3

So I need to install the latest ID Card reading software to use my Estonian ID card.

FTP for it is at http://ftp.id.eesti.ee/pub/id/signed_repository/ubuntu/

Problem is that I have no idea how I am supposed to install it from there. All the files are scattered around in folders and I cannot add that address to software sources too as it just wont allow it.

How can I install this software?

LiveWireBT
  • 28,763
inimene
  • 2,106
  • Where did you find the link to the files? What is the official website of the ID card-reading software that you wish to install? It looks as though you have found a package repository, for which there is a specific, and easy, way to install. Some more information will help us to give you the precise steps. – Paddy Landau Jan 21 '13 at 16:44
  • The official page is here:https://installer.id.ee/?lang=eng – inimene Jan 21 '13 at 17:02
  • And their guide on how to install it is in here : http://id.ee/index.php?id=34305 Now the link that I first gave you is what their administrator gave me. He just told me to go to that link if I want to install the latest version 3.7 of it. – inimene Jan 21 '13 at 17:04
  • Worth mentioning tough that the versions they have on their official home-page are 3.6 which will not work with Ubuntu 12.10. So the version on that FTP link is the latest and will work. – inimene Jan 21 '13 at 17:05
  • I belive there is a specific command I need to use now but I have no idea really what it is and how to use it properly. – inimene Jan 21 '13 at 21:16

2 Answers2

3

These instructions are for 12.04 and 12.10. As you have 12.10, the best option is to get the developers to add a PPA for 12.10; but in the short term, I have included a workaround here.

  1. Go to the guide page that you indicated.
  2. Download the installation script for Ubuntu. (If you just click the link, you may get a text file in your browser, which is no good. Rather right-click the link and select Save Link As…)
  3. For 12.10 only, do these additional steps:
    • Edit the file that you downloaded. The easiest way is to open Text Editor and open the downloaded install-esteid-ubuntu.sh from there.
    • Line 5 starts with OPSYS=.
    • Underneath line 5, add the following line:
      OPSYS=precise
    • Save the file and close the text editor.
  4. Open a Terminal by pressing Ctrl+Alt+T.
  5. Change to the folder where you saved the file; for example, cd Downloads.

Enter the following commands into the terminal (i.e. type the first command, press Enter, then type the second command, press Enter. You can use the mouse to cut-and-paste the commands to save typing errors). The second command will prompt for your password.

chmod +x install-esteid-ubuntu.sh
sudo ./install-esteid-ubuntu.sh

When prompted, Do you want to continue [Y/n]?, type y and press Enter.

Once the script has finished running, press Ctrl+D to close the window. The application is installed, and you will find it in your menu.

Paddy Landau
  • 4,548
  • I am using 12.10 so I sadly am not able to use that script. It would be a lot easier with 12.04 ... Should I edit something inside of the script for it to fetch files from the ID software version 3.7 link instead? – inimene Jan 22 '13 at 21:36
  • I am not at my computer right now, but tomorrow I shall tell you exactly what to do. – Paddy Landau Jan 22 '13 at 22:16
  • 1
    I have added the instructions for 12.10 into the steps. I hope that helps. – Paddy Landau Jan 23 '13 at 13:35
  • @PaddyLandau 12.10 is not pricese, but quantal. Is the addition underneath line 5 correct? – user68186 Jan 23 '13 at 14:09
  • @user68186 - Yes, the addition is correct. (BTW, be careful with the spelling.) The company has not created a Quantal version, so this is telling the package manager to retrieve the information from Precise instead. This is a workaround until the company does create a Quantal version. – Paddy Landau Jan 23 '13 at 17:49
  • Hey, so I used quantal instead of precise on that line because of user68186' comment. And now I see your's heh! But anyway, it worked! Installed the software like a charm plus it works and I can atlast access my bank with an ID card. Many thanks to you, Paddy Landau! – inimene Jan 24 '13 at 07:06
  • Pleasure, Kaspar. – Paddy Landau Jan 24 '13 at 10:31
  • Hi! Time has passed and the Ubuntu on this machine is 13.10 now. I changed the script from precise to raring. https://installer.id.ee/media/ubuntu/dists/ shows that there is soft for raring also. But when I run it it tells me that I allready have the latest ID software. Then again when I try to log into a bank, the browsers are unable to use my ID software anymore. (Opening the Qt panel of this ID software works and it recognizes my ID card also) How am I to proceed? – inimene Dec 08 '13 at 12:03
  • Update: Removed the previous software and now when I try to install it again like you showed before, it gives some dependency errors. estonianidcard : Depends: qdigidoc but it is not going to be installed Depends: qesteidutil but it is not going to be installed – inimene Dec 08 '13 at 14:37
  • 1
    Kaspar, have you contacted the developers to ask about support? You must do that, because otherwise problems will continue to worsen. In the meantime, you can try to install qdigidoc as follows. Open a terminal and enter, one line at a time in this order: (1) sudo apt-get update (2) sudo apt-get upgrade (3) sudo apt-get install qdigidoc. I do not know if the last command will work. If it does, retry your installation. If not, you'll have to post a new question giving the exact errors. – Paddy Landau Dec 08 '13 at 16:24
1

The following instructions are for Ubuntu 64-bit systems using 14.04, 15.10, 16.04, 16.10, 17.04 or 17.10 (the supported versions according to the official installation instructions for Linux in previous and current versions combined).

