Enable smart cards in snapped browsers

1. Overview

2. Select your smart card driver

  1. Check if your smart card is supported by OpenSC. See Supported hardware (smart cards and USB tokens).

    If you can see your smart card on the list, you can skip this whole section.

  2. If your smart card isn’t supported by OpenSC, you need a binary driver for your smart card. Your organization or government usually provides this driver.

    Warning
    Using third-party smart card drivers in snap is experimental and unsupported. The driver might not work.

  3. Install the smart card driver that you received from your organization or government. For example, Bit4id cards require the libbit4xpki.so driver, which is a proprietary p11k library. When you install the driver, it’s available at the /usr/lib/libbit4xpki.so file path.

    In the following commands, replace libbit4xpki.so with the file name of your driver and /usr/lib/libbit4xpki.so with the full path to the driver.

  4. Move the smart card driver, such as libbit4xpki.so, into the snap environment in your home directory.

    • For Firefox:

      cp /usr/lib/libbit4xpki.so ~/snap/firefox/common/

    • For Chromium:

      cp /usr/lib/libbit4xpki.so ~/snap/chromium/common/

3. Configure Firefox

Enable smart card access in the Firefox snap. You can choose the graphical or terminal interface:

  • In the GNOME graphical interface:

    1. Open Settings.
    2. Go to Apps → Firefox.
    3. Enable pcscd.

  • In the terminal, enter the following command:

    sudo snap connect firefox:pcscd

Load the smart card module in Firefox:

  1. Open Firefox and go to Settings → Privacy & Security → Security → Security devices.

  2. Click the Load button.

  3. Enter the following line into the Module filename field:

    • If your card is supported by OpenSC:

      /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so

      If you’re running Ubuntu on a different CPU architecture than Intel 64 and AMD64, replace x86_64-linux-gnu with your architecture code name.

    • If you provided a proprietary smart card driver:

      /home/MY_USER_NAME/snap/firefox/common/libbit4xpki.so

      Replace MY_USER_NAME with your user name and libbit4xpki.so with the proprietary driver file name.

    Warning
    Do not use the Browse button.

  4. Click OK to confirm.

4. Configure Chromium

Enable smart card access in the Chromium snap. You can choose the graphical or terminal interface:

  • In the GNOME graphical interface:

    1. Open Settings.
    2. Go to Apps → Chromium Web Browser.
    3. Enable pcscd.

  • In the terminal, enter the following command:

    sudo snap connect chromium:pcscd

Load the smart card module in Chromium:

  1. Install the modutil tool:

    sudo apt install libnss3-tools

  2. Add the smart card module to the NSS Database:

    • If your card is supported by OpenSC:

      modutil -dbdir sql:.pki/nssdb/ -add "OpenSC" -libfile /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so

      If you’re running Ubuntu on a different CPU architecture than Intel 64 and AMD64, replace x86_64-linux-gnu with your architecture code name.

    • If you provided a proprietary smart card driver:

      modutil -dbdir sql:.pki/nssdb/ -add "Bit4id" -libfile /home/MY_USER_NAME/snap/chromium/common/libbit4xpki.so

      Replace MY_USER_NAME with your user name, Bit4id with your smart card name or brand and libbit4xpki.so with the proprietary driver file name.

5. Test if the authentication works

Open your web browser and try authenticating with your smart card.

Did it work? If not:

Report any bugs

Additional resources

This tutorial connects the pcscd smart card plug to the web browser snap. For details about pcscd, see The pcscd interface.

© 2025 Canonical Ltd.

Ubuntu and Canonical are registered trademarks of Canonical Ltd.