Libdigidocpp is the C++ library for creating applications handling digital signatures, their creation and verification. The digitally signed files are created in "DigiDoc format" (with .asice file extension), compliant to XML Advanced Electronic Signatures (XAdES), technical standard published by European Telecommunication Standards Institute (ETSI).
Additionally the libdigidocpp library can be used to read and verify the digitally timestamped containers (using .asics file extension) with a single datafile. There is possible to validate ASiC (CAdES), PDF and DDOC formats with SiVa service.
Libdigidocpp library forms a part of the wider DigiDoc system framework which offers a full-scale architecture for digital signature and documents, consisting of software libraries (C++ and Java), SiVa service and end-user applications such as DigiDoc4 according to the following figure:
DigiDoc framework
It is easy to integrate DigiDoc components into existing applications in order to allow for creation, handling, forwarding and verification of digital signatures. All applications share common digitally signed file formats.
Format of digitally signed file
Actively used digitally signed file formats in DigiDoc system are:
BDOC 2.1 - legacy format, described in BDOC2.1:2013, The library implements only read-only support for the format;
ASiC-S - timestamped container, described in The ETSI standard ETSI EN 319 162-1. The library implements only read-only support for the format.
The following chapters provides an overview of ASiC-E (XAdES) digitally signed file format which is the preferred format for creating signed documents in Libdigidocpp library.
ASiC-E (XAdES) container format
The ETSI standard EN 319 162-1 called Associated Signature Containers (ASiC) defines format of container for encapsulation of signed files and signatures with extra information. The container type used in case of ASiC-E documents is Associated Signature Extended form. In the container XAdES EN 319 132-1 (XML Advanced Electronic Signatures) format signatures are used.
ASiC-E container is a ZIP file consisting of the following objects:
a file named "mimetype", containing only the following value: application/vnd.etsi.asic-e+zip
data files in original format.
META-INF subdirectory, consisting of:
manifest.xml – a file containing list of all files in the container. The list does not contain the "mimetype" file and files in META-INF subdirectory.
signatures*.xml – one file for each signature, ‘*’ in the file’s name denotes the sequence number of a signature (counting starts from zero). The signatures*.xml file also incorporates certificates, validity confirmation and meta-data about the signer.
When ASiC-E container is signed then all files in the container are signed, except of the mimetype file and files in META-INF subdirectory.
Original files (which were signed) along with the signature(s), timestamp(s), validation confirmation(s) and certificates are encapsulated within the container. As a result, it is possible to verify signature validity without any additional external information – the verifier should trust the issuer of signer’s certificate, TS Authority and the OCSP responder’s certificate.
ASiC-E container's contents
Legacy BDOC signature profiles
The format of the BDOC 2.1 digitally signed file is based on ETSI XAdES TS 101 903 standard. The XAdES standard defines formats for advanced electronic signatures that remain valid over long periods of time. The ETSI standard TS 103 171 "XAdES Baseline Profile" further profiles the XAdES signature by putting limitations on choices.
BDOC 2.1 specification defines two profiles of qualified BDOC signatures: BDOC with time-mark and BDOC with time-stamp. Both of the profiles offer long-term validation possibility by incorporating the necessary validation data in the signature. Both of the profiles are compliant to XAdES LT-Level requirements.
BDOC signature with time-mark
The BDOC signature with time-mark is based XAdES-EPES signature (Explicit Policy based Electronic Signature, see XAdES).
In order to offer long time validation, it is necessary to obtain proof of validity of the signer’s X.509 digital certificate issued by a certificate authority (CA) at the time of signature creation. In case of BDOC with time-marks (TM profile), the proof is obtained with a single OCSP response that has a specific "nonce" field’s value (i.e. the time-mark).
The hash of the created signature (the <SignatureValue> element’s contents) is sent within the OCSP request’s and received back within the response’s "nonce" field. The OCSP request’s and response’s "nonce" field is a DER-encoding of the following ASN.1 data structure:
TBSDocumentDigest ::= SEQUENCE {
algorithm AlgorithmIdentifier,
digest OCTET STRING
}
The element digest is a hash value of the binary value of the <SignatureValue> element’s contents, element algorithm determines the used hash algorithm as defined in RFC 5280 clause 4.1.1.2.
The time-mark provides proof of the following:
The signature value existed at a certain point of time (issuance time of the OCSP confirmation) – the verifier can calculate the hash of the signature and check its conformance to the OCSP response’s "nonce" field.
The signer’s certificate was valid (provided that the OCSP response is positive and does indeed confirm the certificate’s validity) at a certain point of time
It is important to notice that additional time-stamps are not necessary as time of signing and time of obtaining validity information is indicated in the OCSP response (i.e. the time-mark).
NB! The issuance time (producedAt field’s value) of the OCSP response (the time-mark) is regarded as the time of signature creation.
To achieve long-time validity of digital signatures, a secure log system is employed within the model. All OCSP responses and changes in certificate validity are securely logged to preserve digital signature validity even after private key compromise of CA or OCSP responder.
Security model of time-marking mechanism
BDOC signature with time-stamp
The BDOC signature with time-stamp is based on XAdES-BES signature (Basic Electronic Signature, see XAdES).
In order to offer long time validation, it is necessary to obtaining proof of validity of the signer’s X.509 digital certificate issued by a certificate authority (CA) at the time of signature creation.
In case of BDOC with time-stamp (TS profile), the proof is provided as follows:
RFC3161 compliant time-stamp is obtained from a time-stamping service. The hash of the created signature (<SignatureValue> element block) is sent to the time-stamping server. The server’s response contains a time-stamp token with the same hash value that can later be used to validate that the time-stamp was indeed issued for the respective signature. The time-stamp token received from the server is added to the signature providing a proof from a trusted source that the signature value existed at a certain point of time.
RFC 6960 compliant OCSP confirmation is obtained from an OCSP service. The OCSP response received from the server is used as a trusted source to confirm that the signer’s certificate was valid at a certain point of time (producedAt field’s value in the OCSP response).
The verifier must check the time-stamp token’s and OCSP confirmation’s time difference. If the difference is acceptable then it can stated that the signer’s certificate was valid at the time of signature creation.
NB! The issuance time (getTime field’s value) of the time-stamp token (received with the response from time-stamping server) is regarded as the time of signature creation.
ASiC-S container format
In addition to the Associated Signature Extended form (ASiC-E) the ETSI standard TS 102 918 defines a Simple form which is used for encapsulating a single datafile and signature or time-stamp token associated with it.
ASiC-S container is a ZIP file consisting of the following objects:
an optional file named "mimetype", containing only the following value: application/vnd.etsi.asic-s+zip
data object (file) in original format.
META-INF subdirectory with one of the following files:
signatures.p7s
signatures.xml
timestamp.tst
The libdigidocpp library supports only containers with time-stamp token (container includes META-INF/timestamp.tst). The time-stamp token is a binary representation of TimeStampToken as defined in RFC 3161. The time-stamp is obtained from a time-stamping service; it is calculated over the entire binary content of the data object. Since both the original file and time-stamp are included in the container, it is possible to verify that the timestamped file existed at a certain point of time.
The library can be used only for reading the content of the container and validating that the time-stamp was indeed issued for the data object included in the container.
- API option to verify PDF validator service SSL certificate
- Added new TSL signing certificates
Libdigidocpp library 3.12.1 release notes
--------------------------------------
Changes compared to ver 3.12.0
- Added Container::prepareWebSignature for C# bindings
- Documentation updates
- Fix crash parsing References without ID attribute
- Handle TSL v5 service status parameters
Libdigidocpp library 3.12.0 release notes
--------------------------------------
Changes compared to ver 3.11.1
- Fix download TSL-s over proxy in case of HTTPS connections
- Behaviour change, proxy tunnel SSL option is now default on
- Export PKCS12Signer class
- Update C# bindings
- Find OCSP certificate from TSL list
- On loading TSL lists, verify HTTP result is 200
- Major API changes, SO version increased to 1. Applications need to adopt new changes and recompile applications.
