Hello - long time I am using KMyMoney and all went well until last year when I lost everything. So I played around with different topics but finally installed KDE NEON on my laptop now. Happy to use KMyMoney again but now cannot get HBCI Banking to work with my Ing-Diba accounts.

When I try to configure aqbanking from within the SW Settings then I can get until the user setting. Going through all steps for the PIN/TAN connection until the SW communicates with the bank server, receives the certificate well but then gives me following error message:

Code: Select all

14:13:44
Server-Zertifikat abrufen
14:13:44
Verbindung vorbereiten
14:13:44
Mit Server verbinden...
14:13:44
Verwende GnuTLS Default Ciphers.
14:13:44
TLS: SSL-Ciphers ausgehandelt: TLS1.2:ECDHE-RSA-AES-256-GCM:AEAD
14:13:44
Verbunden.
14:13:44
Verbindung beendet.
14:13:44
Got certificate
14:13:44
Retrieving generic bank info (SCA)
14:13:44
HBCI-Aufträge werden ausgeführt
14:13:44
AqHBCI gestartet
14:13:44
Encoding queue
14:13:44
Sending message
14:13:44
Verwende GnuTLS Default Ciphers.
14:13:45
TLS: SSL-Ciphers ausgehandelt: TLS1.2:ECDHE-RSA-AES-256-GCM:AEAD
14:13:45
Message sent
14:13:45
Queue sent
14:13:45
Waiting for response
14:13:45
Response received
14:13:45
HBCI: 9800 - Der Dialog wurde abgebrochen. (M)
14:13:45
HBCI: 9400 - Der anonyme Dialog wird nicht unterstützt. (M)
14:13:45
Dialog aborted by server
14:13:45
AqHBCI abgeschlossen.
14:13:45
Die Aktion wurde durch den Benutzer abgebrochen.
14:13:45
Vorgang abgeschlossen, Sie können das Fenster nun schließen.


The message "HBCI: 9400 - ..." means that an anonymous dialog will not be supported.
Also I have not been asked to enter my password of the account at any time.

My system:

Code: Select all

$ lsb_release -a
Distributor ID: neon
Description:    KDE neon User Edition 5.18
Release:        18.04

$ uname -r
5.4.22-050422-generic

$ apt list kmymoney libaqbanking*
Auflistung... Fertig
kmymoney/bionic,now 5.0.8-0xneon+18.04+bionic+build25 amd64  [installiert]
libaqbanking-data/bionic,bionic,now 6.0.2-1+18.04+bionic+build7 all  [installiert]
libaqbanking-dev/bionic 6.0.2-1+18.04+bionic+build7 amd64
libaqbanking-doc/bionic,bionic 5.99.33-0+18.04+bionic+build6 all
libaqbanking35/bionic 5.7.8-1 amd64
libaqbanking35-plugins/bionic 5.7.8-1 amd64
libaqbanking43/bionic 5.99.33-0+18.04+bionic+build6 amd64
libaqbanking43-dbgsym/bionic 5.99.33-0+18.04+bionic+build6 amd64
libaqbanking43-plugins/bionic 5.99.33-0+18.04+bionic+build6 amd64
libaqbanking43-plugins-dbgsym/bionic 5.99.33-0+18.04+bionic+build6 amd64
libaqbanking44/bionic,now 6.0.2-1+18.04+bionic+build7 amd64  [Installiert,automatisch]
libaqbanking44-dbgsym/bionic 6.0.2-1+18.04+bionic+build7 amd64


Any hint how to get connected is appreciated.

Thanks a lot
OsZ

It is working (personal experience). So much up-front. Now towards the problem analysis:
In your listing I see

libaqbanking35-plugins/bionic 5.7.8-1 amd64
libaqbanking43-plugins/bionic 5.99.33-0+18.04+bionic+build6 amd64

but no such entry for libaqbanking44-plugins. Maybe that has to do with it (I am not a deb-package expert). If you start KMyMoney in a terminal window, you should see lines like

Loading "/usr/lib64/qt5/plugins/kmymoney/kbanking.so"
"Plugins: kbanking loaded, build with (5.2.0stable-0/6.1.0.0stable), run with (5.2.0.0/6.1.0.0)"

Which versions do you see there? Also, did you follow the instructions on the AqBanking Wiki in case you upgraded from an earlier AqBanking version. They are not relevant if you installed AqBanking and Gwenhywfar from scratch and created new entries for the institutions/users.

Hey ipwizard,
thanks a lot for your prompt feedback. Good to read that in principal it shall be possible...

