explaingit

hofill/rocei_cli

23CAudience · developerComplexity · 3/5Setup · moderate

TLDR

A command-line tool for macOS and Linux that lets you digitally sign PDFs and files using your Romanian national eID smart card without installing the official government software.

Mindmap

mindmap
  root((repo))
    What it does
      Digital signing
      Smart card access
      No official software
    Three parts
      PKCS11 module
      CLI tool
      PDF Python script
    Supported platforms
      macOS via Homebrew
      Linux build from source
    Key features
      Sign PDF files
      Place visible stamp
      Read identity data
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Sign PDF documents with your Romanian eID card from the command line on macOS without IDPlugManager.

USE CASE 2

Place a visible digital signature stamp on a PDF at a position you choose by dragging a box in the browser.

USE CASE 3

List certificates on your ROeID card or read identity data using the CLI.

Tech stack

CPythonPKCS#11PC/SC

Getting it running

Difficulty · moderate Time to first run · 30min

macOS install via Homebrew, Linux requires building from source with dev libraries. Linux and Windows builds are untested on real hardware.

In plain English

This is a command-line tool that lets people with a Romanian national eID card (ROeID) digitally sign PDF files and other documents on macOS or Linux, without needing the official IDPlugManager software that Romania's government provides. It works by talking directly to the smart card chip over PC/SC, which is the standard protocol most computers use to communicate with physical smart cards. The private key that proves your identity stays inside the chip at all times and never gets copied to your computer. The project has three parts: a low-level module that makes the card behave like a standard signing device (PKCS#11, a common interface that many applications already support), a command-line program for everyday tasks like listing card contents, reading your identity data, and signing files, and a Python script that handles PDF-specific signing including placing a visible stamp on a page. For PDFs, you can choose where the signature stamp appears by running a command that opens a browser tab and lets you drag a box to the spot you want. Non-PDF files get a compact signed token instead, a short text string that records the filename, a hash of the file contents, a timestamp, and a digital signature. Installation on macOS goes through Homebrew, a package manager that handles the build steps for you. On Linux, you need a handful of development libraries installed first and then build from source. The author notes that Linux and Windows builds were produced with AI assistance and have not been tested against real hardware, so macOS is the only verified platform at this time. The legal section explains that the code was written from scratch by studying the behavior of the official library, without copying any proprietary source code, under an EU directive that permits reverse engineering for interoperability purposes.

Copy-paste prompts

Prompt 1
I have rocei_cli installed on macOS and my Romanian eID card connected. Show me the command to digitally sign a PDF and place the stamp in the bottom-right corner.
Prompt 2
How do I list the certificates stored on my ROeID card using rocei_cli?
Prompt 3
I want to sign a non-PDF file with my ROeID card using rocei_cli. What does the resulting signed token contain and how do I verify its authenticity?
Open on GitHub → Explain another repo

← hofill on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.