- Added support for signing in web browser
- Example projects for iOS and Android
- Disable SHA1 support on signature creation
- OCSP nonce compatibility with other digest info headers
List API changes https://github.com/open-eid/libdigidocpp/wiki/API-changes-(v3.12)
List of known issues: https://github.com/open-eid/libdigidocpp/wiki/Known-issues
Libdigidocpp library 3.11.1 release notes
--------------------------------------
Changes compared to ver 3.11.0
- Verify HTTP result before processing TSL lists
- Include cdigidoc.exe
List of known issues: https://github.com/open-eid/libdigidocpp/wiki/Known-issues
Libdigidocpp library 3.11.0 release notes
--------------------------------------
Changes compared to ver 3.10.3
- Improved ECDSA signature size calculation
- Optimized HTTP download speed (e.g. when updating TSL lists) by compressing the traffic (using gzip Content-Encoding)
- Added support for validating BDOC 2.1 time-stamp signatures with archive time-stamps
- Added option to specify different digest algorithm for the signature value than the default algorithm used in case of other digest values in the signature.
- Added API methods Signer::setMethod(), Signer::method(), XmlConfV4::signatureDigestUri()
- Added configuration parameters signer.digestUri and signer.signatureDigestUri
- Added parameter -sigsha(1,224,256,384,512) to digidoc-tool utility program
- Improved OCSPserver access certificate usage, relative pkcs12.cert configuration parameter value is now resolved to the library's installation path, instead of current working directory
- Added option to download TSL-s over proxy in case of HTTPS connections
- Added API methods XmlConfV4::proxyForceSSL(), XmlConfV4::proxyTunnelSSL()
- Added configuration file parameters forceSSL and tunnelSSL
- Fixed OCSP certificate verification, the verification is now done based on the OCSP poducedAt field's time.
Libdigidocpp library 3.10.3 release notes
--------------------------------------
Changes compared to ver 3.10.0
- Updated experimental .NET C# wrapper swig configuration file to recent API
- Included C# wrapper files in Windows installer package
- Filter out CA certificates in PKCS11Signer implementation to support Finland ID-card signing in digidoc-tool
- Improved signature validation, it is now checked that at least one data file is signed
- Disabled OCSP time slot check when requesting OCSP confirmation, the local computer time difference compared to OCSP server time is not checked.
Libdigidocpp library 3.10.0 release notes
--------------------------------------
Changes compared to ver 3.9
- Changed the default BDOC signature profile to BDOC-TS (ASiC-E LT signature with time-stamp) for new signatures. To create a BDOC-TM (LT_TM, i.e. time-mark) signature, specify the "time-mark" profile value in Container::sign(Signer *signer, const string &profile) method call.
- Fixed time zone usage when validating signer certificate validity period's starting time. Previously, "Not yet valid" error message was displayed even if the certificate was actually already valid.
- Improved BDOC signatures*.xml file's XML structure validation. Transforms XML element is now allowed to enhance interoperability.
- Improved TSL functionality
- In case of BDOC format, checking the trustworthiness of trust services (CA, OCSP, time-stamping services) is now possible only by using TSL lists. Previously used certificate store functionality is no longer supported.
- Removed country-specific filtering of the national TSLs that are referenced in the European Commission's central TSL list.
- Added possibility to use multiple parallel European Commission's TSL signing certificates to enable transition to a new certificate, if needed.
- Added checking of the TSL's officially published SHA-256 digest value online to determine if a newer version of the TSL is available.
- Added configuration parameter "tsl.onlineDigest" that enables to disable the TSL online SHA-256 digest check.
- Removed configuration file parameters "tsl.url" and "tsl.cert". The respective values can be set directly from the library's API.
- Added TSL downloading timeout, the value is set to 10 seconds for each TSL. Added configuration parameter "tsl.timeOut" that can be used to configure the timeout value.
- Improved TSL loading when proxy is used, proxy settings are ignored in case of HTTPS connections.
- Changed the XmlConf class to deprecated, use XmlConfV2 instead.
- Changed the OCSP responder URL for EID-SK 2011 certificates, http://ocsp.sk.ee is now used.
- Fixed error message text that appears when data file's mime-type in BDOC manifest.xml does not conform with mime-type value in signatures*.xml file. Previously, the displayed mime-type values were interchanged between the signatures*.xml and manifest.xml files.
- The library's release notes is now also copied to the library's documentation: http://open-eid.github.io/libdigidocpp/manual.html#releasenotes
- Development of the software can now be monitored in GitHub environment: https://github.com/open-eid/libdigidocpp
Libdigidocpp library 3.9 release notes
--------------------------------------
Changes compared to ver 3.8
- Added support for creating and validating BDOC signatures with time-stamps (BDOC-TS profile).
- By default, there is no time-stamping service support configured.
- Added new parameter "ts.url" to digidocpp.conf configuration file that specifies the time-stamping service used during signature creation.
- Added support for "time-stamp" profile value for digidoc::Container::sign(Signer *signer, const std::string &profile) method when creating BDOC-TS signature via API.
- Added time-stamp (TS) profile support for digidoc-tool utility program's "sign" and "create" commands. TS profile can be set with "--profile=TS" parameter.
- The signature creation time of BDOC-TS signature is the time-stamp's creation time (in case of a signature with time-stamp, the OCSP validity confirmation's creation time is the signing time).
- Added validation check for difference between OCSP validity confirmation's production time and time-stamp's production time. An exception is thrown if the OCSP confirmation's time is earlier than time-stamp's time. If the OCSP confirmation's time is later than time-stamp's time by more than 15 minutes then a warning is returned. If the difference is more than 24 hours then exception is thrown.
- Added support for using TSL (Trusted Service List) list as trust anchor when checking certificates' trustworthiness during signature creation and validation.
- By default, European Commission TSL list is used (https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml) as source for finding country-specific TSL lists. Finnish, Estonian, Latvian and Lithuanian country-specific TSL lists are used by default.
- Added TSL usage configuration possibilities to digidocpp.conf file. Use "tsl.autoupdate", "tsl.cache", "tsl.cert" and "tsl.url" configuration parameters to change the default TSL settings.
- Added command "tsl" to digidoc-tool utility program, the command prints out TSL diagnostics and validates the list.
- Added possibility to disable all TSL functionality in the library by setting CMake USE_TSL parameter to "false" when building the library.
- Added class XmlConfV2 that should be used instead of XmlConf class if it is needed to configure time-stamp and TSL related configuration properties.
- Added Xalan library for processing TSL files.
- Added support for adding OCSP confirmation to signature if the signer's certificate is issued by "VRK CA for Qualified Certificates - G2" or "VRK Gov. CA for Citizen Qualified Certificates - G2".
- Improved BDOC document's validation, it is now checked that the data file mime-type value in manifest.xml file and the respective value in signatures*.xml file in <DataObjectFormat><MimeType> element are the same.
- Added "--mime=" parameter to digidoc-tool utility program's "create" command. The parameter can be used along with "--file=" parameter to set the mime-type value of a data file. If not set then the default value "application/octet-stream" is used.
- Improved BDOC document's validation, added check for weak hash algorithm (SHA-1) usage in case of ECDSA signatures.
- Improved BDOC signatures*.xml file's XML structure validation. It is now additionally checked that unsupported elements CounterSignature, CompleteCertificateRefs, CompleteRevocationRefs, AttributeCertificateRefs, AttributeRevocationRefs, SigAndRefsTimeStamp, RefsOnlyTimeStamp, AttrAuthoritiesCertValues, AttributeRevocationValues, CommitmentTypeIndicationType, AllDataObjectsTimeStamp, IndividualDataObjectsTimeStampType would not exist in the file.
- Improved processing of special characters in URI attribute values according to RFC3986. Special characters in URI are percent-encoded, except of unreserved characters and delimiters. Both percent-encoded and non-percent-encoded characters are supported during signature's validation. Note that as a result, the files that contain special characters in URI values and have been created with v3.9 might not be compatible with v3.8 of the library.
- Fixed problem that caused erroneous signatures if the data file's name contained colon character.
- Fixed digidoc-tool utility program "extract" command's "--extractAll" parameter functionality. Now, if the parameter is present but there is no extraction directory specified then the files are extracted to the working directory.
- Fixed digidoc-tool utility program's error that caused the program to exit unexpectedly when trying to create or sign a DDOC file.
