This note shows how to install the Estonian Electronic Identity Software on Debian 9.

Important

Update 20180621: Ria does not maintain the zesti binaries any more. Therefor I replaced the link in script to xenial instead. Although there are no dependency clashes on my system, I do not have the time to test a fresh install now. Feedback is appreciated.

1. ID-software – what’s this?

ID-software allows you to use your ID-card electronically – use private and governmental e-services, digitally sign documents and encrypt documents for safe transfer.

During ID-software installation 3 programs are installed into your computer: ID-card utility, DigiDoc3 client and DigiDoc3 crypto.

With ID-card utility you can check the functioning of your ID-card and certificate validity, change PIN and PUK codes. The ID-card utility window displays the ID-card owner’s data and ID-card validity data. This information is constantly visible when ID-card utility is running. ID-card utility enables you to perform actions with certificates (extend them, change and unblock PIN codes and PUK code), configure @eesti.ee email address.

2. Installation

Tip

The installer script will automatically install a plugin for Firefox-ESR. The plugin works out of the box with Firefox 57 Quantum.

  1. Download the installer script.

  2. Edit the script

    Replace:

    case $codename in
      wheezy)
        add_repository trusty
      *)
        make_fail "Debian $codename is not officially supported"
        ;;
    

    With:

    case $codename in
      wheezy)
        add_repository trusty
        ;;
      stretch)
        add_repository xenial
        ;;
      *)
        make_fail "Debian $codename is not officially supported"
        ;;
    
  3. Download libssl1.0.0 for your architecture (scroll down)

  4. Install libssl1.0.0:

    sudo dpkg -i libssl1.0.0_1.0.1t-1+deb8u5_amd64.deb
    

    (your exact package name might be different).

  5. Run the modified installation script [1]

    chmod 755 install-open-eid.sh
    ./install-open-eid.sh
    
[1]

The script creates the file /etc/apt/sources.list.d/ria-repository.list with the following content:

deb https://installer.id.ee/media/ubuntu/ xenial main

Then it imports the repository key and runs apt-get update and apt-get install open-eid.

Note

The source code of the Estonian ID software is hosted on Github.

3. Check the installation

Among other things the installer script installs a meta package open-eid which installs chrome-token-signing, firefox-pkcs11-loader, libdigidoc-tools, libdigidocpp-tools, libnss3-tools, qdigidoc-tera and qdigidoc4. These packages also depend on other packages and install them.

To check if the Digidoc Open-EID extensions are properly installed in Firefox Quantum, open in the main menu: Tools->Add-ons->exensions.

Here you should see two extensions loaded:

  • Firefox PKCS11 loader (Configures Firefox to use PKCS11 for authentication)
  • Token signing (Use your eID smart card on the web)