• Welcome Screen
• Settings
  • Card Reader
  • Language
• Help
  • Help Contents
  • Logs
• Card Information
  • Authentication Certificate
    • Export Certificate
    • Change PIN1
    • Unblock PIN1
  • Signature Certificate
    • Export Certificate
    • Change PIN2
    • Unblock PIN2
• Services
  • Change PUK
  • Update Certificates

eID-LV Middleware is a software solution to be installed on a computer, for holder of the Identity Card of The Republic of Latvia (hereinafter – eID card) to benefit from capabilities of the eID card in proving identity online (hereinafter – Authentication) and electronic document signing.

eID-LV Middleware installer includes software components required for computer's operating system to recognize eID card inserted into smart card reader attached to the computer and offer eID card's functions to the user. In addition eID-LV Middleware's package includes application for managing data on eID card's contact chip. This application initially is known as "PinTool", because user can change and unblock PIN's with it. While adding more functionality to this application it will be called "eID-LV Middleware".

This user guide describes functionalities of the application “eID-LV Middleware”, to be used when eID card is inserted into smart card reader integrated in or attached to the computer.

Welcome screen offers the following options:

• Card Information – option to view and export (save to file) certificates included in eID card's contact chip as well as to perform a PIN change and unblock.
• Services – option to receive e-services offered to eID card holder for post-issuance change, renewal or adding data and applets in contact chip of the eID card. Services are available only online and after authenticating with valid and active authentication certificate included in eID card! Service to be available for all eID card holders is "Change PUK".
• Help – Link to the user guide (this document).

Toolbar on the upper part of the window additionally offers the following options:

• Settings – option to choose prefered card reader and change language of the user interface.
• Help – option to access user guide (this document), view log files.

Settings menu offers the following options:

• Card Reader – option to set your prefered card reader in case your computer has a built-in or it is connected to more than one smart card reader and you are using multiple smart cards at the same time. You will not need to set prefered card reader in case your computer has only one built-in or connected card reader which is using eID card.

• Language – option to choose language of the user interface (UI) – English or Latvian. After performing UI language change you will be re-directed to the Welcome Screen which means that any of your running services will be interrupted. Therefor we do not recommend you to change UI language in the middle of any of our services.

Help offers following options:

• Help Content – opens eID-LV Middleware User Guide (this document) in the web browser.
• Logs – opens in the default text editor eID-LV Middleware log, where all successful and unsuccessful operations with the application as well as software errors are registered. Amount of information included in the log is limited to protect your privacy. Latest records in the log will be always located at the bottom of the text document. Information from the log may be required to determine reason of the error, if some action performed by the application was not successful.

As Card Information screen provides information about certificates included in the eID card's contact chip, it is divided into several tabs or sections corresponding to the type of certificate - Authentication Certificate, Signature Certificate and Ciphering Certificate. When selecting option "Card Information", Authentication Certificate tab is opened first, but navigating to other tab for viewing corresponding certificate information and accessing services related to particular certificate type can be done by selecting tab with certificate name (see Image 6).
Authentication Certificate tab in addition to the basic information about certificate subject (holder), issuer and validity (from – to) offers following functions:

• Export Certificate - option to export authentication certificate from eID card's contact chip in order to save it on the computer's hard drive or other storage device.
• Change PIN1 - option to change current PIN1 with new one, as well as option to see number of remaining tries for PIN1 entry.
• Unblock PIN1 - option to unblock blocked PIN1, using PUK, as well as setting new PIN1.

To export certificate, following actions shall be performed:

1. Select destination folder for saving certificate.
2. Choose certificate file name.
3. Press button “Save”.

To change PIN1, following actions shall be performed:

1. Enter current PIN1.
2. Enter new PIN1.
3. Repeat new PIN1.
4. Press button “OK”.

In case of successful changing of PIN1 corresponding notification is presented to the user (see Image 10).