If you start KMyMoney in a terminal window, you should see lines like

found that one:

Code: Select all

Loading "/usr/lib/x86_64-linux-gnu/qt5/plugins/kmymoney/kbanking.so"
"Plugins: kbanking loaded, build with (5.1.3stable-0/6.0.2.0stable), run with (5.1.3.0/6.0.2.0)"
3:2020/02/29 17-32-24:(null)(25031):banking_update.c:  610: No AqBanking config folder found at [/home/tobias/.aqbanking/settings6/users] (-1)
3:2020/02/29 17-32-24:(null)(25031):banking_update.c:  610: No AqBanking config folder found at [/home/tobias/.aqbanking/settings/users] (-1)
3:2020/02/29 17-32-24:(null)(25031):banking_update.c:  411: There is no old settings folder, need initial setup

They are not relevant if you installed AqBanking and Gwenhywfar from scratch and created new entries for the institutions/users.

Yep - complete new installation of KDE Neon just this week and I would like to build up from scratch for KMyMoney and AqBanking. Tried in console as well to get aqbanking configured as per description of their website. But same issue... After the user setup I checked for bank info and got error again:

Code: Select all

$ aqhbci-tool4 getbankinfo -u 1
5:2020/02/29 17-40-11:aqbanking(29145):siotlsext.c:  236: Status for certificate 34:2F:EE:B0:A9:AF:C3:30:A1:67:F0:9E:5A:DB:A6:F2" has changed to "Zertifikat ist gültig" (00000000->80000000), need to present
4:2020/02/29 17-40-11:gwen(29145):syncio_tls.c:  137: No checkCertFn set, using GWEN_GUI
===== Zertifikat empfangen =====
Das folgende Zertifikat wurde empfangen:
Name         : fints.ing.de
Organisation : ING-DiBa AG
Abteilung    : unbekannt
Staat        : DE
Stadt        : Frankfurt am Main
Bundesland   : Hessen
Gültig ab    : 03.12.2019 14:17:57
Gültig bis   : 14.02.2022 14:47:54
Hash (MD5)   : 34:2F:EE:B0:A9:AF:C3:30:A1:67:F0:9E:5A:DB:A6:F2\n
Hash (SHA1)  : 91:66:2C:0B:18:52:F9:F4:2C:15:DF:1B:40:37:69:0F:38:EA:56:B5\n
Hash (SHA512): 49:85:64:DF:27:45:A6:97:7B:16:3D:D1:E9:0A:59:F9:B1:5A:99:B8:32:70:12:59:DF:3C:C4:20:55:53:E7:69:C4:6B:82:99:49:F7:D4:3A:6E:A7:B2:E2:7E:DD:24:57:47:F6:92:46:D4:1D:1A:D5:51:4F:95:45:3E:6D:05:55\n
Status       : Zertifikat ist gültig
Wollen Sie dieses Zertifikat akzeptieren?
(1) Ja  (2) Nein
Please enter your choice: 1
5:2020/02/29 17-40-14:aqbanking(29145):siotlsext.c:  354: User response to presentation of cert "34:2F:EE:B0:A9:AF:C3:30:A1:67:F0:9E:5A:DB:A6:F2" (Zertifikat ist gültig): 0
3:2020/02/29 17-40-15:gwen(29145):syncio_tls.c: 1483: gnutls_record_recv: -110 (Die TLS-Verbindung wurde nicht richtig beendet.)
3:2020/02/29 17-40-15:gwen(29145):syncio_tls.c: 1497: Detected premature disconnect by server (violates specs!), ignoring.
HBCI: 9800 - Der Dialog wurde abgebrochen. (M)
HBCI: 9400 - Der anonyme Dialog wird nicht unterstützt. (M)
Dialog aborted by server
3:2020/02/29 17-40-15:aqhbci(29145):jobgetbankinfo.c:  132: No HITANS segments found in server response.
3:2020/02/29 17-40-15:aqhbci(29145):provider_online.c:  133: Job has errors
3:2020/02/29 17-40-15:aqhbci-tool(29145):getbankinfo.c:  116: Error -1 [Generic error]
3:2020/02/29 17-40-15:aqhbci-tool(29145):aqhbci-tool.c:  275: Error calling control function (3)

Hope that helps you to help me

Cheers!

Since aqhbci-tool also fails, it seems not to be a KMyMoney problem. Please take a look at this discussion (in German) which might give some more insights to solve your problem.

Thank you very much for the link to that discussion @ aquamaniac.de. I could setup the bank details on the command line now. Interesting enough that within the KMyMoney GUI this was not possible. Cheers!

Well, that is surprising that you were not able to do it within KMyMoney. KMyMoney at this point simply displays and uses the parts that come with AqBanking and has no additional logic if it comes to installing the user access to the bank. It could well be, that there is a difference between the AqBanking GUI and command line tools.

