diff options
-rw-r--r-- | frags/ebics-setup.rst | 63 | ||||
-rw-r--r-- | libeufin/nexus-manual.rst | 65 | ||||
-rw-r--r-- | libeufin/regional-manual.rst | 11 |
3 files changed, 69 insertions, 70 deletions
diff --git a/frags/ebics-setup.rst b/frags/ebics-setup.rst new file mode 100644 index 00000000..c6ff5143 --- /dev/null +++ b/frags/ebics-setup.rst @@ -0,0 +1,63 @@ + +When you sign up for an EBICS-enabled bank account, the bank will provide you +with various credentials. Those must be provided in the +``/etc/libeufin/libeufin-nexus.conf`` configuration file together with the +name of the *fiat* currency. + +The following snippet shows the mandatory configuration values: + +.. _core-config: + +.. code-block:: console + + [nexus-ebics] + CURRENCY = CHF + + # Bank + HOST_BASE_URL = http://bank.example.com/ + BANK_DIALECT = postfinance + + # EBICS IDs + HOST_ID = mybank + USER_ID = myuser + PARTNER_ID = myorg + + # Key files + BANK_PUBLIC_KEYS_FILE = ${LIBEUFIN_HOME}/bank-keys.json + CLIENT_PRIVATE_KEYS_FILE = ${LIBEUFIN_HOME}/subscriber-keys.json + + # Account information + IBAN = myiban + BIC = mybic + NAME = myname + +.. note:: + Refer to the manpage ``libeufin-nexus.conf(5)`` + for the full array of configuration values. + +Assuming that the configuration file exists at ``$config_file``, the following +command would start the EBICS setup process. The files CLIENT_PRIVATE_KEYS_FILE +and BANK_PUBLIC_KEYS_FILE would be created at the CWD. Adjust their path to your +setup ('$HOME' is currently not supported along paths). + +.. code-block:: console + + libeufin-nexus ebics-setup -c $config_file + +If the previous command succeeded, the subscriber keys reached the bank, but the setup +**should** fail with an ``EBICS_INVALID_USER_STATE`` error code. That happens because +the client tries to download the bank keys *before* having confirmed the subscriber keys +via the traditional post service. + +To that purpose, the previous run should have left a PDF document that the subscriber can +print, sign, and send to the bank to confirm their subscriber keys. Look for the message +looking like ``PDF file with keys hex encoding created at: /tmp/libeufin-nexus-keys-$timestamp.pdf``. + +Once the bank received and approved such printed document, run the same command again, in +order to download the bank keys and let the user accept them. + +.. code-block:: console + + libeufin-nexus ebics-setup -c $config_file + +The setup is considered finished once the user accepts the bank keys.
\ No newline at end of file diff --git a/libeufin/nexus-manual.rst b/libeufin/nexus-manual.rst index 686bb1ff..14988b7e 100644 --- a/libeufin/nexus-manual.rst +++ b/libeufin/nexus-manual.rst @@ -45,68 +45,7 @@ be found in the $PATH. Setting up the EBICS subscriber =============================== -When you sign up for an EBICS-enabled bank account, the bank will provide you -with various credentials. Those must be provided in the -``/etc/libeufin/libeufin-nexus.conf`` configuration file together with the -name of the *fiat* currency. - -The following snippet shows the mandatory configuration values: - -.. _core-config: - -.. code-block:: console - - [nexus-ebics] - CURRENCY = CHF - - # Bank - HOST_BASE_URL = http://bank.example.com/ - BANK_DIALECT = postfinance - - # EBICS IDs - HOST_ID = mybank - USER_ID = myuser - PARTNER_ID = myorg - - # Key files - BANK_PUBLIC_KEYS_FILE = ${LIBEUFIN_HOME}/bank-keys.json - CLIENT_PRIVATE_KEYS_FILE = ${LIBEUFIN_HOME}/subscriber-keys.json - - # Account information - IBAN = myiban - BIC = mybic - NAME = myname - -.. note:: - Refer to the manpage ``libeufin-nexus.conf(5)`` - for the full array of configuration values. - -Assuming that the configuration file exists at ``$config_file``, the following -command would start the EBICS setup process. The files CLIENT_PRIVATE_KEYS_FILE -and BANK_PUBLIC_KEYS_FILE would be created at the CWD. Adjust their path to your -setup ('$HOME' is currently not supported along paths). - -.. code-block:: console - - libeufin-nexus ebics-setup -c $config_file - -If the previous command succeeded, the subscriber keys reached the bank, but the setup -**should** fail with an ``EBICS_INVALID_USER_STATE`` error code. That happens because -the client tries to download the bank keys *before* having confirmed the subscriber keys -via the traditional post service. - -To that purpose, the previous run should have left a PDF document that the subscriber can -print, sign, and send to the bank to confirm their subscriber keys. Look for the message -looking like ``PDF file with keys hex encoding created at: /tmp/libeufin-nexus-keys-$timestamp.pdf``. - -Once the bank received and approved such printed document, run the same command again, in -order to download the bank keys and let the user accept them. - -.. code-block:: console - - libeufin-nexus ebics-setup -c $config_file - -The setup is considered finished once the user accepts the bank keys. +.. include:: ../frags/ebics-setup.rst Sending payments ================ @@ -228,7 +167,7 @@ be stored. [nexus-postgres] config = postgres:///nexus [nexus-fetch] - # Optional, but usfeful against data loss. + # Optional, but usefull against data loss. statement_log_directory = $LIBEUFIN_DATA_HOME/downloads Assuming that ``$config_file`` contains any required option, the following command diff --git a/libeufin/regional-manual.rst b/libeufin/regional-manual.rst index 791f8dc0..ec7b4e2d 100644 --- a/libeufin/regional-manual.rst +++ b/libeufin/regional-manual.rst @@ -96,6 +96,7 @@ desired setup, in particular: * The name of the regional currency. It must have 3 to 11 letters. Currently only 'NETZBON' is supported. + * The ISO code of the fiat currency. Currently only 'CHF' is supported. * The name of the regional currency bank. It will be shown to business users when they interact with the system. * Whether to use TLS or not. You should answer ``y`` in most cases. @@ -106,8 +107,7 @@ desired setup, in particular: you should then study the exchange manual on offline key management to finish the exchange setup process later. * The admin password for the bank. Be absolutely sure to enter a very, - very long and high-entropy password, preferably generated by a tool - like "uuidgen". + very long and high-entropy password, preferably use the autogenerated one. * The DNS domain name of your setup (i.e: domain.tld). The installer will create by itself all the needed subdomains for your domain name, as (``bank.$DOMAIN``, ``exchange.$DOMAIN`` and ``backend.$DOMAIN``). @@ -116,7 +116,7 @@ desired setup, in particular: IP address of the system on which you are running the installation (before you execute the installer)). -The information you entered will be stored in a file called ``config/user.conf``. +The information you entered as well as the generated bank admin password will be stored in a file called ``config/user.conf``. Should you run the script in the future (for example, to upgrade the installation), you will not be asked these questions a second time. @@ -175,10 +175,7 @@ Contact us if you need support for another bank or core banking protocol. EBICS setup +++++++++++ -Follow the instructions from :ref:`EBICS subscriber setup <ebics-setup>` to -configure the LibEuFin Nexus for access to your fiat bank account, but do edit -the config file at ``/etc/libeufin/libeufin-nexus.conf``, since the other components -expect it. +.. include:: ../frags/ebics-setup.rst .. note:: |