This note shows how to install the Estonian Electronic Identity Software on Debian 9.

Important

Update 20180621: Ria does not maintain the zesti binaries any more. Therefor I replaced the link in script to xenial instead. Although there are no dependency clashes on my system, I do not have the time to test a fresh install now. Feedback is appreciated.

1. ID-software – what’s this?

ID-software allows you to use your ID-card electronically – use private and governmental e-services, digitally sign documents and encrypt documents for safe transfer.

During ID-software installation 3 programs are installed into your computer: ID-card utility, DigiDoc3 client and DigiDoc3 crypto.

With ID-card utility you can check the functioning of your ID-card and certificate validity, change PIN and PUK codes. The ID-card utility window displays the ID-card owner’s data and ID-card validity data. This information is constantly visible when ID-card utility is running. ID-card utility enables you to perform actions with certificates (extend them, change and unblock PIN codes and PUK code), configure @eesti.ee email address.

2. Installation

Tip

The installer script will automatically install a plugin for Firefox-ESR. The plugin works out of the box with Firefox 57 Quantum.

  1. Download the installer script.

  2. Edit the script

    Replace:

    case $codename in
      wheezy)
        add_repository trusty
      *)
        make_fail "Debian $codename is not officially supported"
        ;;
    

    With:

    case $codename in
      wheezy)
        add_repository trusty
        ;;
      stretch)
        add_repository xenial
        ;;
      *)
        make_fail "Debian $codename is not officially supported"
        ;;
    
  3. Download libssl1.0.0 for your architecture (scroll down)

  4. Install libssl1.0.0:

    sudo dpkg -i libssl1.0.0_1.0.1t-1+deb8u5_amd64.deb
    

    (your exact package name might be different).

  5. Run the modified installation script [1]

    chmod 755 install-open-eid.sh
    ./install-open-eid.sh
    
[1]

The script creates the file /etc/apt/sources.list.d/ria-repository.list with the following content:

deb https://installer.id.ee/media/ubuntu/ xenial main

Then it imports the repository key and runs apt-get update and apt-get install open-eid.

Note

The source code of the Estonian ID software is hosted on Github.

3. Check the installation

Among other things the installer script installs a meta package open-eid which installs chrome-token-signing, firefox-pkcs11-loader, libdigidoc-tools, libdigidocpp-tools, libnss3-tools, qdigidoc-tera and qdigidoc4. These packages also depend on other packages and install them.

To check if the Digidoc Open-EID extensions are properly installed in Firefox Quantum, open in the main menu: Tools->Add-ons->extensions.

Here you should see two extensions loaded:

  • Firefox PKCS11 loader (Configures Firefox to use PKCS11 for authentication)
  • Token signing (Use your eID smart card on the web)

4. Troubeshooting

Update 2018-06-21:

Ria does not maintain the zesti binaries any more. Therefor I replaced the link in script to xenial instead. Although there are no dependency clashes on my system, I do not have the time to test a fresh install now. Feedback is appreciated.

Update 2018-12-12:

  1. Bugreport

    During the last update of AWP to version 5.3.0.16.04.130 on my debian 9 machine, I experienced the following problem:

    # apt upgrade
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    Calculating upgrade... Done
    0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
    2 not fully installed or removed.
    After this operation, 0 B of additional disk space will be used.
    Do you want to continue? [Y/n]
    Setting up awp (5.3.0.16.04.130) ...
    Adding smartcard support in Google Chrome ...
    dpkg: error processing package awp (--configure):
     subprocess installed post-installation script returned error exit status 1
    dpkg: dependency problems prevent configuration of open-eid:
     open-eid depends on awp; however:
      Package awp is not configured yet.
    
    dpkg: error processing package open-eid (--configure):
     dependency problems - leaving unconfigured
    Errors were encountered while processing:
     awp
     open-eid
    E: Sub-process /usr/bin/dpkg returned an error code (1)
    
  2. Here my workaround

    1. extract the file postinst from the debian package awp_5.3.0.16.04.130_amd64.deb/deb://DEBIAN

    2. and execute it by manually

       ./postinst
      Reading package lists... Done
      Building dependency tree
      Reading state information... Done
      libnss3-tools is already the newest version (2:3.26.2-1.1+deb9u1).
      libnss3-tools set to manually installed.
      0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
      2 not fully installed or removed.
      After this operation, 0 B of additional disk space will be used.
      Setting up awp (5.3.0.16.04.130) ...
      Adding smartcard support in Google Chrome ...
      Module "idemia-pkcs11" added to database.
      Setting up open-eid (18.12.0.1815-1604) ...
      Adding smartcard support in Google Chrome ...