I have tested this process

  • on Ubuntu 16.10 64-bit with "ID-software version: 17.2, released 15.02.2017" (tested with Chrome, Chromium and Firefox)
  • on Ubuntu 17.10 64-bit with "ID-software version: 17.12, released 21.12.2017" (tested with Chromium only)

1. Compatible card readers

The instructions below were tested with the following two card readers, as identified by lsusb:

  • ID 04e6:5119 SCM Microsystems, Inc. SCR3340 - ExpressCard54 Smart Card Reader
  • ID 076b:a021 OmniKey AG CCID Smart Card Reader. This is the "official" card reader coming in the E-ID package as of January 2017.

See also this list for other compatible smartcard readers that work under Linux. The ExpressCard54 versions in there are:

  • SCM Microsystems SCR3340 (as above, used here)
  • Gemalto GemPC Express
  • OMNIKEY CardMan 4321

2. Instructions for Chrome / Chromium

  1. Make sure you have either Chromium or Chrome installed. These instructions are tested with both of them. To install Chrome from a repo, use these instructions.

  2. Install the "ID Software" under Linux as per the official instructions. In short, the instructions are:

    wget https://installer.id.ee/media/install-scripts/install-open-eid.sh
sh install-open-eid.sh
  3. Re-start the computer after the installation of the E-ID software (also try that in case your E-ID login attempts fail). I could not get any E-ID login to work before a restart, it would always fail with "No certificate could be found".
  4. Connect your smartcard reader.
  5. Insert the Estonian E-ID card into the reader.

  6. Make sure the smartcard service is in status "active":

    sudo service pcscd status

    If necessary start it with: 

    sudo service pcscd start

    This step is usually no needed as the service should be started automatically when inserting a card. But just to be sure.

  7. Start Google Chrome (by executing "google-chrome") or Chromium (by executing "chromium-browser").
  8. Visit a website that provides E-ID login to try it out, for example the Company Registration Portal.
  9. Click the login button to the top right and then the "Estonian ID-card" link.
  10. During the first login, choose the appropriate certificate from the list that will appear in a popup window, and enter PIN1 of your E-ID card to unlock it. This will be remembered for future logins until restarting the browser.

3. Instructions for Firefox 64-bit

These instructions work only for a 64-bit Firefox on 64-bit Ubuntu – that is. They do not work for 32-bit Firefox on 64-bit Ubuntu (I tried), even though they should according to the available documentation.

As of February 2017 and (hopefully) only until March 7, 2017, you will not be able to use all E-ID websites with a 64-bit Firefox, though. You can use for example the Estonian Company Registry already, though. If you need to access other E-ID websites, maybe better use Chrome / Chromium, which does not have the 32/64-bit issue with E-ID use.

The reason I got told by id.ee support people (and partially mentioned in the official documentation now) is this: There is a transition underway from the old Firefox NPAPI plugin named "Firefox Token Signing" (which does only work in 32-bit Firefox) to the new Firefox extension named "Token signing" (which also works in 64-bit Firefox). This is because Firefox will abandon the support for all NPAPI plugins, so the "Firefox Token Signing" plugin will stop working soon. This transition also mandates that the E-ID websites update their hwcrypto.js library, which most have not done yet (but the Company Registry has, notably). So for now most of the E-ID websites will try to access your "Firefox Token Signing" plugin which works on 32-bit Firefox only, while the "Token signing" extension is still quite useless. That will however change soon, as the NPAPI gets retired in Firefox on 2017-03-07.

Now the installation instructions:

  1. Install the "ID Software" under Linux as per the official instructions, step 1 only (./install-open-eid.sh).

  2. Connect your smartcard reader.

  3. Insert the Estonian E-ID card into the card reader.

  4. Make sure the smartcard service is in status "active":

    sudo service pcscd status

    If necessary start it with: 

    sudo service pcscd start

    This step is usually not needed as the service should be started automatically when inserting a card. But just to be sure.

  5. Start Firefox and go to "☰ → Add-ons → Extensions". If the list does not contain both "PKCS11 Loader" and "Token Signing", do the following:

    1. Re-start the computer and check again if the extensions are now listed.

    2. Re-install Firefox and check again if the extensions are now listed. This was done in my tests by temporarily installing Firefox 32-bit via sudo apt-get install firefox:i386; sudo apt-get install firefox;. But it should also work by simply uninstalling and reinstalling.

  6. In Firefox, go to "☰ → Add-ons → Extensions" and make sure that "PKCS11 Loader" and "Token Signing" are enabled.

  7. Visit a website that provides E-ID login to try it out, for example the Company Registration Portal.

  8. Click the login button to the top right and then the "Estonian ID-card" link.

  9. If an error message ("Certificate could not be found") appears, re-start the computer. This is probably only needed once after the installation of the E-ID software, but you can also try it if previous login attempts failed.

  10. During the first login, choose the appropriate certificate from the list that will appear in a popup window, and enter PIN1 of your E-ID card to unlock it. This will be remembered for future logins until restarting the browser.

As of 2020-05 and Firefox 76.0, logins with the Estonian E-ID card (means, using PIN1) are possible without having any E-ID Firefox plugins installed. However, the plugins are required for signing (means, using PIN2). So the ultimate test is trying to sign something, obviously, not a login as shown above.

tanius
  • 6,303
  • 1
  • 39
  • 49