Web eID: electronic ID smart cards on the Web

The Web eID project enables usage of European Union electronic identity (eID) smart cards for secure authentication and digital signing of documents on the web using public-key cryptography.

Estonian, Finnish, Latvian, Lithuanian, Belgian and Croatian eID cards are supported in the first phase, but only Estonian eID card support is currently enabled in the test application below.

Please get in touch by email at help@ria.ee in case you need support with adding Web eID to your project or want to add support for a new eID card to Web eID.

Table of contents

Usage

The recommended way of installing Web eID is by installing the latest Open-EID ID-software package. In case you do not need or want to install the Open-EID package, install the latest Web eID packages in Firefox, Chrome, Edge or Safari according to the following instructions:

  1. Download and run the Web eID native app and browser extension installer:
    • on Ubuntu Linux, for Firefox and Chrome, download and execute the
      download-install-web-eid.sh script from the console with
      wget -O - https://web-eid.eu/scripts/download-install-web-eid.sh | bash
      Note that Firefox is installed with Snap in Ubuntu 22.04 or later by default and as the Snap sandbox does not allow communication with the external native messaging host, Web eID will not work. Install Firefox via the Debian package instead of Snap if you want to use Web eID with Firefox in Ubuntu 22.04+. Instructions how to do that are available here.
    • on macOS 11 or later, for Firefox and Chrome from here,
    • on macOS 11 or later, for Safari, install the extension from App Store,
    • on Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, for Firefox, Chrome and Edge from here.
  2. The installer will install the browser extension for all supported browsers automatically. The extension must be manually enabled from either the extension installation pop-up that appears in the browser or from the browser extensions management page and may need browser restart under certain circumstances.

Testing:

  1. Attach a smart card reader to the computer and insert the eID card into the reader.
  2. Click Authenticate below.

The privacy policy of the test service is available here.

Uninstallation

The uninstaller will remove the browser extension from all supported browsers automatically.

Ubuntu Linux

Uninstall the Web eID software either using the Ubuntu Software Center or from the console with
sudo apt purge web-eid

macOS

To uninstall the Web eID software, do the following:

  1. download the Web eID native app and browser extension installer as instructed above,
  2. open the downloaded file,
  3. open Terminal,
  4. drag and drop uninstall.sh from the downloaded file to the Terminal window,
  5. press Enter and Y,
  6. enter your password.
Windows

Uninstall the Web eID software using Add or remove programs.

Debugging and logs

  • To debug the extension, open the extension page and select Inspect to open browser developer tools in extension mode. You can examine extension logs in the Console tab, put breakpoints in extension code in the Debugger tab and inspect extension network communication in the Network tab.
  • To enable logging in the extension companion native app,
    • in Linux, run the following command in the console:
      echo 'logging=true' > ~/.config/RIA/web-eid.conf
    • in macOS, run the following command in the console:
      defaults write \
        "$HOME/Library/Containers/eu.web-eid.web-eid/Data/Library/Preferences/eu.web-eid.web-eid.plist" \
        logging true
      defaults write "$HOME/Library/Containers/eu.web-eid.web-eid-safari/Data/Library/Preferences/eu.web-eid.web-eid-safari.plist" \
        logging true
    • in Windows, add the following registry key:
      [HKEY_CURRENT_USER\SOFTWARE\RIA\web-eid]
      "logging"="true"
  • The native app logs are stored in
    • ~/.local/share/RIA/web-eid/web-eid.log in Linux
    • ~/Library/Containers/eu.web-eid.web-eid/Data/Library/Application\ Support/RIA/web-eid/web-eid.log in macOS
    • ~/Library/Containers/eu.web-eid.web-eid-safari/Data/Library/Application\ Support/RIA/web-eid-safari/web-eid-safari.log of Safari in macOS
    • C:/Users/<USER>/AppData/Local/RIA/web-eid/web-eid.log in Windows.
  • You can verify if debugging works by executing the native application web-eid manually, there will be an informative message in the logs.

Documentation

Technical overview of the solution is available in the project system architecture document. Overview of authentication token validation implementation in the back end is available in the web-eid-authtoken-validation-java Java library README.

Security analysis of the solution is available in this document.

For developers

Currently the Web eID back-end libraries are available for Java, .NET and PHP web applications.

To implement authentication and digital signing with Web eID in a Java, .NET or PHP web application, you need to

  • use the web-eid.js JavaScript library in the front end of the web application according to the instructions here,
  • for authentication
    • in Java use the web-eid-authtoken-validation-java library in the back end of the web application according to the instructions here,
    • in .NET/C# use the web-eid-authtoken-validation-dotnet library according to the instructions here
    • in PHP use the web-eid-authtoken-validation-php library according to the instructions here
  • for digital signing
    • in Java use the digidoc4j library in the back end of the web application according to the instructions here,
    • in .NET/C# use the libdigidocpp library in the back end of the web application according to the instructions here.

The full source code of an example Spring Boot web application that uses Web eID for authentication and digital signing is available here. The .NET/C# version of the example is available here. The PHP version of the example is available here.

EU fund flags