Web eID: Difference between revisions

(7 intermediate revisions by 6 users not shown)

Line 1:

~~The~~ Web eID project enables usage of European Union electronic identity (eID) smart cards for secure authentication and digital signing of documents on the web using public-key cryptography.

eThe Web eID project enables usage of European Union electronic identity (eID) smart cards for secure authentication and digital signing of documents on the web using public-key cryptography.

Check [https://web-eid.eu/|web-eid.eu] for more details and an example application.

Line 19:

== Firefox ==

If ~~you're using~~ Firefox~~, and~~ <code>programs.firefox.enable = true</code> ~~to configure your firefox~~, ~~you~~ can ~~set <code>programs~~.~~firefox~~.~~nativeMessagingHosts.euwebid = true;</code>~~.

Firefox requires an additional browser extension for Web eID to work. If Firefox is enabled with <code>programs.firefox.enable = true</code>, this can specified system-wide, as follows...

If you're building a ~~firefox~~ derivation yourself, you can override it with <code>extraNativeMessagingHosts = [ pkgs.web-eid-app ];</code>.

<syntaxhighlight lang="nix">programs.firefox.nativeMessagingHosts.packages = [ pkgs.web-eid-app ];</syntaxhighlight>

...or per user with Home Manager, as follows:<syntaxhighlight lang="nix">

programs.firefox.nativeMessagingHosts = [ pkgs.web-eid-app ];

</syntaxhighlight>

If you're building a Firefox derivation yourself, you can override it with <code>extraNativeMessagingHosts = [ pkgs.web-eid-app ];</code>.

== Google Chrome / Chromium ==

Line 75:

Line 82:

environment.systemPackages = ~~with pkgs;~~ [

environment.systemPackages = [

# Wrapper script to tell to Chrome/Chromium to use p11-kit-proxy to load

# security devices, so they can be used for TLS client auth.

Line 82:

Line 89:

#

# https://bugs.chromium.org/p/chromium/issues/detail?id=16387

#

~~# Firefox users can just set~~

~~# extraPolicies.SecurityDevices.p11-kit-proxy "${pkgs.p11-kit}/lib/p11-kit-proxy.so";~~

~~# when overriding the firefox derivation.~~

(pkgs.writeShellScriptBin "setup-browser-eid" ''

NSSDB="''${HOME}/.pki/nssdb"

Line 97:

Line 100:

Invoke <code>setup-browser-eid</code> to configure (and whenever this gets garbage-collected), and restart your browser.

== Belgian eID cards ==

The Web eID browser extension, used for authentication with Belgian eID cards, requires the PKCS#11 module <code>libbeidpkcs11.so.0</code> to be available in the directory <code>/usr/lib/x86_64-linux-gnu/</code>. Since this directory does not exist by default on NixOS, the Web eID application installed on the host system will not detect or support Belgian eID cards.

To resolve this, you can create a symlink from the Nix store version of <code>beidpkcs11.so</code>, provided by the <code>eid-mw</code> package, into <code>/usr/lib/x86_64-linux-gnu/</code>:<syntaxhighlight lang="nix">system.activationScripts.web-eid-app = {

text = ''

mkdir -p /usr/lib/x86_64-linux-gnu

ln -sf ${pkgs.eid-mw}/lib/pkcs11/beidpkcs11.so /usr/lib/x86_64-linux-gnu/libbeidpkcs11.so.0

'';

};</syntaxhighlight>This script ensures the required symlink is created at system activation time and remains up to date with the correct Nix store path for <code>eid-mw</code>.

[[Category:Hardware]]

[[Category:Applications]]

[[Category:Web Applications]]

@@ Line 1: / Line 1: @@
-The Web eID project enables usage of European Union electronic identity (eID) smart cards for secure authentication and digital signing of documents on the web using public-key cryptography.
+eThe Web eID project enables usage of European Union electronic identity (eID) smart cards for secure authentication and digital signing of documents on the web using public-key cryptography.
 Check [https://web-eid.eu/|web-eid.eu] for more details and an example application.
@@ Line 19: / Line 19: @@
 == Firefox ==
-If you're using Firefox, and  <code>programs.firefox.enable = true</code> to configure your firefox, you can set <code>programs.firefox.nativeMessagingHosts.euwebid = true;</code>.
+Firefox requires an additional browser extension for Web eID to work. If Firefox is enabled with <code>programs.firefox.enable = true</code>, this can specified system-wide, as follows...
-If you're building a firefox derivation yourself, you can override it with <code>extraNativeMessagingHosts = [ pkgs.web-eid-app ];</code>.
+<syntaxhighlight lang="nix">programs.firefox.nativeMessagingHosts.packages = [ pkgs.web-eid-app ];</syntaxhighlight>
+...or per user with Home Manager, as follows:<syntaxhighlight lang="nix">
+programs.firefox.nativeMessagingHosts = [ pkgs.web-eid-app ];
+</syntaxhighlight>
+If you're building a Firefox derivation yourself, you can override it with <code>extraNativeMessagingHosts = [ pkgs.web-eid-app ];</code>.
 == Google Chrome / Chromium ==
@@ Line 75: / Line 82: @@
 <syntaxhighlight lang="nix">
-   environment.systemPackages = with pkgs; [
+   environment.systemPackages = [
      # Wrapper script to tell to Chrome/Chromium to use p11-kit-proxy to load
      # security devices, so they can be used for TLS client auth.
@@ Line 82: / Line 89: @@
      #
      # https://bugs.chromium.org/p/chromium/issues/detail?id=16387
-    #
-    # Firefox users can just set
-    # extraPolicies.SecurityDevices.p11-kit-proxy "${pkgs.p11-kit}/lib/p11-kit-proxy.so";
-    # when overriding the firefox derivation.
      (pkgs.writeShellScriptBin "setup-browser-eid" ''
        NSSDB="''${HOME}/.pki/nssdb"
@@ Line 97: / Line 100: @@
 Invoke <code>setup-browser-eid</code> to configure (and whenever this gets garbage-collected), and restart your browser.
+== Belgian eID cards ==
+The Web eID browser extension, used for authentication with Belgian eID cards, requires the PKCS#11 module <code>libbeidpkcs11.so.0</code> to be available in the directory <code>/usr/lib/x86_64-linux-gnu/</code>. Since this directory does not exist by default on NixOS, the Web eID application installed on the host system will not detect or support Belgian eID cards.
+To resolve this, you can create a symlink from the Nix store version of <code>beidpkcs11.so</code>, provided by the <code>eid-mw</code> package, into <code>/usr/lib/x86_64-linux-gnu/</code>:<syntaxhighlight lang="nix">system.activationScripts.web-eid-app = {
+  text = ''
+    mkdir -p /usr/lib/x86_64-linux-gnu
+    ln -sf ${pkgs.eid-mw}/lib/pkcs11/beidpkcs11.so /usr/lib/x86_64-linux-gnu/libbeidpkcs11.so.0
+  '';
+};</syntaxhighlight>This script ensures the required symlink is created at system activation time and remains up to date with the correct Nix store path for <code>eid-mw</code>.
+[[Category:Hardware]]
+[[Category:Applications]]
+[[Category:Web Applications]]