This note shows how to install the Estonian Electronic Identity Software on NixOS.

ID-software – what’s this?

ID-software allows you to use your ID-card electronically – use private and governmental e-services, digitally sign documents and encrypt documents for safe transfer.

With the ID-card Digidoc4 utility you can check the functioning of your ID-card and certificate validity, change PIN and PUK codes. The ID-card utility window displays the ID-card owner’s data and ID-card validity data. This information is constantly visible when ID-card utility is running. ID-card utility enables you to perform actions with certificates (extend them, change and unblock PIN codes and PUK code).

The Web eID project enables usage of European Union electronic identity (eID) smart cards for secure authentication and digital signing of documents on the web using public-key cryptography. Estonian, Finnish, Latvian, Lithuanian, Belgian and Croatian eID cards are supported in the first phase.


  1. Install the required packages in NixOS:

    Insert in the packages list in configuration.nix:

    Important: do not add any firefox* packages in pkgs! Note, the firefox-esr package is pulled in below with programs.firefox.package = pkgs.firefox-esr;

     packages = with pkgs; [
       qdigidoc                # Digidoc
       web-eid-app             # Signing in browswer
       p11-kit                 # Signing in browswer
       opensc                  # Signing in browswer

    Execute in a terminal:

    sudo nixos-rebuild switch
  2. Check success:

    Insert your ID card in the reader and invoke the Digidoc application:

    $ qdigidoc4 
    Failed to parse public key
    QObject: Cannot create children for a parent that is in a different thread.
    (Parent is QSigner(0x10cb9d0), parent's thread is QThread(0xecab00), current thread is QSigner(0x10cb9d0)
    Loading: ""
    2024-04-03T09:40:25Z I [X509CertStore.cpp:63] - Loaded 58 certificates into TSL certificate store.
    TSL loading finished
    "OpenSC Project                   (2.20)" 
     "OpenSC smartcard framework       (0.25)" 
     Flags: 0
    qdigidoc4.QSmartCard: Polling
    qdigidoc4.QSmartCard: Read "Alcor Micro AU9540 00 00"
    qdigidoc4.QSmartCard: Read card "EC1278287" info

    The Digidoc application should open now and in the right upper corner of the Digidoc window you should see your name and your “isikukood”.

  3. Configure the helper software web-eid-app:

    Add to your configuration.nix:

    services.pcscd.enable = true;
    programs.firefox.enable = true;
    programs.firefox.package = pkgs.firefox-esr;
    programs.firefox.nativeMessagingHosts.packages = [ pkgs.web-eid-app ];
    programs.firefox.policies.SecurityDevices.p11-kit-proxy = "${pkgs.p11-kit}/lib/";
    # Authentification
    environment.etc."pkcs11/modules/opensc-pkcs11".text = ''
      module: ${pkgs.opensc}/lib/

    Execute in a terminal:

    sudo nixos-rebuild switch
  4. Enable logging (for testing only):

    1. Enable logging:

      echo 'logging=true' > ~/.config/RIA/web-eid.conf
    2. Check success:


      A dialogue About Web eID window appears. Click on [Cancel].

      cat ~/.local/share/RIA/web-eid/web-eid.log

      You should see something like:

      2024-03-31T06:56:42.804Z INFO src/controller/controller.cpp:72:void Controller::run() - "web-eid" app "2.4.0+0" running in command-line mode
  5. Install the browser extension within Firefox from Web eID – Get this Extension for Firefox (en-US)

  6. Check success:

    1. Enable logging:

    2. Insert Estionan ID card.

    3. Check with DigiDoc that the card reader works and the ID card reader and driver works.

    4. Goto and click on [Authenticate].

      Type your pin1, you should see:

      Digital signing
      Welcome, XXX XXX!

      Press the button [Sign document], then type your pin2, you should see:

        Digital signing
        Welcome, XXX XXX!
        Signature added: example-for-signing.asice
  7. Disable logging:

    rm ~/.config/RIA/web-eid.conf

Troubleshooting: consider this thread