
What is AqHBCI ?
================

AqHBCI is a HBCI backend for AqBanking
(http://www.aquamaniac.de/aqbanking/).

It provides support for the German online banking protocol HBCI.


Features
========

Security Media
--------------

Currently the following security media are supported:
 - DDV chip card (either DDV0 or DDV1)
 - OpenHBCI key file (OpenHBCI 1 and 2)
 - PIN/TAN authentification (no extra file is saved)


Dependencies
============

Required
--------

You will need these projects:
 - Gwenhywfar (http://gwenhywfar.sf.net/)
 - AqBanking (http://www.aquamaniac.de/aqbanking/)


Recommended
-----------

You might also want to install the security media plugins:
- DDV chipcard plugin
- RDH chipcard plugin

There is also a setup wizard for AqHBCI available (a KDE application), you
can download it from the project page of AqHBCI. This wizard can be used
from any program which is able to start an external program.


Building AqHBCI
===============

Building from the Tar File
--------------------------

#>./configure
#>make
#>make install

(the last step most probably requires you to be root)


Building from CVS
-----------------

#>make -fMakefile.cvs
#>./configure
#>make
#>make install


Building the API Documentation
------------------------------

#>make srcdoc

If you want to install a linked API documentation (which links against the
API documentations of the projects AqHBCI depends on) use this:

#>make install-srcdoc

This installs the linked doc to the path you gave to ./configure in 
 "--with-docpath=PATH". It defaults to "$HOME/apidoc".



Environment Variables
=====================

AQHBCI_LOGBOOKED
----------------
If this environment variable exists then the file "/tmp/booked.mt" is created
upon reception of transactions via the job GetTransactions. This file then
contains a SWIFT MT940 document which can be very helpfull in case there is
a problem in the SWIFT parser.


AQHBCI_DEBUG_JOBS
-----------------
If this variable exists then additional debugging data is stored with each
job.






Security
========

In PIN/TAN mode AqHBCI stores certificates of the bank in a special folder:
      $HOME/.banking/backends/aqhbci/data/banks/280/<BLZ>/certs/.
(<BLZ> is the routing number of your bank, German "Bankleitzahl")

Authentification of the bank is only possible by checking against the known
certificates stored in this folder.

For maximum security you could chown this folder to another user and make it
readable and accessible by the running user after having received and 
acknowledged the bank's certificate.

This way the running application is able to read and verify the certificates
but unable to modify it or to add new ones.





