diff options
Diffstat (limited to 'libeufin/bank-transport-ebics.rst')
| -rw-r--r-- | libeufin/bank-transport-ebics.rst | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/libeufin/bank-transport-ebics.rst b/libeufin/bank-transport-ebics.rst deleted file mode 100644 index 5afdd5d6..00000000 --- a/libeufin/bank-transport-ebics.rst +++ /dev/null @@ -1,53 +0,0 @@ -The EBICS Bank Transport -======================== - -An EBICS bank transport in LibEuFin conceptually corresponds -to the "EBICS Subscriber" in EBICS terminology. - - -Bank Transport Setup --------------------- - -The following steps are required to set up an EBICS bank transport: - -1. The bank must set up the EBICS access for the user. - The bank will notify the user of the following parameters: - - * the URL of the EBICS server used by the bank - * the HostID of the bank within the EBICS server (sometimes one EBICS server hosts multiple banks) - * the PartnerID (typically identifies the owner of the bank account within the banking system) - * the UserID (typically identifies the person that accesses the bank account, can be different from the owner) - * the SystemID (optional and rarely used, basically a "sub-identity" of a subscriber when multiple technical - systems have access to the account via EBICS) - -2. The user enters the information from the list above in the setup dialog in the LibEuFin nexus (UI/CLI). - -3. The LibEuFin nexus generates cryptographic key material (3 RSA key pairs). - -4. The nexus sends the public keys electronically to the bank's EBICS server, together with the information - identifying the subscriber (PartnerID, UserID, SystemID). - -5. The user prints a document that contains the public key and hashes for all three key pairs. - The user then signs this document and sends it to the bank (physically/scanned). - -6. The bank receives the letter and verifies that the keys from the letter correspond - to the electronically sent keys. If they match, the bank sets the state of the - subscriber to "ready". - -7. The user now has to wait until the bank has set the EBICS subscriber state to "ready". - There is no in-band notification for this, but the Nexus can try downloading the bank's - cryptographic parameters. This will only succeed once the EBICS subscriber is set to "ready" - by the bank. - -8. The user should confirm the public keys of the bank received in the previous step. - Typically the bank gives the value of these public keys in an out-of-band channel. - -9. Now the user can finally use the EBICS bank transport. The first step after finishing - the setup should be to import the bank accounts accessible for this EBICS subscriber. - - -Alternative ways of setting up the EBICS bank transport are: - -* Importing from a backup. The backup contains metadata (EBICS URL, HostID, - UserId, ...) and the three passphrase-protected subscriber keys. -* Certificate-based setup (currently not supported by LibEuFin, only used in France) |