Electronic identification
An electronic identification ("eID") is an electronic identification solution of citizens or organizations, for example in view to access benefits or services provided by government authorities, banks or other companies. Apart from online authentication many eICs also give users the option to sign electronic documents with a digital signature.
Contents
Installation
All types of electronic identification require installing the ccid package. After installation, enable, and start pcscd.socket
.
In addition, ACS smart cards also require the acsccid package.
pcsc-tools contains pcsc_scan
program that can be used to check smart card detection Smartcards#Scan_for_card_reader
Setup per country
Belgium
Install the eid-mwAUR package. Before installation, import the (continuous build) keys from [1]. See makepkg#Signature checking.
There is no plugin for Chrome, but there is one for Firefox. Add the Firefox plugin to your browser. In recent versions, you'll need to manually add the eID module to the Firefox security devices configuration. Your module path might be different than the one in the guide. List the different devices by doing:
# p11tool --list-tokens
Here you'll see the module, which might be beidpkcs11.so. Now to find the full path you do:
# find /usr/lib -name beidpkcs11.so
You should now be able to use your eID reader in Firefox. Try it out using the test page.
You may find hints for troubleshooting in the official documentation but keep in mind that Arch Linux is not officially supported.
Estonia
DigiDoc
Once ccid is installed and pcscd.socket
is started, install qdigidoc4AUR. One of the dependency xml-security-cAUR is verified with a signature that you have to import to your GnuPG keyring. Alternatively, the older version of this software (DigiDoc3) is also available with the packages qdigidocAUR and qesteidutilAUR.
DigiDoc4 has an optional GNOME/Files right click menu integration. Install python2-nautilusAUR and restart Gnome Files using the command pkill nautilus.
Chromium
After installing chrome-token-signingAUR, enable the PIN 1 authentication in Google Chrome and Chromium by running the following command (taken from the | open-eid repo).
modutil -dbdir sql:$HOME/.pki/nssdb -add opensc-pkcs11 -libfile onepin-opensc-pkcs11.so -mechanisms FRIENDLY
Firefox
To enable PIN 1 authentication in Firefox you should install esteidpkcs11loaderAUR and chrome-token-signingAUR. After restarting the browser make sure that "Firefox PKCS11 loader" extension is enabled. You can also follow manual instructions at Smartcards#Mozilla Firefox.
For firefox-esr52AUR and other other Firefox forks you can use esteidfirefoxpluginAUR.
Sweden
BankID is the leading electronic identification in Sweden.