Estonian Identity Card in Manjaro Linux

it is possible to use estonian identity card in manjaro linux (arch linux based).

install the middleware to access smart cards:

# pacman -S pcsclite pcsc-tools ccid

enable and start pcscd service:

# systemctl enable pcscd
# systemctl start pcscd

now you can test your estonian identity card. run "pcsc_scan" application in console. if the card is unresponsive, then try inserting it again:

$ pcsc_scan
Using reader plug'n play mechanism
Scanning present readers...
0: Gemalto PC Twin Reader (24F70B5A) 00 00

Sun Jul 12 00:54:32 2020
Reader 0: Gemalto PC Twin Reader (24F70B5A) 00 00
Event number: 1
Card state: Card removed,

Sun Jul 12 00:54:39 2020
Reader 0: Gemalto PC Twin Reader (24F70B5A) 00 00
Event number: 2
Card state: Card inserted, Shared Mode, Unresponsive card,

Sun Jul 12 00:54:42 2020
Reader 0: Gemalto PC Twin Reader (24F70B5A) 00 00
Event number: 3
Card state: Card removed,

Sun Jul 12 00:54:44 2020
Reader 0: Gemalto PC Twin Reader (24F70B5A) 00 00
Event number: 4
Card state: Card inserted, Shared Mode,
ATR: 3B FA 18 00 00 80 31 FE 45 FE 65 49 44 20 2F 20 50 4B 49 03
ATR: 3B FA 18 00 00 80 31 FE 45 FE 65 49 44 20 2F 20 50 4B 49 03
+ TS = 3B --> Direct Convention
+ T0 = FA, Y(1): 1111, K: 10 (historical bytes)
TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
TB(1) = 00 --> VPP is not electrically connected
TC(1) = 00 --> Extra guard time: 0
TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0
-----
TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1
-----
TA(3) = FE --> IFSC: 254
TB(3) = 45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
+ Historical bytes: FE 65 49 44 20 2F 20 50 4B 49
Category indicator byte: FE (proprietary format)
+ TCK = 03 (correct checksum)
Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B FA 18 00 00 80 31 FE 45 FE 65 49 44 20 2F 20 50 4B 49 03
Estonian Identity Card (EstEID v3.5 (10.2014) cold) (eID)
http://id.ee/
 

install some estonian goverment packages from AUR:

$ yay -S qdigidoc4 esteidpkcs11loader chrome-token-signing

you now have software to sign documents digitally, it can also display some data of the inserted card, like: name, expiration date, personal code. run the application by typing "qdigidoc4" in console:

$ qdigidoc4
qt5ct: using qt5ct plugin
Chache configuration serial: 108
Bundled configuration serial: 108
QObject: Cannot create children for a parent that is in a different thread.
(Parent is QSigner(0x5623ffcd52c0), parent's thread is QThread(0x5623ff94c8b0), current thread is QSigner(0x5623ffcd52c0)
Loading: "opensc-pkcs11.so"
2020-07-11T22:15:20Z D [Connect.cpp:50] - Connecting to URL: https://ec.europa.eu/tools/lotl/eu-lotl.xml
2020-07-11T22:15:20Z D [Connect.cpp:72] - Connecting to Host: ec.europa.eu:443 timeout: 10
qdigidoc4.MainWindow: noReader_NoCard_Loading_Event 3
qt5ct: palette support is disabled
qt5ct: custom style sheet is disabled
2020-07-11T22:15:20Z D [TSL.cpp:573] - Remote ETag: "5c254-5aa15d6b87040"
2020-07-11T22:15:20Z D [TSL.cpp:579] - Cached ETag: "5c254-5aa15d6b87040"
2020-07-11T22:15:20Z D [TSL.cpp:248] - TSL eu-lotl.xml (269) signature is valid
2020-07-11T22:15:20Z D [Connect.cpp:50] - Connecting to URL: https://sr.riik.ee/tsl/estonian-tsl.xml
2020-07-11T22:15:20Z D [Connect.cpp:72] - Connecting to Host: sr.riik.ee:443 timeout: 10
2020-07-11T22:15:20Z D [TSL.cpp:573] - Remote ETag: "4592b-5a2aec8e4cb80-gzip"
2020-07-11T22:15:20Z D [TSL.cpp:579] - Cached ETag: "4592b-5a2aec8e4cb80-gzip"
2020-07-11T22:15:20Z D [TSL.cpp:248] - TSL EE.xml (49) signature is valid
2020-07-11T22:15:20Z I [X509CertStore.cpp:84] - Loaded 46 certificates into TSL certificate store.
TSL loading finished
"OPENSC PROJECT (2.20)"
"OPENSC SMARTCARD FRAMEWORK (0.20)"
Flags: 0
qdigidoc4.QSigner: Disconnected from card "loading"
qdigidoc4.QSigner: Read sign cert "*********"
qdigidoc4.QSigner: Cert is empty: false
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Read "Gemalto PC Twin Reader (24F70B5A) 00 00"
qdigidoc4.MainWindow: Select card "*********"
qdigidoc4.QSmartCard: Read card "*********" info
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling
qdigidoc4.QSmartCard: Polling

install estonian goverment addons on firefox. addon names are "PKCS11 loader" (Configures Firefox to use PKCS11 for authentication) and "Token signing" (Use your eID smart card on the web). author is "Raul Metsma".

now you have access to banks, you can make payments, enter patients portal (https://digilugu.ee/), and use other electronic services of estonian goverment (https://eesti.ee/).