- Changed Libdigidoc wrapper to fix error which occurred when parsing DDOC document's data file name that contains some specific special characters. Previously, the special characters were erroneously displayed in escaped form.
- Fixed problem in Libdigidoc wrapper when calculating data file's size in the course of parsing a DDOC file. Previously, a wrong data file size was returned occasionally.
- Added XAdESv141.xsd schema support for implementing BDOC archive time-stamp profile in the future.
- Started using libc++ library instead of libstdc++ on OSX platform. The libc++ provides full c++11 support.
- All Libdigidocpp documentation is now available in HTML format (see /documentation/html/index.html in the base directory). Updated the existing HTML-based API documentation, transformed the contents of "Libdigidocpp Programmer's Guide" PDF/Word document to HTML format. Removed the previously used PDF/Word documents.
- Used coverity.com static analysis tool to find source code defects and vulnerabilities.
Known issues:
- Version 3.8 of the library cannot open BDOC documents that are created with version 3.9 or higher and contain special characters in the signed data file's name due to changes in special character percent-encoding method.
Libdigidocpp library 3.8 release notes
--------------------------------------
3.8 is first public release of libdigidocpp as library. API is changed and not compatible compared to 3.7.1 version when libdigidocpp was not yet public library but internal component used by Digidoc3 client.
Known issues:
- If a data file with a colon character in its name is added to a BDOC container then the created signature will be erroneous. Thus, colon characters must not be used in data file names.
Overview
References and additional resources
BDOC2.1:2013
BDOC – Format for Digital Signatures. Version 2.1:2013
ETSI EN 319 132-1 V1.3.1 (2024-07) - Building blocks and XAdES baseline signatures
ETSI TS 101 903 V1.4.2 (2010-12) – XML Advanced Electronic Signatures
ETSI TS 103 171 V2.1.1 (2012-03) - XAdES Baseline Profile
Extended Associated Signature Containers. A type of ASiC container.
ASiC-S
Associated Signature Container Simple form. A type of ASiC container.
BDOC 2.1 (.bdoc)
Term is used to denote a digitally signed file format which is a profile of XAdES and follows container packaging rules based on OpenDocument and ASiC standards. The document format has been defined in BDOC2.1:2013, an overview is provided in chapter Format of digitally signed file of the current document.
CRL
Certificate Revocation List, a list of certificates (or more specifically, a list of serial numbers for certificates) that have been revoked, and therefore should not be relied upon.
DIGIDOC-XML (.ddoc)
The term is used to denote a DigiDoc document format that is based on the XAdES standard and is a profile of that standard. The current version is 1.3 which has been described in DigiDoc format.
ECDSA
Elliptic Curve Digital Signature Algorithm. Digital Signature Algorithm (DSA) which uses elliptic curve cryptography. Used as an alternative to RSA algorithm.
OCSP
Online Certificate Status Protocol, an Internet protocol used for obtaining the revocation status of an X.509 digital certificate
OCSP Responder
OCSP Server, maintains a store of CA-published CRLs and an up-to-date list of valid and invalid certificates. After the OCSP responder receives a validation request (typically an HTTP or HTTPS transmission), the OCSP responder either validates the status of the certificate using its own authentication database or calls upon the OCSP responder that originally issued the certificate to validate the request. After formulating a response, the OCSP responder returns the signed response, and the original certificate is either approved or rejected, based on whether or not the OCSP responder validates the certificate.
PAdES (.pdf)
Term is used to denote a digitally signed PDF file format which is based on PAdES standards.
SK
SK ID Solutions AS. Certificate Authority in Estonia
time-mark
Mechanism used for adding certificate validity and signing time information with the signature. The information is provided with a special OCSP confirmation (also referred to as time-mark) - hash value of the binary value of the signature (along with hash algorithm identifier in case of BDOC 2.1 document format) must be present in the "nonce" field of the OCSP confirmation. In this case, signature creation time is the issuance time of the OCSP confirmation (producedAt value in the confirmation), additional time-stamp service is not required. The respective signature profile is TM profile (supported in case of DIGIDOC-XML 1.3 and BDOC 2.1 document formats).
time-stamp
Mechanism used for adding certificate validity and signing time information with the signature. The certificate validity information is added to the signature with an OCSP confirmation; the signing time information is added with a time-stamp token retrieved form a time-stamping service. In this case, signature creation time is the issuance time (genTime value in the time-stamp) of the time-stamp token. The respective signature profile is TS profile.
archive time-stamp
Mechanism used for providing long term validity of a XAdES signature. The signature and validation data values are time-stamped. The respective signature profile is TSA profile.
TSA
Time-Stamping Authority. Time-stamping service provider.
TSL
Trust Service status List. Signed list that provides information about the status and the status history of the trust services (including certification, OCSP confirmation and time-stamping services). Used as a trust anchor in case of signature creation and validation to check the trustworthiness of the certificates that are included in the signature. See also Trusted Lists
X.509
an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI) which specifies standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm
XAdES
XML Advanced Electronic Signatures, a set of extensions to XML-DSIG recommendation making it suitable for advanced electronic signature. Specifies precise profiles of XML-DSIG for use with advanced electronic signature in the meaning of European Union Directive 1999/93/EC.
XML-DSIG
a general framework for digitally signing documents, defines an XML syntax for digital signatures and is defined in the W3C recommendation XML Signature Syntax and Processing
Supported functional properties
Libdigidocpp is a library of C++ classes offering the functionality of handling digitally signed files in supported DigiDoc formats. The following functions are implemented:
creating containers in supported DigiDoc formats and adding data files;
creating digital signatures using smart cards or other supported cryptographic tokens;
adding time marks and validity confirmations to digital signatures using OCSP and time-stamping protocols;
validating the digital signatures;
using trust service status lists (TSL) as trust anchors for certificate validation;
extracting data files from a container;
removing signatures and data files from a container.
The following table gives overview of functional features that are supported with Libdigidocpp.
Signature profiles are based on the profiles defined by XAdES (XAdES).
time-stamp (TS) - signature profile in case of which the certificate validity information is added to the signature with an OCSP confirmation; the signing time information is added with a time-stamp token (see also RFC6960) retrieved from a time-stamping service. In this case, signature creation time is regarded as the issuance time of the time-stamp token (genTime value in the time-stamp).
time-mark (TM) - certificate validity and signing time information is added to the signature with a time-mark - a special OCSP confirmation in case of which the hash value of the binary value of the signature (along with hash algorithm identifier in case of BDOC 2.1 document format) must be present in the "nonce" field of the OCSP confirmation. In this case, signature creation time is regarded as the issuance time of the OCSP confirmation (producedAt value in the confirmation), additional time-stamp token is not required.
archive time-stamp (LTA) - the signature and all the accompanying validation data is time-stamped in order to provide long term validity. The profile is supported only in case of BDOC 2.1 document format, the "ArchiveTimeStamp" element is added to the time-stamp or time-mark signature (see also BDOC2.1:2013).
Trust anchors
Information of trusted CA certificates (trust anchors) is used to validate the trustworthiness of certificates used in the signature. The signer certificate's CA, OCSP responder certificate and time-stamping service's certificate (in case of TS signature profile) must be trusted. Trusted certificates' information is obtained from TSL list (Trust Service status list), the trusted certificates' list is retrieved from a signed TSL list that provides information about the status and the status history of the trust services (including certification, OCSP confirmation and time-stamping services). The European Commission's TSL list is used, more information of which can be found from https://ec.europa.eu/information_society/policy/esignature/trusted-list/. For the TSL specification document, see also Trusted Lists. For more information about the TSL implementation and configuration possibilities in Libdigidocpp library, see TSL list usage in Libdigidocpp and Trust anchor/TSL settings.
Signature creation module
PKCS#11 – in Linux and macOS environments, the default module for singing with smart card (e.g. Estonian ID card or any other smartcard provided that you have the external native PKCS#11 driver for it).
Windows CryptoAPI – the default module for signing with smart card in Windows environment. By default, a dialog window is opened for the user to choose the signing certificate and enter PIN code.
Cryptographic token type
Smart card, e.g. Estonian ID card. Supported signature creation modules are PKCS#11 and Windows CryptoAPI.
