tl;dr You can get your new Belfius DIGIPASS working by following these instructions
- I only have one device to use Belfius Direct Net and access eID protected sites.
- I can enter my eID PIN code on the DIGIPASS, making the process more secure.
It worked great on Mavericks. Belfius made efforts to get it working on Mac OS X Yosemite, but sadly, it never worked properly on my main machine.
I decided to perform a complete reinstall, and it still didn’t work properly. The DIGIPASS worked very well on other macs in my family, so I decided to figure some stuff out. This is what I found.
What went wrong?
OS X ships with smartcard reader support out of the box:
- It uses the open source CCID driver. This driver supports many smartcard readers. It’s located at
- The DIGIPASS 870 works out of the box with this CCID driver.
To make the DIGIPASS actually work on OS X Yosemite, a small text entry has to be added to the configuration of this CCID driver, the
Info.plist file inside the
ifd-ccid.bundle. This is one of the things the Vasco DIGIPASS installer does.
However, this file is also being manipulated by the eID installer issued by FedICT.
Tampering with system files is dangerous, and this is exactly what went wrong:
- When you install the DIGIPASS 870 driver, it updates the CCID plist.
- When you install the beID middleware, it overwrites the CCID plist with a custom one. It does contain an entry for the DIGIPASS 870, so it should still work from here on. However, if you would run the DIGIPASS 870 installer after the beID installer it corrupts the plist file, rendering both Belfius Direct Net and all eID applications useless.
To make matters more complicated, Vasco lists a knowledge base article that fixes DIGIPASS 870 issues on Mac OS X Mavericks. I had it installed, and it worked well at the time. It actually makes things worse on Yosemite.
So, how to fix it?
Luckily, you can fix all these errors by restoring the CCID config file to a working state. Of course, since you will be tampering with system files, use these instructions at your own risk.
- Install the Belfius DIGIPASS 870 browser plugin. You get this file when you load Belfius Direct Net.
- Install beID middleware.
- Open Finder, open the
Go to folder...menu and enter
- Rename the existing
Info.plist.backup(or something similar), in case you should need it later on.
- I created a gist from the stock Yosemite Info.plist file, with the entry that the Vasco DIGIPASS 870 driver created. Download it, and place the Info.plist file inside the folder you just opened.
If you installed the package from the Vasco KB article, revert those changes. Open Terminal.app, and enter these commands:
sudo rm -rf /Library/LaunchDaemons/org.opensc.pcscd.autostart.plist sudo /Library/OpenSC/bin/sc-securityd.py active
- And reboot.
- Go to https://test.eid.belgium.be/.
- Open Keychain, and check if the BELPIC keychain appears when you insert your eID.