Difference between revisions of "Estonian ID-card"

From ArchWiki
Jump to: navigation, search
(Add category. Need style fix.)
(Web authentication & digital signatures: added fix for a Firefox browser which is the only way I made web authentication working.)
 
(10 intermediate revisions by 7 users not shown)
Line 1: Line 1:
[[Category:Security]]
+
[[Category:Other hardware]]
{{Poor writing|AUR and pacman installation style. See [[Help:Style]].}}
+
{{Move|eID card|Shared instructions amongst different eID cards (card readers, pcsc), different mostly in middleware and browser plugins. Merge with [[Belgian eID card reader]].}}
Packages to enable Estonian ID-card support are available from AUR ([[Arch User Repository]]) and can be installed via [[yaourt]]. This article explains how to install the official software versions by AS Sertifitseerimiskeskus.
+
Packages to enable Estonian ID-card support are available from the [[Arch User Repository]]. This article explains how to install the official software versions by AS Sertifitseerimiskeskus.
  
 
== Quick install ==
 
== Quick install ==
  
Long story short: install [[yaourt]], then run as root:
+
1. Install {{Pkg|pcsclite}} from the [[official repositories]] and {{AUR|chrome-token-signing}}, {{AUR|qdigidoc}} and {{AUR|qesteidutil}} from the [[AUR]].
  
  yaourt -S esteidfirefoxplugin qdigidoc qesteidutil pcsclite
+
2. Enable {{ic|pcscd.socket}} [[systemd#Using units|using systemd]].
  systemctl enable pcscd.socket
 
  
The old packages (starting with <tt>sk-</tt> or ending with <tt>-svn</tt>) are unsupported and no longer recommended.
+
== Web authentication & digital signatures ==
  
== Browser plugin (web authentication & digital signatures) ==
+
{{AUR|chrome-token-signing}} package contains [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Native_messaging Native Messaging] host for Google Chrome/Chromium and Firefox and it is the modern way of doing authentication and digital signatures on the web.
  
The browser plugin AUR package is called {{AUR|esteidfirefoxplugin}}, which also requires dependencies {{AUR|esteidpkcs11loader}}, {{AUR|esteidcerts}} and currently a downgraded version of opensc, {{AUR|opensc012}}.
+
For Google Chrome and Chromium you also will probably want to run [https://github.com/open-eid/linux-installer/blob/master/esteid-update-nssdb esteid-update-nssdb] script that enables TLS client authentication in the browser.
  
It also requires you to run the PCSC daemon, which is included in official repositories.
+
If you still can't login from Firefox with your ID-card you should install {{AUR|esteidfirefoxplugin}}.
 
 
pacman -S pcsclite
 
 
 
If you're running systemd, you can make it auto-start on demand with the following command:
 
 
 
systemctl enable pcscd.socket
 
 
 
If you are still using old SysV init, you have to add pcscd to the DAEMONS array in /etc/rc.conf:
 
 
 
DAEMONS=(... @pcscd)
 
 
 
Don't forget to restart Firefox after finishing.
 
  
 
== ID-card and Digidoc utilities ==
 
== ID-card and Digidoc utilities ==
  
The ID-card utility packages are {{AUR|qesteidutil}} and {{AUR|qdigidoc}}, with dependencies {{AUR|esteidcerts}}, {{AUR|libdigidoc}} and {{AUR|libdigidocpp}}.
+
The ID-card utility packages are {{AUR|qesteidutil}} and {{AUR|qdigidoc}}, with dependencies {{AUR|libdigidoc}} and {{AUR|libdigidocpp}}.
  
 
These applications will automatically appear in your application menus. You can also start from command line with <tt>qdigidocclient</tt> and <tt>qesteidutil</tt>.
 
These applications will automatically appear in your application menus. You can also start from command line with <tt>qdigidocclient</tt> and <tt>qesteidutil</tt>.

Latest revision as of 21:06, 31 March 2017

Tango-go-next.pngThis article or section is a candidate for moving to eID card.Tango-go-next.png

Notes: Shared instructions amongst different eID cards (card readers, pcsc), different mostly in middleware and browser plugins. Merge with Belgian eID card reader. (Discuss in Talk:Estonian ID-card#)

Packages to enable Estonian ID-card support are available from the Arch User Repository. This article explains how to install the official software versions by AS Sertifitseerimiskeskus.

Quick install

1. Install pcsclite from the official repositories and chrome-token-signingAUR, qdigidocAUR and qesteidutilAUR from the AUR.

2. Enable pcscd.socket using systemd.

Web authentication & digital signatures

chrome-token-signingAUR package contains Native Messaging host for Google Chrome/Chromium and Firefox and it is the modern way of doing authentication and digital signatures on the web.

For Google Chrome and Chromium you also will probably want to run esteid-update-nssdb script that enables TLS client authentication in the browser.

If you still can't login from Firefox with your ID-card you should install esteidfirefoxpluginAUR.

ID-card and Digidoc utilities

The ID-card utility packages are qesteidutilAUR and qdigidocAUR, with dependencies libdigidocAUR and libdigidocppAUR.

These applications will automatically appear in your application menus. You can also start from command line with qdigidocclient and qesteidutil.