Note
Usage of USB cryptostick (Aladdin eToken with Digital Stamp certificate (https://www.skidsolutions.eu/en/services/Digital-stamp)) has been tested indirectly with Libdigidocpp - testing has been carried out via DigiDoc desktop application which uses Libdigidocpp as a base layer.
Public-key algorithm
RSA
ECDSA
Component model
The figure below describes the architecture of software and hardware components that are used when creating signatures with Libdigidocpp library.
Components used in Libdigidocpp implementation when signing with smart card
Component
Description
PKCS#11
Widely adopted platform-independent API to cryptographic tokens (HSMs, smart cards and USB tokens), a standard management module of the cryptographic token and its certificates
CryptoAPI
Microsoft Cryptography API. Programming API for implementing cryptographic functions in Windows environment.
PC/SC
Standard communication interface between the computer and the smart card, a cross-platform API for accessing smart card readers
IFDHandler
Interface Device Handler for CCID readers
CCID
USB driver for Chip/Smart Card Interface Devices
Reader
Device used for communication with a smart card
Dependencies
Software libraries
Libdigidocpp library depends on the software libraries listed below.
Base Component
Required/optional
Description
OpenSSL
required
Used for validating certificates and digest values.
libxml2
required
Used for validating the documents according to XML Schema, reading and writing XML.
xmlsec
required
Used for handling signature related components.
ZLIB
required
Used when compressing and extracting ASiC files in ZIP format.
Minizip
required
Used when creating and opening ZIP container for ASiC file. If the component is not found from system then bundled version with source code is used. Forms a part of ZLIB component.
PKCS11
optional
Used for searching for default PKCS#11 driver in the system so that its path could be registered in configuration entries.
Doxygen
optional
Used for generating API documentation from source code.
SWIG
optional
Used for creating C# and Java bindings.
XML Schemas
Several XML schemas are used when creating digitally signed documents in ASiC file format and validating their structure. The schemas are included in etc/schema/ subdirectory of the Libdigidocpp distribution package, their description is given in the table below.
Note
Some modifications have been made to some of the schemas. Differences in comparison with the original schemas are listed in section XML schema modifications of the current document.
Defines the format of Trust Service status Lists (TSL) that contain information about trusted CA, OCSP and TSA certificates.
conf.xsd
Configuration properties’ schema. Defines the Libdigidocpp configuration file’s digidocpp.conf structure (see also Configuring Libdigidocpp).
The following figure describes dependencies between the abovementioned schemas (direction of the arrow indicates the direction of dependency).
Dependencies between XML Schemas
XML schema modifications
The following section describes modifications that have been made to XML schemas used in Libdigidocpp. The library uses several XML schemas when creating digitally signed documents and validating their structure. The schemas are included in etc/schema/ subdirectory of the Libdigidocpp distribution package, their description has been provided in section XML Schemas.
Modifications are marked between xml comment tags.
Schema en_31916201v010101.xsd
1) The schema’s location has been altered so that the imported schema file is looked up from the local file system.
2) The initial integer data type used in the original schema is converted into long data type when generating C++ source code from the current schema. However, as the SK issued certificates’ serial numbers are too long to fit into long type variable then the data type has been changed to string.
<complexTypename="X509IssuerSerialType">
<sequence>
<elementname="X509IssuerName"type="string"/>
<elementname="X509SerialNumber"type="string"/> <!-- originally type="integer" -->
</sequence>
</complexType>
Schema XAdES01903v132-201601.xsd
1) The schema’s location has been modified so that the file is looked up from the local file system.
4) Change child elements of type SignedSignaturePropertiesType from "xsd:sequence" to "xsd:all" in order to allow the child elements to be listed in any order.
5) Change child elements of type SignatureProductionPlaceType from "xsd:sequence" to "xsd:all" in order to allow the child elements to be listed in any order.
<!-- originally "http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd" -->
Configuring Libdigidocpp
Loading configuration settings
Libdigidocpp uses XML configuration file named digidocpp.conf. Configuration file's structure is defined with XML schema "conf.xsd" - the file is included in etc/schema/ subdirectory of Libdigidocpp package. For a sample configuration file, see Sample configuration file.
It is possible to use two types of configuration files: global and user's file. Global file can be used to determine system-wide settings that cannot be altered by a user's file – it can be done separately for each parameter in the file by setting the parameter's "lock" attribute value to "true". User's file can be used to determine user-specific parameter values.
It is possible to use only one configuration file (either global or user's file) or two files in parallel. In the latter case, the matching user file's parameter entries overwrite global file's entries, if the respective parameter is not defined as locked in the global file.
By default, the configuration file's settings are loaded during the library's initialization – Libdigidocpp looks for global and user configuration files from their default locations depending on the environment:
in case of Windows environment:
the global configuration file is looked up from the directory where digidocpp.dll library file is located. If the directory doesn't contain /schema subdirectory then the configuration file is looked up from the current working directory.
user configuration file is looked up from the system directory containing application data for the current user: %APPDATA%\digidocpp\digidocpp.conf
in case of macOS:
the global configuration file is looked up from a location in the file system: digidocpp.framework/Resources/digidocpp.conf
user configuration file is looked up from $HOME/.digidocpp/digidocpp.conf
in case of Linux environment:
the global configuration file is looked up from a location in the file system: /etc/digidocpp/digidocpp.conf
user configuration file is looked up from $HOME/.digidocpp/digidocpp.conf
It is also possible to load global configuration file from a non-default location. In this case, call out the configuration file's initialization method before initializing the library:
// Initialize global configuration settings from a non-default location
Local configuration settings can also be set or modified during runtime by calling out the respective set methods of XmlConf class. The digidoc::XMLConf class must be used in order to access all the configuration methods that are available.
Configuration parameters
Configuration file's elements and their attribute names are defined in conf.xsd file. Below is a description of the configuration file's parameters. The attribute "lock", when set to "true" can optionally be used to determine parameter values which should not be overwritten by another configuration file (e.g. when using global and user's configuration files in parallel; see also the previous section for more information).
Logging settings
Parameter name
Comments
log.file
Location of the log file where the logging output is written, e.g. /tmp/digidocpp.log or C:\Temp\digidocpp.log If left unspecified then the logging output is written to standard output stream.
log.level
Used for controlling the level of detail of the logging output messages, higher number value indicates higher level of detail. Possible values are: 1 – error messages, 2 – warning messages, 3 – info messages, 4 – debug messages.
Time-stamping service settings
Parameter name
Comments
ts.url
Specifies the URL of the time-stamping service that is used during signature creation, needed only in case of TS signature profile. By default, the RIA's time-stamping service is used by the library (https://eid-dd.ria.ee/ts)
Specifies the URL of the signature-verify service that is used during signature validation. By default, the RIA's signature-verify service is used by the library (https://siva.eesti.ee/V3/validate)
PKCS#11 settings
Parameter name
Comments
pkcs11.driver.path
PKCS#11 driver library to be used when communicating with the smart card. With Estonian ID cards for example, the following PKCS#11 libraries are used: opensc-pkcs11.so (used in Linux environment) opensc-pkcs11.dll (used in Windows environment)
Trust anchor/TSL settings
Information of trusted CA certificates (trust anchors) is used to validate the trustworthiness of certificates used in the signature during signing and signature validation processes. The signer certificate's CA, OCSP responder certificate and time-stamping service's certificate (also referred to as time-stamping authority, TSA) must be trusted.
Libdigidocpp library uses Trust Service Status List (TSL) as a source of trust anchor information (see also TSL list usage in Libdigidocpp and TSL standard for more information). A TSL list is a signed XML file that contains data of trusted CA certificates, OCSP responder service and time-stamping service certificates. Note that since v3.10, only TSL lists' based trust anchors are supported by the library.
By default, the trusted certificates' information is obtained from European Commission's official TSL list (https://ec.europa.eu/tools/lotl/eu-lotl.xml). The default TSL behaviour can be changed by altering the configuration parameters listed below.
Note
- The TSL URL and TSL signing certificate values are not configurable via the digidocpp.conf configuration file. The default values are fixed in source code and can be accessed via methods digidoc::Conf::TSLCerts() and digidoc::Conf::TSLUrl(). The library's user has to create a subclass and override the methods in order to define other values. See also Initialization.
- When using digidoc-tool utility program then it is possible to specify necessary TSL parameters on the command line. See also Libdigidocpp utility program.
