HBCI data structures and Gnucash

[Andreas Bogk]

Christian Stimming <stimming@tuhh.de> writes:

> identifies the customer to the Bank (specifically for HBCI). A
> Customer has a public-private key pair for authentication and
> encryption; his public key will be verified by the bank through
> means of an "Ini-Letter", where the user prints the key fingerprint
> on paper, signs it and sends it to the bank via paper
> mail. (Alternatively there's a chip card based solution, where a
> Customer owns a chip card that was given to him by the Bank.)

Minor correction: even in the chip card case, the key can be (and
usually is) generated by the end user, who's sending his fingerprint
to the bank.  I'd majorly distrust any bank that insists on generating
the key for me.

BTW: I'm impressed by the sanity of the banks here.  Exchange of
fingerprints is easy, provides a legal entry point to establish a
contract, and can be done between bank and customer without any third
party like a CA involved.  I've always thought that public key
infrastructures with central authorities are neither necessary nor
beneficial, and I'm glad to see the banks sharing that distrust.

> 4. HBCI support in Gnucash

I think the trickiest issue is keeping track of the state of a
transaction, i.e. "entered, but not sent to the bank yet", "sent to
the bank, but not processed", "statement received and reconciled".

Andreas

-- 
"In my eyes it is never a crime to steal knowledge. It is a good
theft. The pirate of knowledge is a good pirate."
                                                       (Michel Serres)