Web eID: Difference between revisions

(3 intermediate revisions by 3 users not shown)

Line 1:

~~The~~ Web eID project enables usage of European Union electronic identity (eID) smart cards for secure authentication and digital signing of documents on the web using public-key cryptography.

eThe Web eID project enables usage of European Union electronic identity (eID) smart cards for secure authentication and digital signing of documents on the web using public-key cryptography.

Check [https://web-eid.eu/|web-eid.eu] for more details and an example application.

Line 19:

== Firefox ==

If ~~you're using~~ Firefox~~, and~~ <code>programs.firefox.enable = true</code> ~~to configure your firefox~~, ~~you~~ can ~~set:~~

Firefox requires an additional browser extension for Web eID to work. If Firefox is enabled with <code>programs.firefox.enable = true</code>, this can specified system-wide, as follows...

<syntaxhighlight lang="nix">programs.firefox.nativeMessagingHosts.packages = [ pkgs.web-eid-app ];</syntaxhighlight>

programs.firefox.nativeMessagingHosts.~~euwebid = true~~;

...or per user with Home Manager, as follows:<syntaxhighlight lang="nix">

programs.firefox.nativeMessagingHosts = [ pkgs.web-eid-app ];

</syntaxhighlight>

If you're building a ~~firefox~~ derivation yourself, you can override it with <code>extraNativeMessagingHosts = [ pkgs.web-eid-app ];</code>.

If you're building a Firefox derivation yourself, you can override it with <code>extraNativeMessagingHosts = [ pkgs.web-eid-app ];</code>.

== Google Chrome / Chromium ==

Line 98:

Line 100:

Invoke <code>setup-browser-eid</code> to configure (and whenever this gets garbage-collected), and restart your browser.

== Belgian eID cards ==

The Web eID browser extension, used for authentication with Belgian eID cards, requires the PKCS#11 module <code>libbeidpkcs11.so.0</code> to be available in the directory <code>/usr/lib/x86_64-linux-gnu/</code>. Since this directory does not exist by default on NixOS, the Web eID application installed on the host system will not detect or support Belgian eID cards.

To resolve this, you can create a symlink from the Nix store version of <code>beidpkcs11.so</code>, provided by the <code>eid-mw</code> package, into <code>/usr/lib/x86_64-linux-gnu/</code>:<syntaxhighlight lang="nix">system.activationScripts.web-eid-app = {

text = ''

mkdir -p /usr/lib/x86_64-linux-gnu

ln -sf ${pkgs.eid-mw}/lib/pkcs11/beidpkcs11.so /usr/lib/x86_64-linux-gnu/libbeidpkcs11.so.0

'';

};</syntaxhighlight>This script ensures the required symlink is created at system activation time and remains up to date with the correct Nix store path for <code>eid-mw</code>.

[[Category:Hardware]]

[[Category:Applications]]

[[Category:Web Applications]]

@@ Line 1: / Line 1: @@
-The Web eID project enables usage of European Union electronic identity (eID) smart cards for secure authentication and digital signing of documents on the web using public-key cryptography.
+eThe Web eID project enables usage of European Union electronic identity (eID) smart cards for secure authentication and digital signing of documents on the web using public-key cryptography.
 Check [https://web-eid.eu/|web-eid.eu] for more details and an example application.
@@ Line 19: / Line 19: @@
 == Firefox ==
-If you're using Firefox, and  <code>programs.firefox.enable = true</code> to configure your firefox, you can set:
+Firefox requires an additional browser extension for Web eID to work. If Firefox is enabled with <code>programs.firefox.enable = true</code>, this can specified system-wide, as follows...
-<syntaxhighlight lang="nix">
+<syntaxhighlight lang="nix">programs.firefox.nativeMessagingHosts.packages = [ pkgs.web-eid-app ];</syntaxhighlight>
-programs.firefox.nativeMessagingHosts.euwebid = true;
+...or per user with Home Manager, as follows:<syntaxhighlight lang="nix">
+programs.firefox.nativeMessagingHosts = [ pkgs.web-eid-app ];
 </syntaxhighlight>
-If you're building a firefox derivation yourself, you can override it with <code>extraNativeMessagingHosts = [ pkgs.web-eid-app ];</code>.
+If you're building a Firefox derivation yourself, you can override it with <code>extraNativeMessagingHosts = [ pkgs.web-eid-app ];</code>.
 == Google Chrome / Chromium ==
@@ Line 98: / Line 100: @@
 Invoke <code>setup-browser-eid</code> to configure (and whenever this gets garbage-collected), and restart your browser.
+== Belgian eID cards ==
+The Web eID browser extension, used for authentication with Belgian eID cards, requires the PKCS#11 module <code>libbeidpkcs11.so.0</code> to be available in the directory <code>/usr/lib/x86_64-linux-gnu/</code>. Since this directory does not exist by default on NixOS, the Web eID application installed on the host system will not detect or support Belgian eID cards.
+To resolve this, you can create a symlink from the Nix store version of <code>beidpkcs11.so</code>, provided by the <code>eid-mw</code> package, into <code>/usr/lib/x86_64-linux-gnu/</code>:<syntaxhighlight lang="nix">system.activationScripts.web-eid-app = {
+  text = ''
+    mkdir -p /usr/lib/x86_64-linux-gnu
+    ln -sf ${pkgs.eid-mw}/lib/pkcs11/beidpkcs11.so /usr/lib/x86_64-linux-gnu/libbeidpkcs11.so.0
+  '';
+};</syntaxhighlight>This script ensures the required symlink is created at system activation time and remains up to date with the correct Nix store path for <code>eid-mw</code>.
 [[Category:Hardware]]
 [[Category:Applications]]
 [[Category:Web Applications]]