Determines if TSL validity is checked during every initialization of the library and if new TSL lists are downloaded if the existing list is expired. By default, the automatic update functionality is enabled and can be disabled by setting the parameter's value to "false". Note that when setting the parameter to "false" then you should copy the necessary TSL files to the "tsl.cache" location manually.
tsl.cache
Directory in the file system where the TSL lists are saved and read in by the library. Set this parameter with your own value to change the default directories:
in Windows environment: %APPDATA%\digidocpp\tsl,
in Linux ja OSX environments: $HOME/.digidocpp/tsl
tsl.onlineDigest
Additional feature to optimize TSL updating process. By default, the value is "true", meaning that during each initialization of the library, it is checked if there is a newer TSL list published, even if the existing TSL list is not yet expired.
The check is based on the TSL list's HTTP HEAD request ETag field or SHA-256 digest value.
HTTP HEAD request is made to TSL's URL to get remote ETag and if the value doesn't correspond with the existing local TSL's ETag value then a newer version of the TSL list is downloaded. Otherwise, the existing TSL is used.
SHA-256 digest that is (optionally) published online by the TSL's owner/manager. The URL of the digest matches the TSL's URL, but extension .sha2 is used instead of .xml. If the digest can be read and the value doesn't correspond with the existing local TSL's SHA-256 digest then a newer version of the TSL list is downloaded. Otherwise, the existing TSL is used.
tsl.timeOut
TSL downloading timeout for each TSL list. The default value is 10 seconds.
HTTP proxy settings
Parameter name
Comments
proxy.host
Specifies the proxy hostname, e.g. proxy.example.net
proxy.port
Specifies the proxy port, e.g. 8080
proxy.user
Specifies the proxy username.
proxy.pass
Specifies the proxy password.
proxy.tunnelSSL
May be used to enable downloading TSL-s in case of HTTPS connections and proxy. If enabled, the library tries to download use the proxy tunnel also for the HTTPS session.
proxy.forceSSL
May be used to enable downloading TSL-s in case of HTTPS connections and proxy. If enabled then the library tries to pass by the proxy connection in case of HTTPS sessions.
Digest type settings
Parameter name
Comments
signer.signatureDigestUri
Specifies the digest algorithm that is used when calculating the hash that is being signed. By default, the SHA-256 algorithm (with URI http://www.w3.org/2001/04/xmlenc#sha256) is used
signer.digestUri
Specifies the digest algorithm that is used for calculating all the hash values in the signature. By default, the SHA-256 algorithm is used
OCSP responder settings
The default OCSP responder that the library uses for retrieving the OCSP confirmation during signature creation depends on the signer's certificate chain. In case of no issuer is configured AIA extension is used for OCSP responder settings
You change the default behaviour in the configuration file with the following parameter.
Parameter name
Comments
ocsp issuer
The "issuer" parameter's name stands for the signer certificate issuer's Common Name (CN) value, e.g. ESTEID-SK 2015. The element's value specifies OCSP responder server's URL address that is used for certificates issued from the respective CA chain.
Note that Libdigidocpp uses internal memory buffers in case of all the operations, so that intermediary data is not written to temporary files on the disk. Also, the data files to be added to a DigiDoc container can be read from a data stream and later extracted from the container to a stream so that the data can be kept in memory.
Initialization
Libdigidocpp's initialization method conducts the following operations:
loads configuration settings from default configuration files
initializes trust anchors: initializes TSL lists. See TSL initialization process for more information about the TSL initialization process.
If you would like to use non-default configuration settings then call out the configuration file's initialization before initializing the library, for example:
// Optionally initialize global configuration file to use non-default settings
The digidoc::XmlConf class must be used in order to access all the configuration methods that are available.
Note
If you would like to use different configuration values that are fixed as constants in the digidoc::Conf configuration class then it is possible to extend the class and override the values that need to be reset.
Creating and signing a DigiDoc document (local signing)
Creating a DigiDoc container
Create a new container object and specify the DigiDoc document's type, for example:
const std::string &mediaType); // mime type of the data file
Parameter mediaType in the methods above stands for a MIME type of the data file, for example "text/plain" or "application/msword". Value "application/octet-stream" is used by default. Calling out any of the methods listed above shall create a new DataFile object and add it to the DigiDoc container's data file collection. Note that in order to add a data file to a container, the container has to be unsigned and there shouldn't be an existing data file with the same name in the container. If a container is signed then it is possible to add data files to it only after the signatures are removed.
Warning
- It is important to pay attention that the data file's mime type value in manifest.xml file and in signatures*.xml file's <DataObjectFormat><MimeType> element are the same, otherwise the signature is invalid! In case of the ordinary signature creation process, the library sets the correct value automatically. However, if you create a ASiC-E container with Libdigidocpp library and want to add signatures*.xml file that you have received from another source then make sure that the data files' mime-type values in manifest-xml file and in signatures*.xml file are the same.
- Data file’s mime-type value must be formatted as specified in RFC2045, section 5.1 (https://tools.ietf.org/html/rfc2045#section-5.1), i.e. the "type" and "subtype" values must be separated with a forward slash character.
- It is recommended not to use special characters in the data file’s name, i.e. it is suggested to only use the characters that are categorized as "unreserved" according to RFC3986 (http://tools.ietf.org/html/rfc3986).
Note
By default, it is recommended to use data file mime-type value "application/octet-stream" for all file types.
Adding signatures
It is possible to add a signature to a container only if it contains at least one data file, multiple signatures can be added to a single container. The signer's certificate and PIN code to access the private signature key are required during signing.
Note
Libdigidocpp library uses TSL lists (Trust Service Status list) to obtain information about trusted certificates during signature creation process. See also TSL overview, TSL standard and Configuring TSL settings.
Signing can be done by using PKCS#11 module for accessing the signature token. PKCS#11 module is the default module for singing with smart card (e.g. Estonian ID card or any other smart card provided that you have the external native language PKCS#11 driver for it). See also PKCS#11 settings.
If you would like to add PIN insertion dialog window for the signer to enter the PIN code then you can write a new class which extends the PKCS11Signer class, overwrite the std::string pin(const X509Cert &cert) method and write your own PIN dialog implementation code there.
"time-stamp" (TS) - signature profile in case of which the certificate validity information is added to the signature with an OCSP confirmation (retrieved from OCSP server); the signing time information is added with a time-stamp token (retrieved from a time-stamping service). Signature creation time is the issuance time of the time-stamp token (value of the getTime field in the token).
If the signature profile value is not specified then then a "time-stamp" profile is used by default.
Set the profile value as follows:
std::string profile = "time-stamp"; // or "time-stamp-archive"
Signature production place and signer role are optional signed meta-data about the signature. If left unspecified then the respective elements in the signatures*.xml file are created with no contents.
std::string city, state, postalCode, country;
std::vector<std::string> roles;
signer->setSignatureProductionPlace(city, state, postalCode, country); // location where the signature is created
By default, the hash that is being signed is calculated with SHA-256 algorithm. You can also use a different digest algorithm for calculating the hash that is signed (this does not affect calculating other hash values). For that, use the digidoc::Signer::setMethod(const std::string &method) method.
Create the signature
The signing method also adds validation data from external services (OCSP and time-stamping servers). Note that the OCSP responder and time-stamping server settings (in case of TS profile) should be configured before calling out the following method (see also Initialization and Configuration parameters). By default, the RIA's time-stamping service https://eid-dd.ria.ee/ts is used. Container holds the Signature object reference and there is no need cleanup memory.
Signature *signature = doc->sign(signer);
Validating the created signatures
After the signature has been added to the container, it should be validated before writing the signed container to an output file. For validating the signature, do as follows:
signature->validate();
The validation method above validates the signed data files', signer certificate's and OCSP confirmation's correspondence to the signature value. Note that the validation method above does not validate other signatures which may belong to the same container.
Creating and signing a DigiDoc document (external signing, e.g. in browser)
External signing (two-step signing) can be used in case of signing in web applications, where the signature value is calculated externally, via a browser plug-in or extension.
In order to conduct web signing with Libdigidocpp library, do as follows: Container holds the Signature object reference and there is no need cleanup memory.
