This note shows how to install the Estonian Electronic Identity Software on Debian 9.


Update 20180621: Ria does not maintain the zesti binaries any more. Therefor I replaced the link in script to xenial instead. Although there are no dependency clashes on my system, I do not have the time to test a fresh install now. Feedback is appreciated.

1. ID-software – what’s this?

ID-software allows you to use your ID-card electronically – use private and governmental e-services, digitally sign documents and encrypt documents for safe transfer.

During ID-software installation 3 programs are installed into your computer: ID-card utility, DigiDoc3 client and DigiDoc3 crypto.

With ID-card utility you can check the functioning of your ID-card and certificate validity, change PIN and PUK codes. The ID-card utility window displays the ID-card owner’s data and ID-card validity data. This information is constantly visible when ID-card utility is running. ID-card utility enables you to perform actions with certificates (extend them, change and unblock PIN codes and PUK code), configure email address.

2. Installation


The installer script will automatically install a plugin for Firefox-ESR. The plugin works out of the box with Firefox 57 Quantum.

  1. Download the installer script.

  2. Edit the script


    case $codename in
        add_repository trusty
        make_fail "Debian $codename is not officially supported"


    case $codename in
        add_repository trusty
        add_repository xenial
        make_fail "Debian $codename is not officially supported"
  3. Download libssl1.0.0 for your architecture (scroll down)

  4. Install libssl1.0.0:

    sudo dpkg -i libssl1.0.0_1.0.1t-1+deb8u5_amd64.deb

    (your exact package name might be different).

  5. Run the modified installation script [1]

    chmod 755

The script creates the file /etc/apt/sources.list.d/ria-repository.list with the following content:

deb xenial main

Then it imports the repository key and runs apt-get update and apt-get install open-eid.


The source code of the Estonian ID software is hosted on Github.

3. Check the installation

Among other things the installer script installs a meta package open-eid which installs chrome-token-signing, firefox-pkcs11-loader, libdigidoc-tools, libdigidocpp-tools, libnss3-tools, qdigidoc-tera and qdigidoc4. These packages also depend on other packages and install them.

To check if the Digidoc Open-EID extensions are properly installed in Firefox Quantum, open in the main menu: Tools->Add-ons->exensions.

Here you should see two extensions loaded:

  • Firefox PKCS11 loader (Configures Firefox to use PKCS11 for authentication)
  • Token signing (Use your eID smart card on the web)