xenid/README.md

# XenID - A Dutch eIDAS client for Linux
## Usage
Install XenID, along with the resource files. This is best done with NixOS,
right now. If using other systems, check `package.nix` to see where the
resources go. That's it.

Any use of the DigiD ID-card check will now pop up XenID, allowing for quick
and easy login with any (DigiD-activated) ID card.

## Security
This program does not persist your ID card's PIN, and requires user interaction
before allowing a DigiD authentication to continue.

It does not and could not know anything about your login, other than the name:
When authenticating, a special session is created by the DigiD server, and
provided through the URL used to open XenID. This session can only be used to
interact with the ID card login process, and provides no long-term keys.

The communication between the card and DigiD is encrypted with a key only the
card and the DigiD authentication server know, and the DigiD server never gets
to see your PIN code.

## History
The Dutch governent has a login system for citizens and residents, but all
supported login methods are cumbersome, especially for users of fully open
systems. Either way, you end up having to lug around a phone, alongside
your laptop or desktop.

Thankfully, in 2022 someone WOO'd (Wet Open Overheid, Law on Open Goverment)
the governent, which provided us with the majority of the source code of both
the server and client side of this system.

Simultaneously, in the 2021 refresh, the ID cards were supplied with an eIDAS
login function. Not much was known about this, and the only way to use this
functionality was to use a digid-activated smartphone, which intensely limits
its use. A desktop application was teased, and possibly released, but lost to
time. However, the option still showed up to anyone logging in through DigiD,
teasing them.

A while back, Puck spent some time digging through the WOO source, and wrote
XenID, a Linux-native client, using the same entry point as the original eID
client. Which you are looking at right now.
Add README 2026-03-05 20:35:28 +00:00			`# XenID - A Dutch eIDAS client for Linux`
			`## Usage`
			`Install XenID, along with the resource files. This is best done with NixOS,`
			right now. If using other systems, check `package.nix` to see where the
			`resources go. That's it.`

			`Any use of the DigiD ID-card check will now pop up XenID, allowing for quick`
			`and easy login with any (DigiD-activated) ID card.`

			`## Security`
			`This program does not persist your ID card's PIN, and requires user interaction`
			`before allowing a DigiD authentication to continue.`

			`It does not and could not know anything about your login, other than the name:`
			`When authenticating, a special session is created by the DigiD server, and`
			`provided through the URL used to open XenID. This session can only be used to`
			`interact with the ID card login process, and provides no long-term keys.`

			`The communication between the card and DigiD is encrypted with a key only the`
			`card and the DigiD authentication server know, and the DigiD server never gets`
			`to see your PIN code.`

			`## History`
			`The Dutch governent has a login system for citizens and residents, but all`
			`supported login methods are cumbersome, especially for users of fully open`
			`systems. Either way, you end up having to lug around a phone, alongside`
			`your laptop or desktop.`

			`Thankfully, in 2022 someone WOO'd (Wet Open Overheid, Law on Open Goverment)`
			`the governent, which provided us with the majority of the source code of both`
			`the server and client side of this system.`

			`Simultaneously, in the 2021 refresh, the ID cards were supplied with an eIDAS`
			`login function. Not much was known about this, and the only way to use this`
			`functionality was to use a digid-activated smartphone, which intensely limits`
			`its use. A desktop application was teased, and possibly released, but lost to`
			`time. However, the option still showed up to anyone logging in through DigiD,`
			`teasing them.`

			`A while back, Puck spent some time digging through the WOO source, and wrote`
			`XenID, a Linux-native client, using the same entry point as the original eID`
			`client. Which you are looking at right now.`