English Deutsch

Initializing a new EBICS user

Standard user initialization

For the following steps we need an instance of EbicsKeyRing, EbicsBank and EbicsUser:

from fintech.ebics import EbicsKeyRing, EbicsBank, EbicsUser, EbicsClient

keyring = EbicsKeyRing(keys='~/mykeys', passphrase='mysecret')
bank = EbicsBank(keyring=keyring, hostid='MYBANK', url='https://www.mybank.com/ebics')
user = EbicsUser(keyring=keyring, partnerid='CUSTOMER123', userid='USER1')

First you have to create the required set of keys:

# Create new keys for this user
user.create_keys(keyversion='A005', bitlength=2048)

If your EBICS account is based on certificates (eg. in France or always with EBICS protocol version 3.0), you have to create the self-signed certificates right after the key generation:

# Create self-signed certificates
# Only if the initialization is based on certificates!
user.create_certificates(
    commonName='John Doe',
    organizationName='My organization',
    countryName='FR',
)

Now you can upload your public keys with the methods INI() and HIA():

client = EbicsClient(bank, user)
# Send the public electronic signature key to the bank.
client.INI()
# Send the public authentication and encryption keys to the bank.
client.HIA()

Create an INI letter, print and sign it and send it to your bank:

# Create an INI-letter which must be printed and sent to the bank.
user.create_ini_letter(bankname='MyBank AG', path='~/ini_letter.pdf')

After your account has been activated by the bank you must retrieve, verify and activate the bank keys:

# After the account has been activated the public bank keys
# must be downloaded and checked for consistency.
print(client.HPB())

# Finally the bank keys must be activated.
bank.activate_keys()

Now your account is ready for further usage.

Initializing a user with certificates signed by a CA

In France it is required to use an officially signed certificate for the signature key if you want to use EBICS TS. The banks accept a few certificate authorities (eg. SWIFT 3SKey). Usually you don't have access to the private key, hence you have to sign the documents externally.

First get the certificate from 3SKey and import it:

# Read certificate
with open('/path/to/cert.crt', 'rb') as fh:
    cert = fh.read()
# Import certificate
user.import_certificates(A005=cert)

Now create the remaining keys:

# Create remaining keys for this user
user.create_keys(bitlength=2048)

And the required self-signed certificates:

# Create self-signed certificates
user.create_certificates(
    commonName='John Doe',
    organizationName='My organization',
    countryName='FR',
)

Now you can upload your public keys with the methods INI() and HIA():

client = EbicsClient(bank, user)
# Send the public electronic signature key to the bank.
client.INI()
# Send the public authentication and encryption keys to the bank.
client.HIA()

Finally you must retrieve, verify and activate the bank keys:

# Download the public bank keys and check them for consistency.
print(client.HPB())

# Finally the bank keys must be activated.
bank.activate_keys()

Now your account is ready for further usage.

Share it Facebook Twitter Email AddThis