Difference between revisions of "Estonian ID-card"

From ArchWiki
Jump to: navigation, search
(Add category. Need style fix.)
(Added text about chrome-token-signing package)
 
(8 intermediate revisions by 6 users not shown)
Line 1: Line 1:
[[Category:Security]]
+
[[Category:Other hardware]]
{{Poor writing|AUR and pacman installation style. See [[Help:Style]].}}
+
{{Move|eID card|Shared instructions amongst different eID cards (card readers, pcsc), different mostly in middleware and browser plugins. Merge with [[Belgian eID card reader]].}}
Packages to enable Estonian ID-card support are available from AUR ([[Arch User Repository]]) and can be installed via [[yaourt]]. This article explains how to install the official software versions by AS Sertifitseerimiskeskus.
+
Packages to enable Estonian ID-card support are available from the [[Arch User Repository]]. This article explains how to install the official software versions by AS Sertifitseerimiskeskus.
  
 
== Quick install ==
 
== Quick install ==
  
Long story short: install [[yaourt]], then run as root:
+
1. Install {{Pkg|pcsclite}} from the [[official repositories]] and {{AUR|chrome-token-signing}}, {{AUR|qdigidoc}} and {{AUR|qesteidutil}} from the [[AUR]].
  
  yaourt -S esteidfirefoxplugin qdigidoc qesteidutil pcsclite
+
2. Enable {{ic|pcscd.socket}} [[systemd#Using units|using systemd]].
  systemctl enable pcscd.socket
 
  
The old packages (starting with <tt>sk-</tt> or ending with <tt>-svn</tt>) are unsupported and no longer recommended.
+
{{AUR|chrome-token-signing}} package contains [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Native_messaging Native Messaging] host for Google Chrome/Chromium and Firefox and it is the modern way of doing authentication and digital signatures on the web.
 +
 
 +
For Google Chrome and Chromium you also will probably want to run [https://github.com/open-eid/linux-installer/blob/master/esteid-update-nssdb esteid-update-nssdb] script that enables TLS client authentication the the browser.
  
 
== Browser plugin (web authentication & digital signatures) ==
 
== Browser plugin (web authentication & digital signatures) ==
  
The browser plugin AUR package is called {{AUR|esteidfirefoxplugin}}, which also requires dependencies {{AUR|esteidpkcs11loader}}, {{AUR|esteidcerts}} and currently a downgraded version of opensc, {{AUR|opensc012}}.
+
The browser plugin AUR package is called {{AUR|esteidfirefoxplugin}}, which also requires dependencies {{AUR|esteidpkcs11loader}} and {{AUR|esteidcerts}}{{Broken package link|{{aur-mirror|esteidcerts}}}}.
 
 
It also requires you to run the PCSC daemon, which is included in official repositories.
 
 
 
pacman -S pcsclite
 
 
 
If you're running systemd, you can make it auto-start on demand with the following command:
 
 
 
systemctl enable pcscd.socket
 
  
If you are still using old SysV init, you have to add pcscd to the DAEMONS array in /etc/rc.conf:
+
It also requires you to run the PCSC daemon, which can be installed with {{Pkg|pcsclite}} from the [[official repositories]].
  
DAEMONS=(... @pcscd)
+
Make it auto-start on demand by enabling {{ic|pcscd.socket}} [[systemd#Using units|using systemd]].
  
 
Don't forget to restart Firefox after finishing.
 
Don't forget to restart Firefox after finishing.
Line 32: Line 25:
 
== ID-card and Digidoc utilities ==
 
== ID-card and Digidoc utilities ==
  
The ID-card utility packages are {{AUR|qesteidutil}} and {{AUR|qdigidoc}}, with dependencies {{AUR|esteidcerts}}, {{AUR|libdigidoc}} and {{AUR|libdigidocpp}}.
+
The ID-card utility packages are {{AUR|qesteidutil}} and {{AUR|qdigidoc}}, with dependencies {{AUR|esteidcerts}}{{Broken package link|{{aur-mirror|esteidcerts}}}}, {{AUR|libdigidoc}} and {{AUR|libdigidocpp}}.
  
 
These applications will automatically appear in your application menus. You can also start from command line with <tt>qdigidocclient</tt> and <tt>qesteidutil</tt>.
 
These applications will automatically appear in your application menus. You can also start from command line with <tt>qdigidocclient</tt> and <tt>qesteidutil</tt>.

Latest revision as of 14:44, 24 March 2017

Tango-go-next.pngThis article or section is a candidate for moving to eID card.Tango-go-next.png

Notes: Shared instructions amongst different eID cards (card readers, pcsc), different mostly in middleware and browser plugins. Merge with Belgian eID card reader. (Discuss in Talk:Estonian ID-card#)

Packages to enable Estonian ID-card support are available from the Arch User Repository. This article explains how to install the official software versions by AS Sertifitseerimiskeskus.

Quick install

1. Install pcsclite from the official repositories and chrome-token-signingAUR, qdigidocAUR and qesteidutilAUR from the AUR.

2. Enable pcscd.socket using systemd.

chrome-token-signingAUR package contains Native Messaging host for Google Chrome/Chromium and Firefox and it is the modern way of doing authentication and digital signatures on the web.

For Google Chrome and Chromium you also will probably want to run esteid-update-nssdb script that enables TLS client authentication the the browser.

Browser plugin (web authentication & digital signatures)

The browser plugin AUR package is called esteidfirefoxpluginAUR, which also requires dependencies esteidpkcs11loaderAUR and esteidcertsAUR[broken link: archived in aur-mirror].

It also requires you to run the PCSC daemon, which can be installed with pcsclite from the official repositories.

Make it auto-start on demand by enabling pcscd.socket using systemd.

Don't forget to restart Firefox after finishing.

ID-card and Digidoc utilities

The ID-card utility packages are qesteidutilAUR and qdigidocAUR, with dependencies esteidcertsAUR[broken link: archived in aur-mirror], libdigidocAUR and libdigidocppAUR.

These applications will automatically appear in your application menus. You can also start from command line with qdigidocclient and qesteidutil.