Can you provide us the (anonymized) command line options that you have used? Having a (working) Ing account myself I am eager to remove it and install it afresh but want to profit from your experience.

Can you provide us the (anonymized) command line options that you have used?

Code: Select all

$ aqhbci-tool4 adduser -t pintan --context=1 -b BLZ -u KtNr -s "https://fints.ing.de/fints" -N "my Name" --hbciversion=300
$ aqhbci-tool4 listusers
$ aqhbci-tool4 getbankinfo -u 1
...
HBCI: 9800 - Der Dialog wurde abgebrochen. (M)
HBCI: 9400 - Der anonyme Dialog wird nicht unterstützt. (M)

Code: Select all

$ aqhbci-tool4 adduserflags -u 1 -f noBase64   
$ aqhbci-tool4 getbankinfo -u 1

5:2020/03/01 10-30-15:aqbanking(8063):siotlsext.c:  229: Found matching certificate "34:2F:EE:B0:A9:AF:C3:30:A1:67:F0:9E:5A:DB:A6:F2" with same status
5:2020/03/01 10-30-15:aqbanking(8063):siotlsext.c:  250: Automatically accepting certificate [34:2F:EE:B0:A9:AF:C3:30:A1:67:F0:9E:5A:DB:A6:F2]
HBCI: 9800 - Der Dialog wurde abgebrochen. (M)
HBCI: 9400 - Der anonyme Dialog wird nicht unterstützt. (M)
Dialog aborted by server
3:2020/03/01 10-30-15:aqhbci(8063):jobgetbankinfo.c:  132: No HITANS segments found in server response.
3:2020/03/01 10-30-15:aqhbci(8063):provider_online.c:  133: Job has errors
3:2020/03/01 10-30-15:aqhbci-tool(8063):getbankinfo.c:  116: Error -1 [Generic error]
3:2020/03/01 10-30-15:aqhbci-tool(8063):aqhbci-tool.c:  275: Error calling control function (3)


Code: Select all

$ aqhbci-tool4 getsysid -u 1

5:2020/03/01 10-30-39:aqbanking(8274):siotlsext.c:  229: Found matching certificate "34:2F:EE:B0:A9:AF:C3:30:A1:67:F0:9E:5A:DB:A6:F2" with same status
5:2020/03/01 10-30-39:aqbanking(8274):siotlsext.c:  250: Automatically accepting certificate [34:2F:EE:B0:A9:AF:C3:30:A1:67:F0:9E:5A:DB:A6:F2]
Got certificate
Job:
Name          : JobSync
Code          : (empty)
SegVer        : 1
FirstSegment  : 0
LasttSegment  : 0
ChallengeClass: 0
MinSigs       : 1
SecProfile    : 0
SecClass      : 0
JobsPerMsg    : 0
Status        : unknown (0)
Msgnum        : 0
DialogId      : (null)
Owner         : XXXKtNrXXX
MaxTransfers  : 0
TransferCount : 0
SupportedCmd  : none
Flags: 027ba000 ( NOITAN NOSYSID NEEDCRYPT NEEDSIGN SINGLE DLGJOB CRYPT SIGN HASMOREMSGS )
Response Data:
Group : "jobResponses"
===== PIN-Eingabe =====
Bitte geben Sie die PIN für
Benutzer XXXKtNrXXX bei ING-DiBa
ein.
Input: **********
5:2020/03/01 10-31-19:aqbanking(8274):siotlsext.c:  229: Found matching certificate "34:2F:EE:B0:A9:AF:C3:30:A1:67:F0:9E:5A:DB:A6:F2" with same status
5:2020/03/01 10-31-19:aqbanking(8274):siotlsext.c:  250: Automatically accepting certificate [34:2F:EE:B0:A9:AF:C3:30:A1:67:F0:9E:5A:DB:A6:F2]
HBCI: 3060 - Teilweise liegen Warnungen/Hinweise vor. (M)
HBCI: 3050 - BPD nicht mehr aktuell. Aktuelle Version folgt. (S)
HBCI: 3920 - Zugelassene Ein- und Zwei-Schritt-Verfahren für den Benutzer (S)
5:2020/03/01 10-31-20:aqbanking(8274):siotlsext.c:  229: Found matching certificate "34:2F:EE:B0:A9:AF:C3:30:A1:67:F0:9E:5A:DB:A6:F2" with same status
5:2020/03/01 10-31-20:aqbanking(8274):siotlsext.c:  250: Automatically accepting certificate [34:2F:EE:B0:A9:AF:C3:30:A1:67:F0:9E:5A:DB:A6:F2]

Code: Select all

$ aqhbci-tool4 listitanmodes -u 1
TAN Methods
- 1900 (F900/V1/P2): iTAN (iTAN) [available]
$ aqhbci-tool4 setitanmode -u 1 -m 1900


So it still gives the same warnings but it is possible to continue and set up at CLI where the GUI doesn't let me continue.
I could load all bank accounts transactions and status within KMyMoney so it looks like working okay.

