First published: 23rd February 2017
The e-Cert File USB is an option method of delivery for a Hongkong Post e-Cert. It is offered as an option when applying for an e-Cert at the additional cost of HK$40.
Technically, the e-Cert File USB is a small USB storage device, packaged as a credit-card sized plastic card with a flip-tongue that is fits a USB type A socket. The back of the card is printed with a barcode and number, probably a serial number. When inserted into a Linux machine, it is recognised as a USB device and automatically mounted:
usb 1-1: new high-speed USB device number 10 using ehci-pci usb 1-1: New USB device found, idVendor=1908, idProduct=1320 usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1: Product: Mass storage usb 1-1: Manufacturer: Generic usb 1-1: SerialNumber: 4034650972 usb-storage 1-1:1.0: USB Mass Storage device detected scsi host7: usb-storage 1-1:1.0 scsi 7:0:0:0: Direct-Access Generic Flash-Disk 1.08 PQ: 0 ANSI: 2 sd 7:0:0:0: Attached scsi generic sg3 type 0 sd 7:0:0:0: [sdc] 8192 512-byte logical blocks: (4.19 MB/4.00 MiB) sd 7:0:0:0: [sdc] Write Protect is off sd 7:0:0:0: [sdc] Mode Sense: 03 00 00 00 sd 7:0:0:0: [sdc] No Caching mode page found sd 7:0:0:0: [sdc] Assuming drive cache: write through sdc: sdc1 sd 7:0:0:0: [sdc] Attached SCSI removable disk
The lsusb utility identifies it as a photo frame:
ID 1908:1320 GEMBIRD PhotoFrame PF-15-1
It is about 4MB, and contains a single FAT16 volume:
fdisk -l /dev/sdc Disk /dev/sdc: 4 MiB, 4194304 bytes, 8192 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0xc3072e18 Device Boot Start End Sectors Size Id Type /dev/sdc1 * 1 8191 8191 4M e W95 FAT16 (LBA)
The contents are a PKCS #12 file with the extension
.p12 that contains your certificate and private key, a UserGuide.html, and a "System Volume Information" directory containing the volume GUID. The PKCS #12 file is protected with a 16-digit PIN, which Hongkong Post supplies in a separate secure mailer. It could be argued that 16 digits is not sufficient password strength, given that there is no retry limitation, so changing the PIN to a strong pass-phrase is recommended.
The user guide includes a link to instructions on importing the personal certificate to a browser. Note that for GovHK services such as renewing a driving license or eTax, it is not necessary to import the certificate to your browser because the authentication is performed by the Java app, not the browser.