eID Products
eID Applet
The eID Applet is a browser component to enable the use of the Belgian eID card within web applications in the most user friendly way possible today.
The eID Applet runs on Windows, Mac OS X, and Linux platforms and supports a wide range of web browsers including Firefox, IE, and Safari.
Since the eID Applet can run both with or without eID Middleware installed, it puts minimal requirements on the client browser environment.
eID Applet Beta Site @ e-contract
eID Applet @ Github
eID Applet Maven Site @ e-contract
eID Chrome
The eID Chrome project safeguards the future of eID usage within the Google Chrome web browser.
The eID Chrome project is primarily targeted for integration within our eID services.
However, interesting ISV's can also take a license on this technology.
If interested in the eID Chrome project as a product, please contact us at
chrome@e-contract.be.
jTrust
jTrust is a Java library for trust validation of X509 certificates.
The jTrust library features OCSP and CRL revocation checking, automatic CRL fall-back when OCSP fails, CRL caching, and a clean architecture that is ready for a scalable trust service implementation.
The jTrust library comes with a default configuration tweaked to validate Belgian eID certificates.
jTrust @ Github
jTrust Maven Project Site @ e-contract
eID Trust Service
The eID Trust Service is a highly scalable XKMS2 based certificate validation service specifically targeting the Belgian eID PKI infrastructure out-of-the-box while remaining configurable to also serve other PKI topologies.
The architecture features a harvester and a scheduler to manage a CRL based revocation database in the background.
It provides authentication certificate chain validation as well as historical non-repudiation certificate chain validation.
Over time the eID Trust Service will support creation of trust domains using the Trusted Lists according to the Service Directive to be able to validate EU certificate chains.
The old eID Trust Service is no longer maintained as open source project.
e-Contract.be BVBA developed a follow-up product called "Trust Service".
The new Trust Service is used as basic building block for all other offered eID services.
eID Trusted List Tool
The eID TSL Tool allows for generation and signing of the Belgian Trusted List according to the e-Signature Service Directive.
The eID TSL Tool is being used by FedICT and the FPS of Economy for managing the Belgian TSL lifecycle.
eID TSL @ Google Code
eID Identity Provider
The eID Identity Provider product is a simple IdP using the eID as authentication token. The eID IdP uses the eID Applet for eID based entity authentication and the eID Trust Service for authentication certificate validation.
The eID IdP supports different authentication protocols to ease integration within 3rd party applications: SAML2 Browser POST profile, OpenID 2 with Attribute Exchange and PAPE, WS-Federation with SAML2 Metadata.
The eID IdP comes with an eID IdP SDK to ease the task of developers on integrating the eID IdP functionality in web application.
The eID Identity Provider is no longer maintained as open source project.
e-Contract.be BVBA developed a follow-up product version 1.1.x.
Furthermore a new eID Identity Provider version 2 is scheduled for production by mid 2015.
Digital Signature Service Protocol
The Digital Signature Service Protocol project delivers the protocol artifacts for the new Digital Signature Service.
This protocol is based on the OASIS DSS standard and focusses on high performant and secure delivery of digital signatures.
Both the Java and .NET SDK are open sourced under the commercially friendly GNU LGPL license.
Digital Signature Service Protocol project site
eID Digital Signature Service
The eID DSS supports the creation of XML signatures according to XAdES-X-L using a browser POST protocol to navigate the web browser from Relying Party to the eID DSS.
After verification of the to-be-signed XML document (the visualization of the XML structure can be styled using XSLT) the citizen can sign the XML structure using the eID card via the eID Applet technology. After signature finalization by the eID DSS (upgrade from XAdES-BES to XAdES-X-L using the eID Trust Service) the eID DSS will navigate the web browser back to the Relying Party where the work flow can continue.
For signature verification the Relying Party can use an eID DSS web service according to the OASIS DSS specifications. The eID DSS signature validation web service is using the eID Trust Service for historical certificate chain validation. Because both the signature creation and signature validation is outsourced to the eID DSS, the Relying Party does not need to have notion of the actual used signature format. This way the Relying Party can fully focus on the business work flow and define an XML schema according to its business needs.
Although the citizen is also offered the possibility to download the signed XML document it should be noted that the eID DSS targets integration of electronic signatures as part of a web based business work flow and is thus not document centric oriented, but service centric oriented.
The old eID Digital Signature Service is no longer maintained as open source project.
Instead, e-Contract.be BVBA developed a follow-up product called Digital Signature Service.
WebScarab authentication protocol plugins
Via the WebScarab authentication protocol plugins one can investigate different commodity authentication protocol messages and even perform some common MITM attacks.
For the moment the WebScarab plugins support SAML 2.0 Browser POST Profile, OpenID 2.0, and WS-Federation Web Passive Protocol.
Via this tool one can harden the security of eID integrations within web applications.
This tool has been successfully used several times to locate security weaknesses within web application eID integrations.
Some of these WebScarab plugins have been committed to the official WebScarab source code tree.
Download this version of WebScarab from @ eID IdP Google Code
WebScarab source code @ github
WebScarab @ OWASP
eID Quick-Key Toolset
This project delivers a JavaCard Applet that mimics the behavior of an eID Card. Of course you cannot duplicate a real eID card as you cannot copy the private keys from one card to another. Besides the JavaCard Applet this project also delivers a simple GUI to initialize blank smart cards using the JavaCard Applet. This project is about delivery of the technology. The distribution model and trust model of such Quick-Key smart cards is out of scope and should be handled by the relying parties that decide on using Quick-Key smart cards.
eID Quick-Key Toolset @ Google Code
Commons eID
The Commons eID Library provides a very generic library to handle the Belgian eID. The library can be used both for desktop applications as well as browser based applets.
Commons eID @ Github
Commons eID Maven project site
jWatchdog
The jWatchdog Project delivers a simple to configure monitoring notification system.
jWatchdog is used as part of the monitoring infrastructure at e-contract.be.
jWatchdog @ Github
jWatchdog Maven project site
jWatchdog Client for Android
HSM Proxy
The HSM Proxy delivers an open source solution to proxy HSM or software keystores.
HSM Proxy @ Google Code
HSM Proxy Maven project site
eID Middleware for Android
The eID Middleware for Android project delivers an eID Middleware on the Android platform.
eID Middleware for Android @ Github
eID Middleware for Android Maven project site