An official communication has been be sent to developers to announce the planned release of a new version of the card applet (version 1.8, whereas the current applet version is 1.7).

A short description of the most relevant changes for third party developers will be given below. For more in-depth technical descriptions, please refer to the new applet, chip content and file content specifications.

• Use of Elliptic Curve. Signatures (both for authentication and non-repudiation) created with applet 1.8 cards will be ECDSA P-384 signatures. The intermediate and root certificates also contain EC P-384 keys.

• The signature files of the ID and address files will be ECDSA P-384 with SHA-2-384

• The hashes (photo, PuK#1 Basic) present within the ID file will be of type SHA-2-384

• An option to retrieve the number of tries left on the PIN will be present (through the get card data command with P2 set to 01)

• The option to verify the card by its basic key signatures (Internal Authenticate) is present. As the card public key (and its indirect RN signature) are now present on the card.

• An extra command (e.g. "MSE:SET") is allowed between the card commands "MVP:VERIFY(non-rep PIN)" and "PSO: COMPUTE DIGITAL SIGNATURE".

• A read by record option that allows for reading the identity and address files data on a per record basis

The eID middleware has been updated to handle the applet 1.8 cards, this updated version (v5.x) can be downloaded here:

• Windows: From eid.belgium.be

• macOS: From eid.belgium.be

• Linux:

  • Install the eID middleware from the eID download page for your distribution.
  • Enable the "continuous" repository:
    • Fedora/CentOS/RHEL: edit the file /etc/yum.repos.d/eid-archive.repo, and change the line enabled=0 in the section [beid-continuous] to enabled=1
    • OpenSUSE: run zypper mr -e beid-continuous
    • Debian/Ubuntu/Linux Mint: edit the file /etc/apt/sources.list.d/eid.list, and follow the instructions. Please note that you need the continuous repository; the candidate one is not enough. Then run dpkg-reconfigure eid-archive followed by apt-get update
  • Upgrade to the packages from the continuous repository:
    • Fedora/CentOS/RHEL: yum upgrade; yum install eid-mw
    • OpenSUSE: zypper in eid-mw
    • Debian/Ubuntu/Linux Mint: apt -t continuous upgrade
  • Check that the installed package versions is at least version 5.0.

  Please note that the Linux packages are built using continuous integration from the master branch rather than manually; as such, quality may vary over time, although we do our best to keep things working.

A new SDK (SDK 5.0) is available that can handle applet 1.8 cards, its pkcs#11 libraries are part of the above eID middleware, Its manual can be found here: beidsdk_card_data.pdf

A set of test cards that contain the applet v1.8 is available for order on https://www.eazysign.be/en/eazyset-your-set-of-eid-testing-cards. More information and tooling for the test cards can be found at zetescards