Is there a flag that tells if a signature was done by the E-Resident?
marsrobertson opened this issue · 3 comments
Based on #342 a colleague of mine was able to do some C++ magic and verify the signature.
there may be some marker in the validation response that proves e-residency, but I don't see a clear one at this time.
Is there a way of telling if the signature was done by E-Resident?
Asking because we would like to offer some services to E-Residents only. Not discriminatory, just enjoying building new lego blocks od decentralized governance if that makes sense ⚡️⚡️⚡️
The Estonian identification (ID) code is a unique 11-digit code that will remain the same your entire lifetime. It is a number formed on the basis of the sex and date of birth of a person which allows the specific identification of the person. Everyone working and/or living in Estonia has the right to a personal identification code.
The Estonian personal identification number is also granted to a person who has been issued the e-residency digi-ID.
Is there a way of telling is you are a E-Resident?
According to the certification policy (https://www.id.ee/public/CP_ESTEID_v1.1.pdf), Ch 1.2, the latest certificates of digital identity card of e-resident should have certificate policy 1.3.6.1.4.1.51361.1.1.4.
Please note however that this is so only for the latest cards where issuer is ESTEID-2018; older cards have the same OID for Digi-ID of Estonian citizens and E-Residents (see https://www.skidsolutions.eu/en/repository/CP/).
DigiDoc4 client checks the subject of the certificate: if the O (Organization) attribute contains the string E-RESIDENT, the card belongs to E-Resident:
see for example https://github.com/open-eid/DigiDoc4-Client/blob/master/client/widgets/InfoStack.cpp#L203
Libdigidocpp does not know anything certificate specific policies.
Old cards contain O field E-Residents and new cards have policy OID https://www.id.ee/public/CP_ESTEID_v1.1.pdf