Difference between revisions of "Estonian ID-card"

From ArchWiki
Jump to: navigation, search
m (style)
(Web authentication & digital signatures: added fix for a Firefox browser which is the only way I made web authentication working.)
 
(9 intermediate revisions by 6 users not shown)
Line 1: Line 1:
[[Category:Security]]
+
[[Category:Other hardware]]
 +
{{Move|eID card|Shared instructions amongst different eID cards (card readers, pcsc), different mostly in middleware and browser plugins. Merge with [[Belgian eID card reader]].}}
 
Packages to enable Estonian ID-card support are available from the [[Arch User Repository]]. This article explains how to install the official software versions by AS Sertifitseerimiskeskus.
 
Packages to enable Estonian ID-card support are available from the [[Arch User Repository]]. This article explains how to install the official software versions by AS Sertifitseerimiskeskus.
  
 
== Quick install ==
 
== Quick install ==
  
Install {{Pkg|pcsclite}} from the [[official repositories]] and {{AUR|esteidfirefoxplugin}}, {{AUR|qdigidoc}} and {{AUR|qesteidutil}} from the [[AUR]].
+
1. Install {{Pkg|pcsclite}} from the [[official repositories]] and {{AUR|chrome-token-signing}}, {{AUR|qdigidoc}} and {{AUR|qesteidutil}} from the [[AUR]].
  
Enable {{ic|pcscd.socket}} [[systemd#Using units|using systemd]].
+
2. Enable {{ic|pcscd.socket}} [[systemd#Using units|using systemd]].
  
== Browser plugin (web authentication & digital signatures) ==
+
== Web authentication & digital signatures ==
  
The browser plugin AUR package is called {{AUR|esteidfirefoxplugin}}, which also requires dependencies {{AUR|esteidpkcs11loader}}, {{AUR|esteidcerts}} and currently a downgraded version of opensc, {{AUR|opensc012}}.
+
{{AUR|chrome-token-signing}} package contains [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Native_messaging Native Messaging] host for Google Chrome/Chromium and Firefox and it is the modern way of doing authentication and digital signatures on the web.
  
It also requires you to run the PCSC daemon, which can be installed with {{Pkg|pcsclite}} from the [[official repositories]].
+
For Google Chrome and Chromium you also will probably want to run [https://github.com/open-eid/linux-installer/blob/master/esteid-update-nssdb esteid-update-nssdb] script that enables TLS client authentication in the browser.
  
Make it auto-start on demand by enabling {{ic|pcscd.socket}} [[systemd#Using units|using systemd]].
+
If you still can't login from Firefox with your ID-card you should install {{AUR|esteidfirefoxplugin}}.
 
 
Don't forget to restart Firefox after finishing.
 
  
 
== ID-card and Digidoc utilities ==
 
== ID-card and Digidoc utilities ==
  
The ID-card utility packages are {{AUR|qesteidutil}} and {{AUR|qdigidoc}}, with dependencies {{AUR|esteidcerts}}, {{AUR|libdigidoc}} and {{AUR|libdigidocpp}}.
+
The ID-card utility packages are {{AUR|qesteidutil}} and {{AUR|qdigidoc}}, with dependencies {{AUR|libdigidoc}} and {{AUR|libdigidocpp}}.
  
 
These applications will automatically appear in your application menus. You can also start from command line with <tt>qdigidocclient</tt> and <tt>qesteidutil</tt>.
 
These applications will automatically appear in your application menus. You can also start from command line with <tt>qdigidocclient</tt> and <tt>qesteidutil</tt>.

Latest revision as of 21:06, 31 March 2017

Tango-go-next.pngThis article or section is a candidate for moving to eID card.Tango-go-next.png

Notes: Shared instructions amongst different eID cards (card readers, pcsc), different mostly in middleware and browser plugins. Merge with Belgian eID card reader. (Discuss in Talk:Estonian ID-card#)

Packages to enable Estonian ID-card support are available from the Arch User Repository. This article explains how to install the official software versions by AS Sertifitseerimiskeskus.

Quick install

1. Install pcsclite from the official repositories and chrome-token-signingAUR, qdigidocAUR and qesteidutilAUR from the AUR.

2. Enable pcscd.socket using systemd.

Web authentication & digital signatures

chrome-token-signingAUR package contains Native Messaging host for Google Chrome/Chromium and Firefox and it is the modern way of doing authentication and digital signatures on the web.

For Google Chrome and Chromium you also will probably want to run esteid-update-nssdb script that enables TLS client authentication in the browser.

If you still can't login from Firefox with your ID-card you should install esteidfirefoxpluginAUR.

ID-card and Digidoc utilities

The ID-card utility packages are qesteidutilAUR and qdigidocAUR, with dependencies libdigidocAUR and libdigidocppAUR.

These applications will automatically appear in your application menus. You can also start from command line with qdigidocclient and qesteidutil.