2 KiB
XenID - A Dutch eIDAS client for Linux
Usage
Install XenID, along with the resource files. This is best done with NixOS,
right now. If using other systems, check package.nix to see where the
resources go. That's it.
Any use of the DigiD ID-card check will now pop up XenID, allowing for quick and easy login with any (DigiD-activated) ID card.
Security
This program does not persist your ID card's PIN, and requires user interaction before allowing a DigiD authentication to continue.
It does not and could not know anything about your login, other than the name: When authenticating, a special session is created by the DigiD server, and provided through the URL used to open XenID. This session can only be used to interact with the ID card login process, and provides no long-term keys.
The communication between the card and DigiD is encrypted with a key only the card and the DigiD authentication server know, and the DigiD server never gets to see your PIN code.
History
The Dutch governent has a login system for citizens and residents, but all supported login methods are cumbersome, especially for users of fully open systems. Either way, you end up having to lug around a phone, alongside your laptop or desktop.
Thankfully, in 2022 someone WOO'd (Wet Open Overheid, Law on Open Goverment) the governent, which provided us with the majority of the source code of both the server and client side of this system.
Simultaneously, in the 2021 refresh, the ID cards were supplied with an eIDAS login function. Not much was known about this, and the only way to use this functionality was to use a digid-activated smartphone, which intensely limits its use. A desktop application was teased, and possibly released, but lost to time. However, the option still showed up to anyone logging in through DigiD, teasing them.
A while back, Puck spent some time digging through the WOO source, and wrote XenID, a Linux-native client, using the same entry point as the original eID client. Which you are looking at right now.