ID cards are Smart cards with a chip or NFC. They can be connected to computers or or other devices using a reader with special apps and drivers. Governments are usually providing these drivers, aka “eID Middleware“, to work with national ID cards.
Unfortunately, the components that enable browser integration with eID Middleware are not available for many countries and eID cards.
Estonia saw this problem and built its Software so that it can be used with other countries’ ID cards as well. The component is called Chrome Token Signing, it includes installable software for Windows, Linux and MacOS. Token signing uses local country eID Middleware and PKCS #11 protocol to read certificates from the ID card and create signatures on the card’s chip. Chrome Token Signing works with Chrome, Firefox, Edge and any other browsers built on the same engines.
This Token Signing module is tested with Estonian ID Card, Finnish ID Card, Latvian ID Card, Lithuanian ID Card, Belgian ID Card, Luxembourgian LuxTrust Smartcard and Romanian Aladdin eToken.
From the browser’s side, all it takes to add digital signing support to a front-end is to import hwcrypto.js and invoke it. At first read the certificate from the eID card to prepare digest of the document that will be signed and then sign the hash digest on the card.
There is one more component in the mix, this is the service that will actually create signed container. We recommend using asice container as ASIC-E containers are in compliance with EU standards. with XAdES format using profile LT (Long Term) – Signature with time-stamp and OCSP. For this CEF has built eSignature building block that can be downloaded from https://github.com/esig/dss. However, it can be quite overwhelming to get started for those who are not experts in the field. For those we recommend Estonian built simplified wrapper https://github.com/open-eid/digidoc4j
If these guidelines are not enough to get you going, please do get in touch with firstname.lastname@example.org and we will help you build successful eID integration projects.