In Container class, prepare signature XML structure:
Add RSA or ECDSA signature value to the signature XML structure: When container was stored on disk before reload container with digidoc::Container::open and use digidoc::Container::signatures() to enumerate signatures to locate correct object with previosly selected ID.
std::vector<unsigned char> signatureValue = ...;
signature->setSignatureValue(signatureValue);
Add time-stamp and OCSP data to Signature object, according to the signature's profile (see also section Optionally specify the signature profile for more information):
The method above reads in the DigiDoc file from the specified location in file system and creates the respective Container object representing the document's data. The file's structure is also validated during its parsing according to the corresponding standards.
Write a DigiDoc file (represented with a Container object) to file system with the following method:
If an exception is thrown from the validation method then the signature can be either INVALID or VALID WITH WARNINGS; otherwise the signature is VALID. Before determining the final validation status, additional errors must be checked, as described in the following chapters.
If an exception is thrown then its causes can be retrieved with the following method:
There is a validation case that is not checked in the default validation method of the library, instead, separate method for checking this specific situation has to be implemented by the library’s user. In Libdigidocpp library, checking for an old file format must be done separately.
The following subchapter describes how this check can be implemented. After checking for old signature format errors/warnings, collect all of the error codes and continue with determining the validation status as described in the next chapter. It is possible to check the source code of digidoc-tool or DigiDoc desktop application, accessible from https://github.com/open-eid/DigiDoc4-Client.
Determining the validation status
After validating the signed DigiDoc document, the validation result must be determined by the library's user. Final validation result must be one of the possible validation statuses that are described in the table below, the status must be chosen according to its priority. The validation status priorities have to be applied in two cases:
Returning a validation result of a single signature:
If there are more than one validation errors that occur when validating a single signature in DigiDoc container then the overall status of the signature should be chosen according to the status priorities.
Returning a validation result of the whole DigiDoc container:
If there are more than one signatures in a DigiDoc container and the signatures have different validation statuses or validation of the container structure returns a different status then the overall status of the DigiDoc file should be chosen according to the status priorities.
NB! User of the library has to determine the validation status according to the error code that is returned by the library's validation method.
Priority
Status
Error code
Description
1
INDETERMINATE/UNKNOWN
10 CertificateIssuerMissing (signer's certificate is unknown) 6 CertificateUnknown (OCSP responder certificate is unknown)
Validation process determines that one or more of the certificates included in the document are unknown or not trusted, i.e. the certificates have been issued by an unknown Certificate Authority (the CA has not been added to trusted list). Notes:
The file and signature(s) are not legally valid.
If the CA will later be added to the trusted list/trust store then the validation status can change to any of the other statuses described in the current table.
Suggested warning message (also displayed in DigiDoc desktop application): "Signature status is displayed as unknown if you don't have all validity confirmation service certificates and/or certificate authority certificates available in TSL"
All errors except of the ones that are regarded as warnings by the library's user.
Validation process returns error(s), the errors have not been explicitly determined as minor error(s) by the library's user.
Note
The file and signature(s) are not legally valid.
No further alterations should be made to the file, i.e. no signatures should be added or removed.
3
VALID WITH WARNINGS
See the next section.
Validation process returns error(s) that have been previously explicitly categorized (by the library's user) as minor technical errors. Note that this status is used only in exceptional cases, more details of which are given in the next chapter.
Note
The file and signature(s) are handled as legally valid.
The error(s) are regarded as validation warnings.
Validation warnings should be displayed to the user.
No further alterations should be made to the file, i.e. no signatures should be added or removed.
Creator of the file should be informed about the error situation.
4
VALID
N/A
Validation process returns no errors. The signature is legally valid.
The error codes described in the table above are defined in Exception.h source file.
Sample code of DigiDoc file validation can be found from digidoc-tool.cpp utility program, from the following method:
In special cases, validation errors can be regarded as minor technical errors and the file's validation status can be regarded as VALID WITH WARNINGS instead.
Warning
User of the DigiDoc library has to decide on his/her own when to use VALID WITH WARNINGS status instead of INVALID: there may be different interpretations of the severity of validation errors in different information systems then the final decision when to use this status has to be made by the library's user according to the requirements of the specific information system.
It is recommended to use the validation status VALID WITH WARNINGS in case of the error situations that are included in the table below - these error situations are regarded as VALID WITH WARNINGS in DigiDoc applications and software libraries, including:
DigiDoc desktop application,
Libdigidocpp and DigiDoc4j software libraries' utility programs.
Table 1. Validation error codes recommended to be handled as VALID WITH WARNINGS
Error code
Related DigiDoc file format
Description
12 RefereneceDigest Weak 13 SignatureDigestWeak
BDOC 2.1 / ASiC
Weaker digest method (SHA-1) has been used than recommended when calculating either <Reference> or <Signature> element's digest value.
Suggested warning message (also displayed in DigiDoc desktop application): "The current DigiDoc container uses weaker encryption method than officially accepted in Estonia."
The difference between time-stamp issuance time (genTime value) and OCSP response's issuance time (producedAt value) exceeds 15 minutes but is less than 24 hours.
Suggested warning message: "Time-stamp and OCSP issuance time difference is over 15 minutes."
Suggested warning message (also displayed in DigiDoc desktop application): "This DigiDoc documents has not been created according to specification, but the digital signatures is legally valid. You are not allowed to add or remove signatures to this container."
<IssuerSerial><X509IssuerName> and/or <IssuerSerial><X509SerialNumber> element's xmlns attribute is missing.
Suggested warning message (also displayed in DigiDoc desktop application): "This DigiDoc documents has not been created according to specification, but the digital signatures is legally valid. You are not allowed to add or remove signatures to this container."
DigiDoc file's version is older than currently supported. Note that the error situation affects only the container and not the signatures, therefore, in DigiDoc libraries, it is returned and displayed only at container level.
Suggested warning message (also displayed in DigiDoc desktop application): "The current file is a DigiDoc container that is not supported officially any longer. You are not allowed to add or remove signatures to this container"
checking that all the data files and signature’s meta-data (signer’s role, etc.) are included in the signature by calculating the data objects’ digest values and comparing them with the <Reference> element values in the signature;
checking that the claimed signer’s certificate is the actual certificate that was used for signing; checking that the "Non-repudiaton" value is set in the "Key Usage" extension of the signer’s certificate;
checking that the signature value is correct by decrypting the value with the signer’s public key and comparing the result with digest calculated from <SignedInfo> element block;
case of time-stamp corresponds to the signature value (by comparing the digest value of <SignatureValue> element’s value and TS response’s digest value);
checking that the OCSP response confirms the signer certificate’s validity and case of time-mark corresponds to the signature value (by comparing the digest value of <SignatureValue> element’s value and OCSP response’s nonce value);
checking that the signer’s, TSA and OCSP responder’s certificates are trusted (i.e. the certificates’ issuers are registered in trust store).
Note
Libdigidocpp library uses TSL lists (Trust Service Status list) to obtain information about trusted certificates during signature validation process. See also TSL overview, TSL standard and Configuring TSL settings.
Extracting data files
A data file can be extracted from container and written to the specified location in the file system or to an output stream.
You can write the data file to a stream and keep it in memory:
virtual void removeSignature(unsigned int index)=0
Data files can be removed from a container only after all of its signatures have been removed. Use the following method to remove a data file from DigiDoc container:
"Id" parameters of the abovementioned methods represent the signature’s and data file’s sequence numbers in the container. The identifiers are determined when a data file or signature is added to the container, counting starts from zero.
Note
The functionality of modifying files in DigiDoc file format ASiC-S is not supported.
Shutting down the library
After finishing work with Libdigidocpp, then the last task is to shut down the library:
The termination method closes libraries used in Libdigidocpp implementation and deletes temporary files that may have been written to disk when working with the library.
Exception handling
The Libdigidocpp library may throw exceptions that are instances of Exception class (defined in Exception.h source file). The code which uses Libdigidocpp’s API should be wrapped in a try/catch block as follows:
An Exception instance thrown by the library may contain a stack trace of the hierarchy of exceptions. For example, to parse the whole stack trace, do as follows:
The command line utility program digidoc-tool.exe which is included in the Libdigidocpp distribution can be used to test the library or simply use it directly to handle digitally signed documents.
