Skip to content

Instantly share code, notes, and snippets.

@mmahut

mmahut/eID.md

Created January 29, 2020 09:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mmahut/8fb29d7a8e6fbf712283d18c75ac905c to your computer and use it in GitHub Desktop.
Save mmahut/8fb29d7a8e6fbf712283d18c75ac905c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
eID.md

Install card drivers

   services.pcscd.enable = true;
   services.pcscd.plugins = [ pkgs.acsccid ];
   environment.systemPackages = [ pkgs.qdigidoc ];

Verify access to the card

$ qdigidoc4

Chromium import certificate

1. Install https://chrome.google.com/webstore/detail/token-signing/ckjefchnfjhjfedoccjbhjpbncimppeg)

2. Import certificate

```
NOTE: this snippet was extracted from https://github.com/open-eid/linux-installer/blob/master/esteid-update-nssdb
```

- `wget -O ESTEID-SK_2015.pem.crt https://www.sk.ee/upload/files/ESTEID-SK_2015.pem.crt`
- `nix-shell -p nssTools --run "certutil -d sql:$HOME/.pki/nssdb -A -t ",," -n "ESTEID-SK_2015" -i ESTEID-SK_2015.pem.crt"`
- `nix-shell -p nssTools --run "modutil -force -dbdir sql:$HOME/.pki/nssdb -delete opensc-pkcs11"`
- `nix-shell -p nssTools --run "modutil -force -dbdir sql:$HOME/.pki/nssdb -add opensc-pkcs11 -libfile $(nix-build -A opensc '<nixpkgs>' --no-out-link)/lib/onepin-opensc-pkcs11.so -mechanisms FRIENDLY"`
- `mkdir -p ~/.config/chromium/NativeMessagingHosts`
- `cp $(nix-build -A chrome-token-signing)/etc/chromium/native-messaging-hosts/ee.ria.esteid.json ~/.config/chromium/NativeMessagingHosts/ee.ria.esteid.json`
- restart chromium
- open https://www.eesti.ee/en/ and click "Enter"
- https://www.eesti.ee/eng/services/business for company stuff
- https://ettevotjaportaal.rik.ee/index.py?chlang=eng
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment