Using the eID function of the german identity card on Linux

Here is a short step-by-step guide for setting up your RPM-based distribution for using the eID function of the german identity card:

Hardware requirements: I’m going to use the “REINERSCT cyberJack RFID basis” device for reading my identity card.

Setup

  1. Install the package ccid (which contains the “Generic USB CCID smart card reader driver”): dnf install ccid
  2. As eID client I’m going to use the Open eCard client (an alternative to AusweisApp): Download it and install it using rpm -i open-ecard-app-...rpm
  3. Connect your RFID device to your computer
  4. Put your ID card on the device
  5. Open the Open eCard client
  6. At first, if you haven’t used eID before, you’ll have to replace the transport PIN (5 digits) with a custom PIN (6 digits). Just select the “PIN management” option in the Open eCard client and follow the instructions. The custom PIN is now your PIN for unlocking your data on the identity card. Make sure to remember it!

eID process (example)

If the setup is done and the Open eCard client is running you can start an eID process from your browser. This is pretty straightforward. In my example I had to identify myself for activating my prepaid SIM card from ja!mobil/congstar which I bought at a local supermarket. In that particular case, the eID process is integrated in the so called “POSTIDENT” method (provided by Deutsche Post AG):

  1. Select “eID function” as identification method
  2. On the second page, ignore the Smartphone app instructions and click on the link “start the AusweisApp2 here” instead (you’ll find it at the bottom of the page)
  3. Now, the Open eCard App will guide you the the procedure and ask for your PIN in order to unlock your data.
  4. A success message will be displayed in your browser.

Screenshots of the eID process with POSTIDENT

Step1: Select eID function
Step 2: Click at the link at the bottom.
Step 3: Follow the instructions of the Open eCard App
Step 4: Done =)