Package Name

nemid

Current Version

1.6-1 Nov. 24, 2011

Download Link

nemid_1.6-1_all.deb for 32-bit and 64-bit systems

Repository

Repository and key

Description

Support for the Danish "NemID" certificate. NemID is a national, centralized authentication service. It includes an option to sign documents and email with a personal certificate. The latter is rather poorly supported by DanID (the company that provides NemID), which requires you to download and unpack a file and manually overwrite essential system files. The NemID package provided here ensures that the proper system files are automatically installed; and, if you elect to use the provided repository, keeps itself updated.

Download and install your NemID certificate by issuing the command:

installer-nemid

from a terminal prompt. It requires that you're running an X desktop environment, such as Unity, Gnome, or KDE. An application window opens, prompting you for your NemID username and password. Enter your NemID credentials, and click the "Hent NemID-certifikat..." button. Your NemID certificate will then be installed.

For information on how to configure various applications to use your NemID certificate, consult the manual pages for installer-nemid:

man installer-nemid

or visit DanID's linux support page.

Known Limitations

The installer prepares Evolution, Firefox, LibreOffice, and Thunderbird for the NemID libraries, but makes no attempt to configure email accounts and address books.

Bugs and Support

See the nemid project page

Maintainer

Ole Wolf <>

Copyright and License

The installer-nemid script and its associated manual page are copyright © 2011 Ole Wolf, and are released under GPL v. 3.

DanID does not provide any copyright or licensing notes, but its application may be downloaded at no charge from DanID's website.

Technical Details

The installer is a script that creates a temporary directory in the user's home folder from whence DanID's executable is called. Apparently this workaround is required in order to execute the file.

Next, the script creates a link to the NemID PKCS11 library in the user's ~/.pki folder.

Then the script deletes any old NemID modules from the Firefox and Thunderbird security module databases and inserts the NemID module into the databases.

Finally, the script modifies the user's ~/.bashrc file so that LibreOffice will look for the certificate in the Firefox profile directory.

Additional Notes

NemID is, by its very architecture, inherently insecure, because the user does not own his or her private key. This is a design decision, and the package provided here cannot change this fact.