Docuement key-based access to GLS.

1 files changed, 27 insertions, 1 deletions

diff --git a/doc/gls.txt b/doc/gls.txt
index c265c6e..8f5135e 100644
--- a/doc/gls.txt
+++ b/doc/gls.txt
@@ -1,7 +1,33 @@
+### ---- key based access.  Extracted from https://www.aquamaniac.de/sites/download/download.php?package=09&release=09&file=01&dummy=aqbanking4-handbook-20091231.pdf
+
+# 1 Create local keys _container_ (so no keys are created yet).
+gct-tool create -t ohbci output.medium
+
+# 2 Create user associated with local keys. (From now on, ${UNIQUEID} points to this fresh user)
+aqhbci-tool4 adduser -s 'https://hbci.gad.de' -u VRK5889860152647799 -c VRK5889860152647799 -N 6726405199003430951 -b 43060967 -t ohbci --context=1 --rdhtype=0 --hbciversion=300 -n output.medium
+
+# 3 Get keys (sign & crypt) from the bank.  Didn't work.
+aqhbci-tool4 getkeys --user=${UNIQUEID}
+
+# 4 Show local (container) and bank's keys.  No warnings reported, but neither keys hashcodes. 
+gct-tool showkey -t ohbci -n output.medium
+
+# 5 Actually create keys now.  Worked.
+aqhbci-tool4 createkeys --user=${USER}
+
+# 6 Send keys to the bank.  Didn't work (I suspect the URL associate with the user is not right).
+aqhbci-tool4 sendkeys --user=${USER}
+
+# 7 Last, generate letter.  Worked.
+aqhbci-tool4 iniletter --user=${USER} > ini.txt
+
+# 8 Pen-sign the letter and send via snail mail to the bank.
+
+============== mobile TAN method below; could not get it to work.
+
 # Add a user in the system.  The user has a bank and a customer id, but is _not_ active yet (see command below).
 aqhbci-tool4 adduser -s 'https://hbci-pintan.gad.de/cgi-bin/hbciservlet' -u VRK588XXX -c VRK588XXX -N 6726405XXX -b 43060967 -t pintan --context=1
 
 # This is the command the "unlocks" the user.  After this command, the user should be able to ask for the balance and
 # transactions list, but not to issue payments.
 aqhbci-tool4 getitanmodes --user=U
-