Swedish BankID on a free software plattform

In sweden we have a system for online authentication that is pretty curious in many ways. It's called BankID, and are issued by, yes, banks. It's not just useful for banks though, you can use it to access public service functions.

The thing that makes the system curious in my view, is that its run by the banks, and the public services doesn't allow any other system of online authentication. Since its run by banks, there is very little thought given to the needs of the users, only the banks requirements are considered. For security reasons the convenience and freedom of the users is sacrificed. Since not even a hard security token is mandatory in the standard, I fail to see which security concerns are addresed.

Anyway, luckily there is a free software clean room implementation available, http://fribid.se/. This gives you a bit of freedom in usage. There's still a practical problem in aquiring the certificates you need though.

There is another option which is Mobile BankID. It's possible to run this in an Android virtual machine, which also gives you some practical freedom. The Mobile BankID implementation is not free software though.

To test this aproach, I used http://www.android-x86.org/, which is an Android emulator that runs on x86. Following the install instructions is pretty straightforward. Mobile BankID works pretty well in this VM.

But what is the point of this though? Why not just use an Android phone?

In my case I wanted to be able to use several Mobile bankid:s at the same time, which you cant do on the same device. Therefore I created several VM:s with separate bankid:s. They run in parallell perfectly fine.

Another thing I want to do is automate the keypresses with http://www.sikuli.org/. That would be harder with a physical device.