Note
The utility program is intended for testing and presentation of sample implementation of the library’s API. The interface of the utility program is not fixed and its long-term stability is not guaranteed.
Command "create" can be used to create a new DigiDoc container, add data files, optionally some meta-info about the signer and sign the document. Documents can be created only in ASiC-E format. General form of the command is:
Data file(s) to be signed. The option can occur multiple times.
Warning
It is recommended not to use special characters in the data file’s name, i.e. it is suggested to only use the characters that are categorized as "unreserved" according to RFC3986 (http://tools.ietf.org/html/rfc3986).
--mime=
Optional
Specifies the data file's mime-type value. When used then must be written right after the "--file" parameter. If left unspecified then the default mime-type value "application/octet-stream" is used.
Warning
Data file’s mime-type value must be formatted as specified in RFC2045, section 5.1 (https://tools.ietf.org/html/rfc2045#section-5.1), i.e. the "type" and "subtype" values must be separated with a forward slash character.
--dontsign
Optional
Don't sign the newly created container.
Additional options for the "create" command are the same as for "sign" command (see Adding signatures).
Sample commands for creating and signing DigiDoc files:
Sample: creating new ASiC-E file, adding multiple data files and signing via PKCS#11 driver
--file=file1.txt - a data file to be added to container
--cng - CNG API is used for signing
demo-container.asice - container to be created
Sample: creating new ASiC-E file on Windows, adding data file and signing via CNG API, dialog windows for certificate selection and PIN insertion are not displayed
--file=file1.txt - a data file to be added to container
--cng - CNG API is used for signing
--selectFirst - the first signing certificate in store is used for signing
--pin=01497 - PIN code (PIN2 in case of Estonian ID cards)
demo-container.asice - container to be created
Creating and signing multiple documents
Command "createBatch" Takes folder as argument folder/content/to/sign and sign them separate containers.
For additional options look sign command.
Add additional files to container
Command "add" for adding additional files to existing unsigned container.
Available options are –file and –mime look "create" command for info.
Creating and signing a document (external signing, e.g. in browser)
Command "websign" can be used to create a new DigiDoc container, add data files, optionally some meta-info about the signer and sign the document. Documents can be created only in ASiC-E format. External signing use case may be used when signing is done in web applications, the communication with the signer's token and signing the hash is done via a web browser's signing module (plug-in or extension). See also https://web-eid.eu for implementing signing in browser environment.
External signing process with websign command is as follows:
After executing the websign command, the utility program outputs the value of hash to be signed (in HEX) to console and waits until user enters the respective signature value
Data file(s) to be signed. The option can occur multiple times.
--mime=
Optional
Specifies the data file's mime-type value. When used then must be written right after the "--file" parameter. If left unspecified then the default mime-type value "application/octet-stream" is used.
Additional options for the "websign" command are the same as for "sign" command (see Adding signatures).
Sample command for creating and external signing of ASiC-E files:
Sample: creating new ASiC-E file, specifying signers certificate, adding data files and other meta-data and calculating the RSA signature value in browser
--file=file1.txt - a data file to be added to container
--file=file2.txt - a data file to be added to container
--profile=time-stamp - profile of the signature
--country=Estonia - country where the signature is created
--state=Harjumaa - state where the signature is created
--city=Tallinn - city where the signature is created
--postalCode=12345 - postal code of the signature creation location
demo-container.asice - container to be created
Opening document, validating signatures and extracting data files
Command "open" enables to read in an existing DigiDoc document, print out a list of its contents and validate signatures. By specifying the additional option –extractaAll, then the data files are extracted from the container and stored on the disk. All DigiDoc file formats are supported with this command (except of BDOC1.0). General form of the command is:
If set, then all of the input container’s data files are extracted and written to disk without validating signatures. If an output directory is not specified with the value of this parameter then the extracted files are written to the same directory where the input file is located.
–validateOnExtract
Optional
If set, then validates container before extracting files.
Enables to choose the displaying of validation warnings (if present) of the file being opened. Can be used to test the warnings system of the utility program (see also "Validation status VALID WITH WARNINGS"). The options include:
warning – the default value used. The minor technical errors that are considered as warnings, are printed out as warnings.
error – the errors that are otherwise considered as warnings (by the utility program), are printed out as errors.
ignore – the errors that are otherwise considered as warnings (by the utility program), are not printed out. If there are any other errors present then these are treated as usual.
Output of the default command contains the following data of the container:
Message imprint (<length in bytes>): <OCSP responses nonce field’s or TSA messageImprint value (has to correspond to the <SignatureValue> element’s hash)>
TS: <TSA certificate CN field’s value>
TS time: <time of TSA issuance, i.e. official signing time>
TSA: <archive TSA certificate CN field’s value>
TSA time: <time of archive TSA issuance, i.e. official signing time>
Warnings: <possible validation related warnings (see explanation below)>
Note
By default, if the signature validation process discovered errors that are regarded as minor technical errors in digidoc-tool.cpp utility program then the document is considered as VALID WITH WARNINGS, the errors are printed out as warnings to the end user. See also chapter Determining the validation status.
Sample commands for validating signatures and extracting data files:
Sample: opening ASiC-E container, listing its contents and validating signatures
Sample: opening ASiC-E container, listing its contents and validating signatures (warnings are displayed as SHA-1 hash function is used in a ASiC-E file)
If PIN is not provided with this parameter value and (the default) PKCS#11 module is used for signing then the utility program asks for the user to insert PIN code to command line during the program’s execution time.
--profile=
Optional
Profile of the signature. Possible values are:
TS - a time-stamp and OCSP confirmation will be added to the signature as validation data.
TSA - a time-stamp and OCSP confirmation will be added to the signature as validation data. Additional time-stamp is added for notarize all certificate and revocation info.
--XAdESEN
Optional
Use XAdES EN profile.
--city=
Optional
City where the signature is created.
--street=
Optional
streetAddress of production place in XAdES EN profile.
--state=
Optional
State or province where the signature is created.
--postalCode=
Optional
Postal code of the place where the signature is created.
--country=
Optional
Country of origin. ISO 3166-type 2-character country codes are used (e.g. EE)
--role=
Optional
Signer’s role(s). The option can occur multiple times.
--sha(224,256,384,512)
Optional
Used for testing purposes. Specifies the hash function that is used when calculating digest values. If not specified then SHA-256 is used by default.
--sigsha(224,256,384,512)
Optional
Used for testing purposes. Specifies the hash function that is used for calculating the hash that is being signed. If not specified then SHA-256 is used by default.
--sigpsssha(224,256,384,512)
Optional
Used for testing purposes. With RSA keys RSA-PSS padding is used. Specifies the hash function that is used for calculating the hash that is being signed. If not specified then SHA-256 is used by default. Same as --sigsha* with --rsapss
--rsapkcs15
Optional
Option to change RSA Signature padding (RSA PKCS1.5).
--rsapss
Optional
Option to change RSA Signature padding (RSA PSS).
--tsurl
Optional
Option to change TS URL.
--dontValidate
Optional
Don't validate container on signature creation.
Options for specifying module used for accessing the signing token - possible alternatives are PKCS#11, CryptoAPI/CNG and PKCS#12 (for testing purposes). When signing module is not specified then PKCS#11 module is used by default.
--pkcs11[=]
Optional
Signing is done via PKCS#11 module - the default module for singing with smart card in Linux and macOS. When signing via PKCS#11 module then the parameter’s value can be used to specify the path and filename of PKCS#11 driver in your file system. For example, "opensc-pkcs11.dll" in Windows environment and "opensc-pkcs11.so" in Linux and OSX. If the parameter’s value is left unspecified then PKCS#11 driver’s location is looked up from configuration file (see also chap. Configuration parameters).
--cng
Optional
Set the parameter to sign via Microsoft CNG API (in Windows environment). If "--pin" parameter’s value is not set then PIN insertion dialog is displayed to the user. Parameter "--cng" may optionally be used along with parameter "--selectFirst" or "--thumbprint".
--selectFirst
Optional
Additional parameter that can optionally be used along with parameter "–cng". When the parameter is set then the first certificate in Windows certificate store is chosen for signature creation. If the parameter is not set then certificate selection dialog window is displayed to user.
