2019-07-29
This note shows how to install the Estonian Electronic Identity Software on Debian 10 “Buster”.
Update 20191023: Although not officially supported, RIA decided to modify their software in a way that it also runs on Debian 10 Buster. The following is not needed any more as the installer script is working now out of the box.
ID-software allows you to use your ID-card electronically – use private and governmental e-services, digitally sign documents and encrypt documents for safe transfer. During ID-software installation 3 programs are installed into your computer: ID-card utility, DigiDoc4 client and DigiDoc4 crypto. With ID-card utility you can check the functioning of your ID-card and certificate validity, change PIN and PUK codes. The ID-card utility window displays the ID-card owner’s data and ID-card validity data. This information is constantly visible when ID-card utility is running. ID-card utility enables you to perform actions with certificates (extend them, change and unblock PIN codes and PUK code), configure @eesti.ee email address.
The following targets Debian 10 only. For completeness see also the official Ubuntu instructions.
Download the installer script install-open-eid.sh.
The installer script is hosted on linux-installer/install-open-eid.sh at master · open-eid/linux-installer · GitHub 1
wget https://raw.githubusercontent.com/open-eid/linux-installer/master/install-open-eid.shModify installer script
Search for:
# Debian lacks https support for apt, by default
sudo apt-get install apt-transport-https
case $codename inReplace with:
# Debian lacks https support for apt, by default
sudo apt-get install apt-transport-https
case $codename in
wheezy)
add_repository trusty
;;
stretch)
add_repository xenial
;;
buster)
add_repository cosmic
;;Disable Chrome support.2
Search for:
make_install open-eid chrome-token-signing-policy Replace with:
#make_install open-eid chrome-token-signing-policySearch for:
/usr/bin/esteid-update-nssdbReplace with:
#/usr/bin/esteid-update-nssdbGrant execution permissions:
chmod 775 install-open-eid.shExecute installer script:
./install-open-eid.shAt the time of writing this note the awp-package is broken. Use the following workaround3:
sudo apt update
sudo apt install awpThe above command will finish with an error message.
sudo /var/lib/dpkg/info/awp.postinst
sudo rm /var/lib/dpkg/info/awp.postinst
# Just in case:
sudo dpkg --configure awp
sudo apt-get install -yfOnce the broken awp is installed successfully, the remaining packages can be installed.
sudo apt install open-eidThe open-eid meta-package will install the following packages: awp, chrome-token-signing, firefox-pkcs11-loader, libdigidoc-tools, libdigidocpp-tools, libnss3-tools, qdigidoc-tera and qdigidoc4.
Make sure the smart card service is in status “active”:
sudo service pcscd status Check success:
Jul 15 04:56:56 myhost systemd[1]: pcscd.service: Succeeded.If necessary start it with:
sudo service pcscd startDigidoc4
Insert ID card in card-reader.
Launch Digidoc4 application
qdigidoc4Check: in the first line your name should appear and next to your “Isikukood” the text “ID-card in card reader” is displayed.
Firefox plugin
Close all Firefox instances and start Firefox again.
To check if the Digidoc Open-EID extensions are properly installed in Firefox Quantum, open in the main menu: Tools->Add-ons->extensions.
Here you should see two extensions loaded:
Now you should be able to connect to your bank using your ID-card.
I tested this version: linux-installer/install-open-eid.sh at b2faf5c8997358c3da28b3fdfce950d21bc6417a · open-eid/linux-installer · GitHub↩
At the time of writing, the packet chrome-token-signing-policy was not yet available. Skip this when it becomes available.↩
A reader reported you can simply install the package with sudo apt install awp instead.↩