Digital signatures and PKI in Lithuania
The ADIC, formerly NSC, issues national ID cards with two certificates preloaded – one for TLS client authentication (NQC-Authentication) and one for non-repudiable digital signatures (QC-DigitalSignature), both 2048-bit RSA. They are valid for 3 years; issuance and renewal is free. Cards themselves have good Linux support; all official drivers and PKI roots are available at http://www.nsc.vrm.lt/downloads.htm. (There is macOS support but so far all drivers are only available by request.)
From 2009, ADIC were issuing Gemalto GemXpresso R4 cards with RSA-2048 certificates. All remaining ones have been revoked in 2018-09 due to unspecified security issues.
As of 2017, ADIC are issuing cards by PWPW S.A. and the corresponding Linux driver is pwpw-card-pkcs11.so, but the CryptoTech one appears to work as well. (In fact, the libccpkip11 driver works slightly better.)
Private company, with all the features that the word 'off-brand' brings to mind. In a longtime feud with RCSC regarding the presence of national identity numbers in certificate metadata; as a result, RCSC-managed websites generally do not accept SSC certificates. SSC lost qualified issuer status in February 2018.
