Install Estonian e-ID Software on Qubes OS in a Fedora 32 VM

11 February, 2020 — Platschi

Update 03.11.2020: Updated Blog Post for Fedora 32 VM.

After receiving my Estonian e-ID, I have been asked to visit their welcome page to set up my new digital identity card. To my surprise, some Windows software is shown to be required in order for the card reader to function. No word on available Linux packages, no easily discoverable information in the FAQ to lead me to the right place. So here we go!

Below instructions are Qubes OS specific, but could be done on any Fedora machine, too, simply by skipping the Qubes OS relevant steps. The github repository also holds packages and scripts for other Linux distributions, but I haven't tested those.

Set Up Qube

Clone your existing fedora template and create a new AppVM which we'll only use for e-ID relevant tasks. Open the dom0 Terminal and type:
$ qvm-clone fedora-32 f-32-eid
$ qvm-create --template f-32-eid --label blue eid
Set up the AppVM to your liking.

Fedora Package

The developers of the e-ID software publish their source code here on github. But no worries, there's already a package readily available in the fedora-32 repositories. Start the Terminal in the freshly cloned f-32-eid template and type:

$ sudo dnf search open-eid
===== Name Exactly Matched: open-eid =====
open-eid.noarch : Meta-package for Estonian Electronic Identity Software
$ sudo dnf install open-eid

By typing in the two commands, you will successfully install the open-eid software and its dependencies on Fedora 32. Gratulations.

The Card Reader

I have received the ACR38 card reader by the Estonian authorities. It didn't work out of the box, so I had to download the drivers here from the Hong Kong based manufacturer. Check your card readers label for the correct version. What you need is the "PC/SC Driver Package" for Linux. Networking in the Template should not work, so you can use your preferred AppVM to download the package and copy it to the distro template.

After downloading the package, unzip and install the correct driver in the f-32-eid template:

$ unzip
$ cd ACS-Unified-PKG-Lnx-118-P/fedora/31/
$ sudo dnf install pcsc-lite-acsccid-1.1.8-1.fc31.x86_64.rpm
$ sudo systemctl enable pcscd
Note: The Card Reader reached End of Life (EOL), so it is unlikely new updates will arrive for fedora 32 and above.

Shut down the f-32-eid template. In the Qubes Settings of the eid AppVM, make the DigiDoc4 Client as well as Firefox available. Start the eid AppVM, visit the welcome page with Firefox and enjoy your e-ID card and card reader!

Tags: english, eresidency, internet