Estonian identity card

The Estonian identity card (ID-kaart) is a mandatory identity document for citizens of Estonia. In addition to regular identification of a person, an ID-card can also be used for establishing one's identity in electronic environment and for giving one's digital signature. Within Europe (except Belarus, Russia, Ukraine and United Kingdom) as well as French overseas territories, Georgia and Tunisia (on organized tours only) the Estonian ID-card can be used by the citizens of Estonia as a travel document.

The mandatory identity document of a citizen of the European Union is also an identity card, also known as an ID card. The Estonian ID-card can be used to cross the Estonian border, however Estonian authorities cannot guarantee that other EU member states will accept the card as a travel document.

In addition to regular identification of a person, an ID-card can also be used for establishing one's identity in electronic environment and for giving one's digital signature. With the Estonian ID-card the citizen will receive a personal @eesti.ee e-mail address, which is used by the state to send important information. In order to use the @eesti.ee e-mail address, the citizen has to forward it to his or her personal e-mail address, using the State Portal eesti.ee.

The Police and Border Guard Board (PPA) on 25 September 2018 introduced the newest version of Estonia's ID-card, featuring additional security elements and a contactless interface. The new cards also utilizes Estonia's own font and elements of its brand. One new detail is the inclusion of a QR code, which makes it easier to check the validity of the ID-card. The new design also features a color photo of its bearer, which doubles as a security element and is made up of lines; looking at the card at an angle, another photo appears. The new chip has a higher capacity, allowing the addition of new applications to it.

Scope
The Estonian ID-cards are used in health care, electronic banking, signing contracts, public transit, encrypting email and voting. Estonia offers over 600 e-services to citizens and 2,400 to businesses. The card's chip stores digitized data about the authorized user, most importantly: the user's full name, gender, national identification number, and cryptographic keys and public key certificates.

Types of Estonian ID cards
There are several types of identity documents issued by the Estonian state that are usually referred to as the Estonian ID-card. These are the identity card, the digital identity card, the residence permit card, the e-resident’s digital identity card and the diplomatic identity card.

While these identity documents are issued to different categories of persons and have a different appearance, all these documents provide the same electronic functionality via a smart card chip.

Electronic functionality of the ID card
From its introduction in 2002 until now, the core electronic functionality provided by the Estonian ID-card has stayed the same. The ID-card contains two asymmetric (RSA or ECC) key pairs with the corresponding X.509 public-key certificates, and symmetric keys to perform card management operations.

Authentication key. The authentication key is used to log into e-services by providing a signature in the TLS client certificate authentication process. This key can also be used to decrypt documents encrypted for the cardholder. This is used only infrequently, as such documents would become unreadable if the card were lost or destroyed. Cryptographic signature and decryption operations with this key have to be authorized using the 4-digit PIN1 code.

Digital signature key. The digital signature key is used to give legally binding digital signatures that under eIDAS are recognized as qualified electronic signatures. Each signature operation with the key has to be authorized using the 5-digit PIN2 code.

Personal data file. The ID card chip contains a publicly readable personal data file, which consists of 16 records containing the same information as is printed on the card.

Card management operations. The cards are preloaded with symmetric keys that can be used by the manufacturer to perform various card management operations in the post-issuance phase. This provides a method to reset PIN codes in the event the cardholder forgets them, generate new keys, write new certificates, and even reinstall the whole smart card applet if needed.

The Estonian state provides DigiDoc software allowing users to cryptographically sign digital documents. Since 2016 the DigiDoc software can create files that follow the EU-wide ETSI standard called ASiC-e.

By 7 September 2021, 1,391,704,193 electronic signatures were given, thus averaging to 50 signatures per card user per year.

Under Estonian law, since 15 December 2000 the cryptographic signature is legally equivalent to a manual signature. This law has been superseded by the EU-wide eSignature Directive since 2016.

Uses for identification
The card's compatibility with standard X.509 and TLS infrastructure by providing a client certificate to each person has made it a convenient means of identification for use of web-based government services in Estonia (see e-Government). All major banks, many financial and other web services support ID-card based authentication. Adding support of Estonian ID-card based identification is very simple nowadays because majority of used browsers, web servers and other software supports TLS (SSL) client-certificate based authentication and Estonian ID-card use exactly that system.

