Using your LuxTrust SmartCard on Ubuntu 12.04 (64 bit)
Some posts have dealt with how to configure a LuxTrust smart-card / signing stick on a 64-bit Linux system, for instance prosciens. While their solution is quite creative and elegant, I found using chroot a bit overblown and very technical for my needs.
Initially I tried to go with the 64-bit Luxtrust middleware that is available on the LuxTrust site, as well as the 64 bit Sun Java plugin. I could get both the middleware as well as the plugin to work, however most sites accepting the Luxtrust certificate are not adapted to using a 64-bit JRE. For instance, the LuxTrust applet used by Raiffeisen fails with an error message indicating that some libraries used by it are relying on a 32-bit JVM :
The only site that worked with the 64-bit configuration was guichet.public.lu, while other sites that I have tested that did not work, include CCP Connect, Raiffeisen Online and MaCommune.lu.
Installing a 32-bit LuxTrust environment
For full compatibility with most services, it seems to be necessary to go with a 32-bit browser configuration for the moment.
Luckily, a 32-bit Firefox works just fine on a 64-bit Linux, provided the ia32-libs are installed, so if you don't have them yet, type in a console window
sudo apt-get install ia32-libs
The next step is to get a 32-bit Firefox, which is a bit hidden on the download page of Mozilla and can be obtained from here (select the desired language and download the tar.gz package).
In the download location, unpack the tar.gz and move it to a location of your choice. In the console navigate to the download location and type
tar xvfj firefox-20.0.1.tar.bz2
sudo mv firefox /usr/local/firefox-32
Also, download a 32-bit Linux java plugin from the Oracle Java download site, and extract the tar.gz to a location of your choice.
tar xvfz jre-7u21-linux-i586.tar.gz
sudo mv jre1.7.0_21 /usr/local/lib/
Link the 32-bit Java plugin library to the Firefox plugins directory
cd /usr/lib/mozilla/plugins
sudo ln -s /usr/local/lib/jre1.7.0_21/lib/i386/libnpjp2.so ./
Download the 32-bit LuxTrust (Gemalto) middleware from the LuxTrust site. In the console, cd to the download folder and install a few dependencies first, and the LuxTrust middleware then
sudo apt-get install libpcsclite1:i386
sudo apt-get install libssl0.9.8:i386
sudo dpkg -i LuxTrust_Middleware_64bit_6.1-007.deb
Time to configure the LuxTrust PKCS#11 module in your browser. For that, make sure that your LuxTrust card is NOT inserted into your smartcard-reader.
Start your 32-bit Firefox, for instance by typing into the console
/usr/local/firefox-32/firefox
Open the Firefox preferences and click on security devices
On the window that follows, click Load on the right hand side (as said, it is important that the card is not in the reader or the signing stick is not connected to the computer)
After a short time, an entry "Gemalto Luxtrust" should show up, with one or more subelements. If that worked and the Java plugin is correctly installed, Luxtrust authentication should work in your 32-bit browser.
For me, this now worked for Guichet.public.lu (again), Raiffeisen, CCP Connect, but not MaCommune.lu !
Using LuxTrust on a 64-bit Linux: the bottomline
LuxTrust can be configured to work with most sites on Ubuntu, while some still fail without any clear error-messages or other indications (cf. MaCommune). Overall I think, while there is some support for Linux by LuxTrust itself, most service providers will be eager to tell you that they don't officially support it, if you report any problems.
