Gallery
e-Cert File USB hi-resFirst published: 23rd February 2017
The e-Cert File USB is an option method of delivery for a Hongkong Post e-Cert. It is offered as an option when applying for an e-Cert at the additional cost of HK$40.
Technically, the e-Cert File USB is a small USB storage device, packaged as a credit-card sized plastic card with a flip-tongue that is fits a USB type A socket. The back of the card is printed with a barcode and number, probably a serial number. When inserted into a Linux machine, it is recognised as a USB device and automatically mounted:
usb 1-1: new high-speed USB device number 10 using ehci-pci
usb 1-1: New USB device found, idVendor=1908, idProduct=1320
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: Product: Mass storage
usb 1-1: Manufacturer: Generic
usb 1-1: SerialNumber: 4034650972
usb-storage 1-1:1.0: USB Mass Storage device detected
scsi host7: usb-storage 1-1:1.0
scsi 7:0:0:0: Direct-Access Generic Flash-Disk 1.08 PQ: 0 ANSI: 2
sd 7:0:0:0: Attached scsi generic sg3 type 0
sd 7:0:0:0: [sdc] 8192 512-byte logical blocks: (4.19 MB/4.00 MiB)
sd 7:0:0:0: [sdc] Write Protect is off
sd 7:0:0:0: [sdc] Mode Sense: 03 00 00 00
sd 7:0:0:0: [sdc] No Caching mode page found
sd 7:0:0:0: [sdc] Assuming drive cache: write through
sdc: sdc1
sd 7:0:0:0: [sdc] Attached SCSI removable disk
The lsusb utility identifies it as a photo frame:
ID 1908:1320 GEMBIRD PhotoFrame PF-15-1
It is about 4MB, and contains a single FAT16 volume:
fdisk -l /dev/sdc
Disk /dev/sdc: 4 MiB, 4194304 bytes, 8192 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xc3072e18
Device Boot Start End Sectors Size Id Type
/dev/sdc1 * 1 8191 8191 4M e W95 FAT16 (LBA)
The contents are a PKCS #12 file with the extension .p12 that contains your certificate and private key, a UserGuide.html, and a "System Volume Information" directory containing the volume GUID. The PKCS #12 file is protected with a 16-digit PIN, which Hongkong Post supplies in a separate secure mailer. It could be argued that 16 digits is not sufficient password strength, given that there is no retry limitation, so changing the PIN to a strong pass-phrase is recommended.
The user guide includes a link to instructions on importing the personal certificate to a browser. Note that for GovHK services such as renewing a driving license or eTax, it is not necessary to import the certificate to your browser because the authentication is performed by the Java app, not the browser.