When entering wrong PIN1 value, corresponding notification is presented to the user (see Image 11). Three PIN1 entry tries are possible, afterwards PIN1 is blocked if wrong PIN1 value is entered again. To unblock blocked PIN1, function "Unblock PIN1" can be used

Please note that PIN1 value shall contain only digits. PIN1 value can not be shorter than 4 and longer than 64 digits.

When choosing PIN1 value which is simple and easy to guess, You are increasing risk for unauthorized use of your identity in cyberspace, in case your eID card gets lost or is stolen.



To unblock PIN1, following actions shall be performed:

1. Enter PUK.
2. Enter new PIN1.
3. Repeat new PIN1.
4. Press button “OK”.

In case of successful unblocking of PIN1 corresponding notification is presented to the user.

When entering wrong PUK value corresponding notification is presented to the user. Three PUK entry tries are possible, afterwards eID card's contact chip is blocked if wrong PUK value is entered again. In this case eID card's functions can be recovered only on-site in the customer service unit of the Office of Citizenship and Migration Affairs by requesting issuance of new PIN mailer.

Please note that PIN1 value shall contain only digits. PIN1 value can not be shorter than 4 and longer than 64 digits.

When choosing PIN1 value which is simple and easy to guess, You are increasing risk for unauthorized use of your identity in cyberspace, in case your eID card gets lost or is stolen.


Signature Certificate tab in addition to the basic information about certificate subject (holder), issuer and validity (from – to) offers following functions:

• Export Certificate - option to export signature certificate from eID card's contact chip in order to save it on the computer's hard drive or other storage device.
• Change PIN2 - option to change current PIN2 with new one, as well as option to see number of remaining tries for PIN2 entry.
• Unblock PIN2 - option to unblock blocked PIN2, using PUK, as well as setting new PIN2.

To export certificate, following actions shall be performed:

1. Select destination folder for saving certificate.
2. Choose certificate file name.
3. Press button “Save”.

To change PIN2, following actions shall be performed:

1. Enter current PIN2.
2. Enter new PIN2.
3. Repeat new PIN2.
4. Press button “OK”.

When entering wrong PIN2 value, corresponding notification is presented to the user (see Image 17). Three PIN2 entry tries are possible, afterwards PIN2 is blocked if wrong PIN2 value is entered again. To unblock blocked PIN2, function "Unblock PIN2" can be used

Please note that PIN2 value shall contain only digits. PIN2 value can not be shorter than 6 and longer than 64 digits.

When choosing PIN2 value which is simple and easy to guess, You are increasing risk for unauthorized use of your identity in cyberspace, in case your eID card gets lost or is stolen.



To unblock PIN2, following actions shall be performed:

1. Enter PUK.
2. Enter new PIN2.
3. Repeat new PIN2.
4. Press button “OK”.

In case of successful unblocking of PIN2 corresponding notification is presented to the user.

When entering wrong PUK value corresponding notification is presented to the user. Three PUK entry tries are possible, afterwards eID card's contact chip is blocked if wrong PUK value is entered again. In this case eID card's functions can be recovered only on-site in the customer service unit of the Office of Citizenship and Migration Affairs by requesting issuance of new PIN mailer.

Please note that PIN2 value shall contain only digits. PIN2 value can not be shorter than 6 and longer than 64 digits.

When choosing PIN2 value which is simple and easy to guess, You are increasing risk for unauthorized use of your identity in cyberspace, in case your eID card gets lost or is stolen.

Services are available only with Internet connection and after authentication with valid and active authentication certificate included in eID card! Validity period of authentication certificate can be verified when selecting option "Card Information".
The list of available services is retrieved from service provisioning server and can be different for different eID cards, as well as depend on condition whether particular service has been received already or not.

Services Screen initially can provide following services:

• Change PUK - option to change current PUK with the new one, if it is not blocked. If PUK is blocked, eID card's functions can be recovered only on-site in the customer service unit of the Office of Citizenship and Migration Affairs by requesting issuance of new PIN mailer.
• Update Certificates - option to update certificates for eID cards where certificate validity is shorter than card validity period. To update certificates current certificates must be active and not expired (certificate validity date and time can be verified when selecting option "Card Information").

