA:FALSE
23 keyUsage = digitalSignature, keyEncipherment
24 subjectAltName = IP.1:127.0.0.1
26 openssl x509 -req -days 3650 -in server-cert.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out cert.pem -extensions v3_ca -extfile extensions.conf
27 openssl rsa -in key.pem > cert.rsa
29 Install the certificate (or CA certificate) in your browser. You'll also need
30 to spoof the User-Agent to say Windows, or Buypass will complain about the
35 sudo apt install pcscd libpcsclite-dev
38 Insert the smartcard in your reader, and then go to www.helsenorge.no to log in.
39 There's an example systemd service in multipass.service for persistent running
40 (do cargo build --release first, then adjust path).