Voter applications and checking authenticity

I-voting is only possible on a computer, not a smart device. Voter applications are available for Windows, macOS and Linux operations systems. Voter applications allow i-voting only on the i-voting period, which is explained on the opening page of the elections web page.

When deciding in favour of i-voting, it is extremely important to go to the correct website and use the correct voter application. The instructions below will help you make sure that this is the case. If something raises your suspicions, please notify abi@valimised.ee.

The data that should be checked has been published in the fingerprint file. The digital signature of the manager of i-voting protects the integrity and authenticity of the data.

If the checksum of the downloaded voter application does not match up with the checksum in the fingerprint file, please contact the State Electoral Office immediately and report a possible attack. You must never use this program for i-voting.

 

Checking the authenticity of the EXE version of voter application

The EXE application must be saved in the computer catalogue; find the correct file, right click on the downloaded file and select Properties. After finding the Digital Signatures tab, click Details and then View Certificate. The opening window will display the certificate that forms the basis for signing the voter application.

Next, select the Details (middle tab) and scroll down to see the value of the Thumbprint parameter. It is important to make sure that the value corresponds to the value published in the fingerprint file.

 

Valijarakenduse macOS X versiooni autentsuse kontrollimine

Checking the authenticity of the macOS X version of voter application 

computername:~ username$

The i-voter must choose the catalogue with the voter application. For example:

cd Downloads

and check the authenticity of the application file. The next command must be entered for this purpose:

shasum -a 256 filename.dmg

In the end, it is important to make sure that the value corresponds to the value published in the fingerprint file.

 

Checking the authenticity of the Linux version of voter application

Follow the instructions to download the voter application; next, you can calculate the checksum with the following commands:

  • sha256sum filename.bin
  • shasum -a 256 filename.bin
  • openssl dgst -sha256 filename.bin

It is also important to make sure that the value corresponds to the value published in the fingerprint file.