When selecting option “Services”, eID-LV Middleware will try to create secure connection with the authentication server, and, for verifying user's - eID card holder's identity, will ask to enter PIN1. In case of successful user authentication, application will ask services list for particular eID card from Identity Documents Information System. Connection establishment can take several seconds, depending on user's Internet connection speed as well as load on authentication and provisioning servers.

If authentication fails, corresponding error message will be presented. Most likely cause for unsuccessful authentication is authentication certificate being expired and/or not activated. If authentication still fails after several consecutive tries, please contact eID card's Technical Support at Office of Citizenship and Migration Affairs using e-mail: eID@pmlp.gov.lv

List of available services is presented after successful authentication (see Image 20). Every eID card with included and activated certificates has at least one available service - Change PUK.

To request service “Change PUK”, following actions shall be performed:

1. Select service from the list (with checkbox).
2. Press button "Start selected service(s)".

When starting service "Change PUK" dialog for entering Change PUK parameters is presented:

• Current PUK.
• New PUK.
• Re-enter PUK.

Button "OK" shall be pressed to confirm entered parameters.

When entering wrong PUK value corresponding notification is presented to the user. Three PUK entry tries are possible, afterwards eID card's contact chip is blocked if wrong PUK value is entered again. In this case eID card's functions can be recovered only on-site in the customer service unit of the Office of Citizenship and Migration Affairs by requesting issuance of new PIN mailer.

Please note that PUK value shall contain only digits. PUK value can not be shorter than 8 and longer than 64 digits.

When choosing PUK value which is simple and easy to guess, You are increasing risk for unauthorized use of your identity in cyberspace, in case your eID card gets lost or is stolen.

In order to provide selected service, there shall be uninterrupted connection to the Internet and eID card shall not be removed from the smart card reader. Not following mentioned preconditions and interrupting service provision (before receiving notification about successful execution of the service (see Image 24)) can cause permanent damage to eID card's authentication and signature functions.

Successful execution of the service is notified with corresponding notification (see Image 24).
For eID cards with certificate validity period shorter than eID card's validity, there is a service "Update Certificates" available in the services list (see Image 25). This service can be used only once and during its provision current signature certificate and linked pair of public and private keys, current authentication certificate and linked pair of public and private keys are all deleted, generation of new key pairs and requesting of new certificates to the certification services provider are performed, as well as writing newly issued certificates to eID card's contact chip. Expiry date for the newly issued certificates is equal with expiry date of eID card. Certificates are automatically activated and valid from the moment service is successfully executed.



To request service “Update Certificates”, following actions shall be performed:

1. Select service from the list (with checkbox).
2. Press button "Start selected service(s)".

When starting service "Update Certificates" dialog for entering Update Certificates parameters is presented:

• Current PIN1.
• Current PIN2.

Button "OK" shall be pressed to confirm entered parameters.

When entering wrong value for current PIN1 or PIN2, corresponding notification is presented to the user. Three PIN1 and PIN2 entry tries are possible, afterwards corresponding PIN is blocked if wrong value is entered again. To unblock blocked PIN1 or PIN2, functions "Unblock PIN1" and "Unblock PIN2" can be used

In order to provide selected service, there shall be uninterrupted connection to the Internet and eID card shall not be removed from the smart card reader. Not following mentioned preconditions and interrupting service provision (before receiving notification about successful execution of the service (see Image 29)) can cause permanent damage to eID card's authentication and signature functions. Certificate update is relatively time consuming service with execution time typically between 1 and 3 minutes, but in separate cases even more.

Successful execution of the service is notified with corresponding notification (see Image 29).
To additionally crosscheck successful execution of the service, it is possible to verify certificate expiry date (it should match eID card's expiry date) using function "Card Information".

After successful update of certificates we strongly recommend to remove eID card from smart card reader and insert it back. Mentioned action will ensure synchronization of newly issued certificates with operating system's certificate store.

In case of unsuccessful certificate update please contact eID card's Technical Support at Office of Citizenship and Migration Affairs using e-mail: eID@pmlp.gov.lv