Unifyia User Client - Linux (Ubuntu)

The Unifyia User Client v2.2.2 is a Linux (Ubuntu) service application that enables interaction with different types of card readers to perform operations on connected identity devices. Acting as an intermediary service, it links the Unifyia platform with the corresponding card readers, allowing for the execution of card-related actions. The Unifyia User Client specifically supports interaction with PCSC Card Readers, including both contact and contactless types.

Feature	Description
Software Distribution	You will find the application in the Device Client > Linux folder in the software distribution packages shared with you. The installation files are packaged as unifyiauserclient.deb.
Supported Browsers	Google Chrome Microsoft Edge
Supported Linux Flavors	Ubuntu
Supported Functions	To install, read, and write PCSC - Contact and Contactless Cards listed below: IDEMIA- ID-One PIV v2.4.2 on Cosmo V8.2 IDEMIA- ID-One PIV 2.4.1 on Cosmo V8.1 IDEMIA- ID-One PIV 2.3.4 on Cosmo V7 Giesecke & Devrient - G&D SCE 7.0 with PIV Applet V1.0 ZTPass - ZTPass on NXP P71D600 Thales- Thales IDPrime PIV v3.0 Yubico - YubiKey 5 Series Arculus AuthentiKey Swissbit - Swissbit iShield Key
Supported Devices	The Unifyia Client is compatible with all PCSC Card Readers - Contact and Contactless.

Prerequisites

For the device client to work in the Linux environment, you need to install PC/SC Lite Daemon and NSS-Tools.

PC/SC-Lite Daemon

PCSC-Lite Daemon which is an open-source implementation of the PC/SC standard. It is part of the global MUSCLE project (Movement for the Use of Smart Cards in a Linux Environment). PC/SC serves as the de facto standard for connecting personal computers with smart cards and smart card readers. Follow the below steps to install:

Open a terminal and type the below command.


                                // To install PC/SC
sudo apt install pcscd

//To start pcscd
sudo systemctl start pcscd && sudo systemctl enable pcscd

Follow the default installation process to install.
To uninstall the pcscd service, execute the below command:
// To uninstall PC/SC sudo apt remove --purge pcscd

NSS-Tools

Network Security Services (NSS) is a collection of libraries created to facilitate the cross-platform development of security-enabled client and server applications. Applications developed using NSS can support various security standards, including SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and more.

The NSS dependency (libnss3-tools) package is required to import self-signed localhost SSL certificate to the browser keystore. Follow the below steps:

Open a terminal and type the below command to install the NSS dependency.
// To install NSS-Tools sudo apt install libnss3-tools
Provide the system password when prompted.

To uninstall, execute the below command:


                                // To uninstall NSS-Tools and libraries
sudo apt remove --purge libnss3-tools

Install Client

NOTE
If you have already installed the client service, ensure to uninstall the old versions before installing the latest version.

This section will walk you through the process of installing the Client service meant for users on Linux. On your local machine, download and extract the Client application that was shared with you. Follow the installation instructions for your operating system.

Download the unifyiauserclient.deb installer from the Device Client > Linux folder shared with you to your local machine, from where you are accessing the Unifyia platform.
You cannot choose your installation directory. So, the default installation home path is /opt/Unifyia where you can find bin and lib folders.
Go to the downloads folder, open a terminal window, and run the following command to install the user client.


                                // To install User Client on Ubuntu machines 
sudo dpkg -i unifyiauserclient.deb

After you run the command, you will be prompted for your system password to install the software. Provide your password and press Enter.
You have successfully installed the Client service, which can now be found in the list of local services on your machine.

PC/SC Driver for Arculus AuthentiKey

Ubuntu systems do not automatically detect Arculus AuthentiKey devices. To enable detection, you must install the latest PC/SC drivers for USB CCID (Chip/Smart Card Interface Devices) smart card readers. This driver package is required to facilitate communication with CCID smart card readers via the PC/SC Lite resource manager (pcscd). Follow the steps below to download and install the latest libccid driver, which will allow your system to recognize Arculus AuthentiKey devices.