Web discussion forums
Web commentary columns of some Estonian newspapers, most notably Eesti Päevaleht, used to support ID-card based authentication for comments. This approach caused some controversy in the internet community.

Public transport
Larger cities in Estonia, such as Tallinn and Tartu, have arrangements making it possible for residents to purchase "virtual" transportation tickets linked to their ID-cards.

Period tickets can be bought online via electronic bank transfer, by SMS, or at public kiosks. This process usually takes less than a few minutes and the ticket is instantly active from the moment of purchase or since the first use of the ticket.

Customers also have the option of requesting e-mail or SMS notification alerting them when the ticket is about to expire, or of setting up automatic renewal through internet banking services.

To use the virtual ticket, customers must carry their ID-card with them whenever they use public transport. During a routine ticket check, users are asked to present their ID-card, which is then inserted into a special device. This device then confirms that the user holds a valid ticket, and also warns if the ticket is about to expire. The ticket check usually takes less than a second.

Ticket information is stored in a central database, not on the ID-card itself. Thus, to order a ticket, it is not necessary to have an ID-card reader. Ticket controllers have access to a local archive of the master database. If the ticket was purchased after the local archive was updated, the ticket device is able to confirm the ticket from the master database over mobile data link.

Electronic voting
The Estonian ID-card is also used for authentication in Estonia's Internet-based voting program called i-Voting.

In February 2007, Estonia was the first country in the world to institute electronic voting for parliamentary elections. Over 30,000 voters participated in the country's e-election. In the Parliamentary election of 2011 140,846 votes were cast electronically representing 24% of total votes.

The software used in this process is available for Microsoft Windows, macOS and Linux.

Use as a travel document
Since Estonia's accession to the European Union (EU) in 2004, Estonian citizens who possess an Estonian identity card have been able to use it as an international travel document, in lieu of a passport, for travel within the European Economic Area, as well as the French overseas departments and territories, Andorra, San Marino, Monaco, Vatican City, Northern Cyprus, and Georgia.

However, non-Estonian citizens resident in Estonia are unable to use their Estonian identity cards as an international travel document.

Security issues
Over the years the Estonian ID-card and its ecosystem has experienced several security incidents and similar issues. Below are listed some of the most significant security incidents that have been encountered.

Infineon's RSA key generation flaw
In August 2017, a security threat was discovered that affected 750,000 ID and e-residency cards issued between 16 October 2014 and 26 October 2017.

It was reported that a code library developed by Infineon, which had been in widespread use in security products such as smartcards and TPMs, had a flaw (later dubbed the ROCA vulnerability) that allowed private keys to be inferred from public keys. As a result, all systems depending upon the privacy of such keys were vulnerable to compromise, such as identity theft or spoofing. Affected systems include 750,000 Estonian national ID-cards, and Estonian e-residency cards.

On 2 November 2017, the Estonian government decided to suspend the affected certificates on the midnight of November 3. For the next five months until 31 March 2018 (incl.), the holders of the suspended certificates were still able to update their ID-cards at PPA customer service points and remotely over the internet. On 1 April 2018, the certificates of the non-renewed ID-cards were revoked and the renewal service for the affected ID-cards was discontinued. The governments decision to postpone the revocation of the affected certificates and allowing the remote renewal of suspended certificates have been criticized for not being in compliance with eID legal requirements.

The incident resulted in a litigation process as the ID-card manufacturer Gemalto failed to inform the Estonian state about the vulnerability in a timely manner. In February 2021, it was reported that Gemalto and the Estonian state reached a compromise agreement, with Gemalto agreeing to pay the state 2.2 million EUR in compensation.

Security flaws in key management
There have been several isolated cases of security flaws being discovered in the ID-card key management process. In particular, in some cases, contrary to the security requirements, the ID-card manufacturer Gemalto had generated private keys outside the chip. In several cases, copies of the same private key have been imported in the ID-cards of different cardholders, allowing them to impersonate each other. In addition, as a result of a separate flaw in the manufacturing process, corrupted RSA public key moduli have been included in the certificates, which in one case led to the full recovery of the corresponding private key.