How eID card signing works on the web

Published by Margus Pala on

ID cards are Smart cards with a chip or NFC.  They can be connected to computers or or other devices using a reader with special apps and drivers. Governments are usually providing these drivers, aka “eID Middleware“, to work with national ID cards.

Browsers, where the web signing happens, can run Javascript in isolated environment and do not have direct access to smart card device drivers.

Unfortunately, the components that enable browser integration with eID Middleware are not available for many countries and eID cards.

Estonia saw this problem and built its Software so that it can be used with other countries’ ID cards as well. The component is called Chrome Token Signing, it includes installable software for Windows, Linux and MacOS. Token signing uses local country eID Middleware and PKCS #11 protocol to read certificates from the ID card and create signatures on the card’s chip. Chrome Token Signing works with Chrome, Firefox, Edge and any other browsers built on the same engines.

This Token Signing module is tested with Estonian ID Card, Finnish ID Card, Latvian ID Card, Lithuanian ID Card, Belgian ID Card, Luxembourgian LuxTrust Smartcard and Romanian Aladdin eToken.

From the browser’s side, all it takes to add digital signing support to a front-end is to import hwcrypto.js and invoke it. At first read the certificate from the eID card to prepare digest of the document that will be signed and then sign the hash digest on the card.

There is one more component in the mix, this is the service that will actually create signed container. We recommend using asice container as ASIC-E containers are in compliance with EU standards. with XAdES format using profile LT (Long Term) – Signature with time-stamp and OCSP. For this CEF has built eSignature building block that can be downloaded from https://github.com/esig/dss. However, it can be quite overwhelming to get started for those who are not experts in the field. For those we recommend Estonian built simplified wrapper https://github.com/open-eid/digidoc4j

If these guidelines are not enough to get you going, please do get in touch with info@eideasy.com and we will help you build successful eID integration projects.

Categories: digital signaturee-IDQESqualified electronic signature

Related Posts

Digital signatures in SharePoint

Get your Sharepoint documents digitally signed with qualified signatures without downloading-uploading-emailing

Step by step guide on how to get the Latvian foreigner’s eID card

Latvian foreigner’s eID card is a personal identity document, confirming the identity of the holder thereof when receiving the services in the digital environment as well as in presence, when visiting service providers in Latvia, for example, banks, notaries, state authorities.

How to create and validate NOM 151 data message preservation constancy in Mexico

Mexico is becoming very fast very advanced digital society. For example most working age people have their personal document signing certificates, all electronic invoices and tax declarations must be signed digitally with the certificate. For Read more…

GDPR Badge BVCER ISO 27001 eIDAS eID Easy Google for Startups