Web eID: electronic ID smart cards on the Web

The Web eID project enables usage of European Union electronic identity (eID) smart cards for secure authentication and digital signing of documents on the web using public-key cryptography.

Estonian, Finnish, Latvian, Lithuanian and Croatian eID cards are supported in the first phase, but only Estonian eID card support is currently enabled in the test application below.

Please get in touch by email at help@ria.ee in case you need support with adding Web eID to your project or want to add support for a new eID card to Web eID.

Table of contents

• Usage
• Documentation
• For developers

Usage

Instructions for installing and testing in Firefox, Chrome or Edge (support for Safari has been already added as well, but it is not yet published):

1. Download and run the Web eID native app and browser extension installer:
   • for Ubuntu Linux 20.04 from here, install it with either the Ubuntu Software Center or from the console with
     sudo apt install ./web-eid_0.9.4.141_amd64.deb
   • for macOS 10.13 or later from here
   • for Windows 10 from here.
2. The installer will install the browser extension for all supported browsers automatically. The extension must be manually enabled from either the extension installation pop-up that appears in the browser or from the browser extensions management page and may need browser restart under certain circumstances.
3. Attach a smart card reader to the computer and insert the eID card into the reader.
4. Click Authenticate below.

Authenticate

Uninstallation

Ubuntu Linux

Uninstall Web eID either using the Ubuntu Software Center or from the console with
sudo apt purge web-eid

The uninstaller will remove the browser extension from all supported browsers automatically.

macOS

Uninstall Web eID with
sudo rm -rf /Applications/Utilities/web-eid.app \
  /Library/Google/Chrome/NativeMessagingHosts/eu.webeid.json \
  /Library/Application\ Support/Mozilla/NativeMessagingHosts/eu.webeid.json \
  /Library/Application\ Support/Google/Chrome/External\ Extensions/ncibgoaomkmdpilpocfeponihegamlic.json
PLIST=/Library/Preferences/org.mozilla.firefox.plist
sudo defaults write ${PLIST} ExtensionSettings \
  -dict-add "'{e68418bc-f2b0-4459-a9ea-3e72b6751b07}'" "{ 'installation_mode' = 'blocked'; }"

Windows

Uninstall Web eID using Add or remove programs.

The uninstaller will remove the browser extension from all supported browsers automatically.

Debugging and logs

• To debug the extension, open the extension page and select Inspect to open browser developer tools in extension mode. You can examine extension logs in the Console tab, put breakpoints in extension code in the Debugger tab and inspect extension network communication in the Network tab.
• The native app logs are stored in
  • ~/.local/share/RIA/web-eid/web-eid.log in Linux
  • ~/Library/Application Support/RIA/web-eid/web-eid.log in macOS
  • C:/Users/<USER>/AppData/Local/RIA/web-eid/web-eid.log in Windows.

Documentation

Technical overview of the solution is available in the project system architecture document. Overview of authentication token validation implementation in the back end is available in the web-eid-authtoken-validation-java Java library README.

Security analysis of the solution is available in this document.

For developers

Currently the Web eID back-end libraries are available for Java web applications.

To implement authentication and digital signing with Web eID in a Java web application, you need to

• use the web-eid.js JavaScript library in the front end of the web application according to the instructions here,
• for authentication, use the web-eid-authtoken-validation-java Java library in the back end of the web application according to the instructions here,
• for digital signing, use the digidoc4j Java library in the back end of the web application according to the instructions here.

The full source code of an example Spring Boot web application that uses Web eID for authentication and digital signing is available here.