One more question as you have an ING account too: Is it possible to get mTAN working ? Only TAN Method I got shown was the iTAN.

Cheers!

OsZ wrote:One more question as you have an ING account too: Is it possible to get mTAN working ? Only TAN Method I got shown was the iTAN.

Cheers!

The answer to your question can be found on their web site. The important part there is

Wichtig für FinTS/HBCI Nutzer: Girokonto Überweisungen können Sie seit September nicht mehr mit Ihrer aktuellen Software über die FinTS/HBCI-Schnittstelle ausführen. Daran wird sich auch zukünftig nichts ändern. Über die FinTS/HBCI-Schnittstelle sehen Sie in Ihrer Finanzsoftware aber weiterhin Ihren Kontostand und die Umsätze Ihres Girokontos. Ihre Transaktionen machen Sie bitte direkt in unserem Internetbanking.

Über die PSD2 Schnittstelle funktionieren Girokonto Transaktionen allerdings weiterhin. Wenn Ihr Softwareanbieter diese Schnittstelle zukünftig unterstützt, können Sie die Kontoführung wieder per Finanzsoftware erledigen. Ob das der Fall ist, erfragen Sie bitte direkt bei dem Anbieter.

Das Extra-Konto und Depot können Sie weiterhin über die HBCI-Schnittstelle erreichen.

To summarize: they simply do not provide the required 2FA on their HBCI and simply turned off all the features that allow to transfer money. Only transaction download is still possible using HBCI/FinTS.

And before you ask: No, there will be no PSD2 Interface within KMyMoney/AqBanking. If you want to know a bit more about the reasons, I highly recommend to watch this talk (in German) held at 36C3 last December. The abstract of the talk is also available.

Thank you so much for your efforts !!!
Cheers.

If you want to know a bit more about the reasons, I highly recommend to watch this talk (in German) held at 36C3 last December.

I now listened 2 times about this and just can say "WTF!" Understandable PSD2 won't be implemented. Good to know about....
Keep up what you are doing and let's hope the EU parliament will not decide for another stupid regulation.

Cheers!

Hi,

I think I can just continue this thread. I followed the above instructions, did all the things suggested in message #10 on https://www.aquamaniac.de/rdm/issues/134, which all worked fine, but when I try to get the account details (refresh account or so), KMyMoney it just tells me that no new transactions were imported. The accounts are blank, all at 0.00 €.
I'm not sure what to do in order to get previous transactions loaded...

You can try the following:

1. Open the ledger for the IngDiba account in KMyMoney
2. Select "Account/Edit account..." from the menu
3. Select the "Online settings" tab
4. Select the "Download" tab
5. Make sure the download is activated
6. Select "First possible" or "Ask user" from the combo box. Could be, that you need to supply a TAN when asking for a longer period of time.
7. Press OK
8. Retry the download
9. Switch above setting to "Last download" which is sufficient for the next round

Thanks for the reply! I tried it, but no success. There is no question asked, and "First possible" doesn't yield any result, either. Maybe I need to do the download of transactions differently, I usually use the "accounts/update all accounts" item (or maybe it's different in English, I translate from German (Alle Konten aktualisieren...). Hitting that brings immediately the message "no new transactions were imported".
Before this, I had the problem as described initially in this thread, and did all the things suggested in https://www.aquamaniac.de/rdm/issues/134, after which I had two user accounts. I removed the one from aqbanking which I didn't set up via the CLI. Maybe that's the root of the problem?

That could well be Did you already try to unmap and remap the account? If KMyMoney immediately presents the result page without asking for your PIN(s) something is wrong in the mapping. Assuming you're on a Linux system, you could start KMyMoney from a terminal command line and see what it prints on the screen when you're doing the update. Unmap/Map should not lose any data.

ipwizard wrote:That could well be Did you already try to unmap and remap the account?

How would I do that?

ipwizard wrote: If KMyMoney immediately presents the result page without asking for your PIN(s) something is wrong in the mapping. Assuming you're on a Linux system, you could start KMyMoney from a terminal command line and see what it prints on the screen when you're doing the update. Unmap/Map should not lose any data.

Just trying to update the account doesn't show anything in the terminal. But probably you mean I shoud unmap/map the account. So how would I do that?

Thanks for staying with me!