Electronic identification

From ArchWiki
Revision as of 12:41, 19 January 2019 by Arti (talk | contribs) (→‎DigiDoc: Add link for how to start and enable pcscd with systemd)
Jump to navigation Jump to search

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements. See Help:Style for reference.Tango-edit-clear.png

Reason: Some duplication with Smartcards (Discuss in Talk:Electronic identification#)

An electronic identification ("eID") is an electronic identification solution of citizens or organizations, for example in view to access benefits or services provided by government authorities, banks or other companies. Apart from online authentication many eICs also give users the option to sign electronic documents with a digital signature.


Install the ccid package. ACS smart card also require the acsccid package. After installation, enable pcscd.socket.



Install the eid-mwAUR package. Before installation, import the (continuous build) keys from [1]. See makepkg#Signature checking.

There is no plugin for Chrome, but there is one for Firefox. Add the Firefox plugin to your browser. In recent versions, you'll need to manually add the eID module to the Firefox security devices configuration. Your module path might be different than the one in the guide. List the different devices by doing:

# p11tool --list-tokens

Here you'll see the module, which might be beidpkcs11.so. Now to find the full path you do:

# find /usr/lib -name beidpkcs11.so

You should now be able to use your eID reader in Firefox. Try it out using the test page.

You may find hints for troubleshooting in the official documentation but keep in mind that Arch Linux is not officially supported.




Install chrome-token-signingAUR and qdigidoc4AUR packages, with dependencies on libdigidocppAUR. DigiDoc4 contains merged features of older DigiDoc3 and ID-Card Utility. It can be started from your graphical desktop menu by searching for DigiDoc4 Client or from commandline with qdigidoc4.

Once DigiDoc is installed, it is necessary to enable and start pcscd service. Systemd#Basic_systemctl_usage shows how.

DigiDoc4 has GNOME/Files right click menu integration. Install python2-nautilusAUR and restart Gnome Files using command pkill nautilus.

In case of bugs in DigiDoc4 you can install the older DigiDoc3 and ID-Card Utility programs using AUR packages qdigidocAUR and qesteidutilAUR.

chrome-token-signingAUR contains Native Messaging host for Google Chrome/Chromium and Firefox and it is the modern way of doing digital signatures on the web. This package also contains "Token signing" extension counterpart for both browsers.


To enable PIN 1 authentication in Google Chrome and Chromium you should run esteid-update-nssdb script. Or you can run this command that does pretty much the same thing with less error checking.

 modutil -dbdir sql:$HOME/.pki/nssdb -add onepin-opensc-pkcs11 -libfile onepin-opensc-pkcs11.so -mechanisms FRIENDLY

chrome-token-signingAUR contains "Token signing" extension that needs to be enabled for document signing in Chromium.


To enable PIN 1 authentication in Firefox 58+ you should install esteidpkcs11loaderAUR and after restarting the browser make sure that "Firefox PKCS11 loader" extension is enabled. You can also follow manual instructions at Smartcards#Mozilla Firefox. For firefox-esr52AUR and other other Firefox forks you can use esteidfirefoxpluginAUR.

chrome-token-signingAUR contains "Token signing" extension that needs to be enabled for document signing in Firefox 58+.


BankID is the leading electronic identification in Sweden.