Update: HBCI testing for non-Germans

Christian Stimming stimming at tuhh.de
Sat Jan 15 11:00:00 EST 2005

Hi all,

a few days ago I described an available testserver account, so that others can 
try out the HBCI features even without an actual HBCI bank.

The provider of this testserver now notified me that its server address has 
changed. So if you tried the setup with the IP address from 2005-01-11, then 
you will have to try again with a new address of 
"www.hora-obscura.de/pintan/PinTanServlet". Since this might be interesting 
for other hackers in the future as well, I just added this into src/
import-export/hbci/HACKING-HBCITEST.txt. The file is intended solely to 
developers, not at all to end users, so it should never be distributed with 
any tarball. Below is a copy of this text.


Hi all developers,

as you know, Gnucash includes support for the German online banking 
protocol HBCI, and I usually emphasize that anyone outside Germany will 
be unable to use all these cool features. But it recently came to my 
mind that there is a test server, simulating a HBCI bank, which is run 
by a friend of us (Stefan Palme), and he is able to give the Gnucash 
developers something like a test account for, well, testing purposes.

One authentification method of the HBCI protocol requires only a PIN for 
login, and a TAN (transaction number) for each issued online order. We 
can use this as a shared test account, because anyone who knows the PIN 
(and some TANs) can use it. So I invite all you fellow developers to 
install the HBCI features of gnucash, start the HBCI setup druid, setup 
a Pin/Tan-based HBCI account, and just try out all the possible 
features. Naturally, this test account won't move any real money around )

(The Pin/Tan authentification method was added in 1.8.10 when changing 
the HBCI library to Aqbanking. This method is rather insecure, but since 
it is very simple to use there is quite some demand for it. So we 
eventually implemented it in gnucash. I wouldn't recommend this for real 
online banking if there is any of the other HBCI authentification 
methods like chip cards or RSA keys available.)

Here's what you need to enter in the HBCI setup druid:
* "Use Pin/Tan mode"
* Bank Code: 80007777
   Server: www.hora-obscura.de/pintan/PinTanServlet 
   (the URL changed on 2005-01-15)

   User-Name: (something arbitrary; only for yourself)
   User-Id: gnucash
   Customer-Id: gnucash [or as a second customer: gnucash2]
* Then press next all the time
* For this user the PIN is: 12345
* The setup druid should automatically recognize that this account 
  offers access to the account numbers "2501111538" and "2501111539"
* That finishes the setup.

If you want to send money between these two account numbers back and 
forth, you can do so by using any of the following TANs:

Enjoy! Don't hesitate to notify me if anything is broke.

Christian stimming at tuhh.de

There's an administrator web frontend reachable under
https://www.hora-obscura.de/hbci wheren the used TANs can be
resetted. The password for this can be asked from Christian Stimming.

More information about the gnucash-devel mailing list