Open a terminal and run the below command to check your system architecture:
//To check system architecture dpkg --print-architecture
You'll get the output as either amd64 (for 64-bit systems) or i386 (for 32-bit systems)
Visit the Official libccid package repository and scroll down to end of the page to view the latest packages. Download the latest version of the libccid package (.deb file) matching your system architecture (64 or 32-bit system). For example:
1. For 32-bit systems: libccid_1.6.2-1_i386.deb
2. For 64-bit systems: libccid_1.6.2-1_amd64.deb
Navigate to the folder where you downloaded the package and run the below command to install the driver. Ensure to replace <filename> in the below command with the exact filename that you have downloaded. For example, libccid_1.6.2-1_i386.
//To install the libccid driver sudo dpkg -i <filename>.deb
If dpkg reports missing dependencies, run the below command to fix them:
//To fix the missing dependencies sudo apt-get install -f
Ensure to restart the Smart Card Daemon (pcscd) after installing libccid driver. To restart the pcscd service, run the below command:
//To restart the pcscd service sudo systemctl restart pcscd

Uninstall the PC/SC (libccid) Driver

To uninstall and remove only the driver, run the below command:


                                //To uninstall and remove only the driver
sudo apt remove libccid

To uninstall and remove the drivers along with the config files, run the below command:


                                //To uninstall and remove the driver along with the config files
sudo apt purge libccid

To verify if the uninstallation is complete, run the below command. If no output appears, the driver has been successfully removed.
//Verify if uninstallation is successful dpkg -l | grep libccid
Ensure to restart the Smart Card Daemon (pcscd service) after removing libccid driver. To restart the pcscd service, run the below command:
//To restart the pcscd service sudo systemctl restart pcscd

Stop and Restart Service

If the Unifyia platform is unable to detect the client service, then try to stop and restart the service. To stop and restart the service manually, open a terminal and run the following commands. Provide the system password when prompted.


                        //To stop the service
 systemctl stop DeviceClient.service

// To start the service
systemctl start DeviceClient.service

Uninstall Client

Open a terminal and run the following command to uninstall the Client application on a Linux machine.


                        // To uninstall the client service
sudo dpkg -r unifyiauserclient

Troubleshooting

This section will help you troubleshoot common service issues. Simply click on the problem to find steps for resolving it.

Service is unavailable or unresponsive.

If the Client service is not responding and appears to be offline, first clear the cache and verify if the client appears online. Alternatively, you can check the browser settings.

On the browser, go to Settings > Privacy and Security.
Under the Certificates section, check if the Client ROOT CA certificate is listed under the Authorities tab.
If yes, then click on the Client ROOT CA certificate and select Edit Trust settings. Ensure that This certificate can identify the websites checkbox is enabled. If it isn't, select it. Reload the browser and verify. The client appears online.

If the Client Root CA is not imported, follow the below steps to import it:
1. Open a terminal window.
2. Navigate to the directory opt/Unifyia/script and run the following command:
3. Check if the Client ROOT CA certificate is listed under the Authorities tab. If yes, click on the Client ROOT CA certificate and select Edit Trust. Ensure that This certificate can identify the websites checkbox is enabled. If it isn't, select it. Reload the browser and verify. The client appears online.
If smart card is not detected by the browser, try to stop and restart the service.

Browser displays Your connection is not private error message.

This issue occurs if the certificate issued for the client application is not read from the trust store by the browser because of which the Client appears to be offline. Follow the below steps:

Open your browser's privacy and security settings.
Navigate to the View Certificates.
Search for Client ROOT CA.
Under the edit or trust settings, enable the option that says This Certificate can identify websites.
Verify if the Client application is online. Otherwise, log out from the application and close the browser. Open a fresh browser and log into the Unifyia platform. The client application appears online.

Back Next

On this page

Prerequisites
- PC/SC Lite Daemon
- NSS-Tools
Install Client
Uninstall Client
Troubleshooting