Using electronic ID on Arch in Slovakia

Some months ago I wrote an article about the smartcard and shown a possible way to initialize communication with it on Arch Linux and the notebook equipped with smartcard reader, in my case a trusty T470.

The basis for making the smartcard reader work is to install the required packages:

sudo pacman -S pcsclite ccid

And then enable the pcscd service:

sudo systemctl enable pcscd.service --now

So far so good.

ID card as a smartcard

Now in Slovakia, the digitization somehow finally picked up some speed and it turns out, many bureaucracy obstacles are removed by using the electronic ID or eID as it is called, which is an ID card that has a built in smartcard for cryptography purposes, for instance to do an offical electronic signature accepted in administrative tasks in Slovakia.

Task involving electronic signature should also save a considerable amount of time by not needing to visit the bureau building physically and as a bonus, most administrative tasks done electronically do not ask for a processing fee at all! There seems to be no reason not to use it, at least on paper.

Will it work on Linux?

The sad reality might yet reveal itself and blur my romantic image of never need to run from one clerk to another to get a stamp for something when I actually start using the service. But, what surprised me the most is the fact that there is an actual official software package for Linux for this feature! I was expecting Windows only, as would be the norm.

The officially supported Linux distributions are Debian, Ubuntu and Mint however. My first take was to use debtap (available in AUR). After some meddling with it, another surprise found its way to delight me.

What about Arch?

The application I needed is also already available in AUR as eidklient. I could not find an email address of the author, Fedor Piecka, otherwise I would send him an acknowledgment. The package worked like a charm.

The sad part is that my ID used an older cryptography chip inside, and is not compatible with the new standards, so I had to go to the bureau to ask for the newer one anyway. But there is no point in keeping devices relying on the already broken cryptography around, so this is a good thing in the long run. I will post an update once I get the new card. Stay tuned!