Wiki

• FrontPage
• RecentChanges
• FindPage
• HelpContents
• BeID

Translation(s): english - français

This page describes how to configure Debian to use a belgian identity card (BeID). The BeID allows to authenticate, to logging in to belgian eServices and sign documents.

Overview

Belgium has released official software for their eID card, a PKCS#11 library (source code for this software is available under LGPLv3). Early versions of this software used to be based on OpenSC, but this is no longer the case.

The original patched version of this source code was merged back into OpenSC under the LGPL license, but it does not support modern cards issued after ~2019.

OpenSC also documents what they call Belgian Belpic on their wiki.

As OpenSC is available in Debian (see opensc package), installing it is enough to be able to use belgian certificates stored on an older belgian eID. For newer cards, the official eID software is required, from https://eid.belgium.be/en/linux-eid-software-installation

BeID Installation

Ckecking the Smartcard Reader Driver

The page Smartcards provides a good documentation about supported hardware and readers.

Install the Packages

Official eID software (preferred)

The official eID software repository is available through extrepo:

apt install extrepo
extrepo enable belgium_eid
apt update
apt install eid-mw eid-viewer

These packages take care of configuring Firefox (through an add-on) and Chromium-based browsers (through a script that is configured to run at logon time with XDG-compliant desktop environments). It may be necessary to restart your browser and/or graphics session to activate the add-on or script.

OpenSC-based

Packages to install:

• opensc;

• pcscd;

or

• pcsc-tools (contains some very useful tools to debug smartcard reader usage);

apt install opensc pcscd

or

apt install opensc pcsc-tools

Configure Firefox to use the BeID

Just follow the very good tutorial Installing OpenSC PKCS#11 Module in Firefox, Step by Step.

Important Remark

• To configure Firefox, you will need to find the right library. One of the next chapter explains how to find it.
• If the cardreader is not recognized in Firefox, try connecting it to the USB port before starting Firefox. Connecting the cardreader beforehand is a good practice.

Configure Chromium to use the BeID

Chromium has no interface to configure security modules. You will need to do it using modutil utility provided by the package libnss3-tools.

Just install the package:

apt install libnss3-tools

and add the security module to the database:

modutil -dbdir sql:$HOME/.pki/nssdb/ -add eID -libfile /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so

Important Remark

• To configure Chromium, you will need to find the right library. The next chapter explains how to find it.

Finding the opensc library

OpenSC provides a set of libraries and utilities to access smartcards and to facilitate their use in security applications such as mail encryption, authentication, and digital signature implementing the PKCS#11 API.

The PKCS#11 API library is in the package opensc-pkcs11.

$ dpkg --listfiles opensc-pkcs11 | grep /opensc-pkcs11.so
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so

Just copy/paste one of the libraries in the Module filename box.

That's is. You can test it on the eID software website.

Debugging Smartcard usage

pcsc-tools provides usefull tools to debug smartcards problems like:

pcsc_scan