--thumbprint
Optional
Additional parameter that can optionally be used along with parameter "–cng". When the parameter is set then the certificate by thumbprint in Windows certificate store is chosen for signature creation. If the parameter is not set then certificate selection dialog window is displayed to user.
--pkcs12=
Optional
Signing is done via PKCS#12 module - can be used for testing purposes. Enables to use a PKCS#12 software token (containing the signing certificate and private key) for signature creation. Note that the created signature is not a valid signature and it is not equal to handwritten signature as the PKCS#12 software token is not considered a secure signature creation device.
--selectFirst - the first signing certificate is used for signing
--pin=12345 - PIN code (PIN2 in case of Estonian ID cards)
demo-container.asice - container to be modified
Removing signatures and data files
Signatures and data files can be removed from a DigiDoc container with the command "remove". Note that it is possible to remove data files only from an unsigned container (i.e all signatures must be removed before removing data files). The command is supported with DigiDoc formats BDOC 2.1 and ASiC-E. General format of the command is:
--document=0 - sequence number of the data file that is removed
--document=1 - sequence number of the data file that is removed
demo-container.asice - container to be modified
National and cross-border support
TSL list usage in Libdigidocpp
Libdigidocpp library uses Trust Service status Lists (TSL) as trust anchors. TSL lists are a standardized way to add support for cross-border trust-service providers, e.g. CA's that issue qualified certificates, OCSP service and time-stamping service providers (see also TSL specification). TSL list is a digitally signed a document in XML format, the list is accompanied with a TSL signing certificate that is used to validate the list's signature.
Libdigidocpp library uses the European Commission’s TSL list as the basis of retrieving data of trusted certificates. The European Commission's TSL list is also referred to as List of Trusted Lists (LOTL), meaning that it is central list that contains references to other TSL lists, in this case the national TSL lists of the European Union's member states.
Each of the national TSL list contains data (including the certificates) of the trust service providers that are approved in this particular country. Libdigidocpp supports all national TSL lists that are referred to in the LOTL (more than 30 countries).
TSL lists' initialization process is done during each initialization of the library. By default, the TSL itself and its freshness is checked on-line:
It is checked if LOTL (the master TSL list, tl-mp.xml) is present at the tsl.cache location
If there is no such list present in the cache directory and the online updating mechanism is enabled (see Trust anchor/TSL settings, "tsl.autoupdate") then the TSL list is downloaded from the list's URL (https://ec.europa.eu/tools/lotl/eu-lotl.xml) and saved to tsl.cache directory
Note
tsl.autoupdate can be disabled but then the TSL list(s) must be manually saved to the tsl.cache location.
the TSL lists are not distributed along with the library's installation package, meaning that during the first initialization of the library, the TSL lists need to be downloaded on-line or must be manually copied to the tsl.cache location.
If there is an existing LOTL in the tsl.cache location and the tsl.onlineDigest check is enabled (see Trust anchor/TSL settings, "tsl.onlineDigest") then the freshness of the TSL list is checked based on the list's SHA-256 hash value:
The existing TSL list’s hash is calculated over the binary representation of the list
The officially published hash value is downloaded (from the same address as the TSL's URL but with .sha2 extension)
The hash of existing TSL and the value downloaded on-line are compared
If values are different then a new version of the TSL list is downloaded
If the hash values are the same or it was not possible to download the hash value from external URL then new version of the TSL is not downloaded. TSL parsing/validation process is continued.
The LOTL is validated:
the list's validity is checked in by comparing the user's computer time with the list's <NextUpdate> value.
if the list is not valid then the library attempts to download a new list from the list's URL
the list's signature is validated by using its signing certificate
National TSLs' data (URLs and certificates) are read from the LOTL.
For each of the national TSL list, the following is done:
step 1-3 of the current process is repeated with the national TSL list
appropriate trust services are found from the national TSL lists, their certificates are added to the library's internal trusted certificates' store.
Identity tokens in Libdigidocpp
Libdigidocpp library supports the following identity tokens:
Estonian national eID card and Digi-ID
The library is also tested with the following tokens (indirectly via the DigiDoc desktop application that uses Libdigidocpp as a base component):
Finnish national eID card
Latvian national eID card
Lithuanian national eID card
SafeNet eToken 5110 with SK issued certificates for organizations
Interoperability testing
DigiDoc framework cross-usability tests
Automated cross-usability tests of digitally signed and encrypted files are periodically carried out between different DigiDoc software libraries:
Cross-usability of ASiC-E file format with TS (time-stamp) profile is tested between DigiDoc4j and Libdigidocpp libraries.
The interoperability tests are executed through the command line utility tools of the software libraries (for example, in case of Libdigidocpp library, the utility program which is described in chapter Libdigidocpp utility program of the current document).
Libdigidocpp implementation notes
The following section describes properties of a BDOC 2.1 file that are not strictly defined in the BDOC 2.1 specification BDOC2.1:2013 but are used in Libdigidocpp library’s implementation (and also in other DigiDoc software libraries) of the file format.
Digital signature related notes
The supported BDOC 2.1 signature profiles are BDOC-TM (XAdES-EPES signature with time-mark) and BDOC-TS (XAdES-BES signature with time-stamp and OCSP confirmation). The basic BDOC-TM profile is XAdES-EPES as BDOC 2.1 specification requires that <SignaturePolicyIdentifier> element is present (BDOC2.1:2013, chap. 5.2). The basic BDOC-TS profile is XAdES-BES as the <SignaturePolicyIdentifier> element is not supported in case of BDOC 2.1 signatures with time-stamps. It is expected that either a time-mark or time-stamp and OCSP confirmation have been added to the signature as according to BDOC 2.1 specification (BDOC2.1:2013, chap. 6) a signature is not considered complete or valid without validation data from external services (i.e. a time-mark or time-stamp).
For better international compatibility reasons, the library also accepts BDOC-TS signatures that are based on XAdES-EPES basic profile during validation time (i.e. the signature contains <SignaturePolicyIdentifier> element and a time-stamp).
One time-mark is allowed for each signature in case of TM profile; one time-stamp and one OCSP confirmation are allowed for each signature in case of TS profile (due to security reasons and in order to maintain testing efficiency).
In case of BDOC signature with time-mark, the OCSP confirmation's (i.e. time-mark's) nonce field’s value is calculated as follows:
the contents of <SignatureValue> element (i.e. the value without XML tags) is taken and decoded from base64 encoding;
digest of the value found in the previous step is calculated by using SHA-256 algorithm.;
the digest value found in the previous step and the digest algorithm that was used are transformed as defined by the following ASN.1 structure:
TBSDocumentDigest ::= SEQUENCE {
algorithm AlgorithmIdentifier,
digest OCTET STRING
}
the ASN.1 block value produced in the previous step is included in the OCSP request’s "nonce" field and must be present in the respective field of the OCSP response.
In case of signing with ECC keys (by using ECDSA algorithm), concatenation method is used for creating signature value.
SHA-256 hash function is used by default when calculating data file digests and the digest that is signed.
When a hash function that is weaker than SHA-256 (or SHA-224 in the special case with pre-2011 ID-cards) has been used then a warning message about weak digest method is produced to the user. It is recommended to regard the error as a validation warning (identically to DigiDoc desktop application and digidoc-tool.cpp utility program).
During signature creation, it is checked that there is only one <ClaimedRole> element in the signature, which contains the signer’s role and optionally the signer’s resolution. If the <ClaimedRole> element contains both role and resolution then they must be separated with a slash mark, e.g. "role / resolution". Note that when setting the resolution value then role must also be specified.
XML namespace prefixes are used in case of all XML elements (e.g. "asic:", "ds:", "xades:").
The data file’s MIME type that is used in case of Libdigidocpp’s utility program is always "application/octet-stream" for testing purposes.
The <ds:Signature> element’s Id attribute value is set to "S<seq_no>" during signature creation where sequence numbers are counted from zero. Other Id values that are used in the sub-elements of the <ds:Signature> element contain the signature’s Id value as a prefix. During verification, different Id attribute values are also supported but are not tested periodically.
signatures*.xml file's XML structure validation is done on the basis of XAdES XML Schema (XAdES), however, there are additional checks to determine any unsupported elements that are allowed by the XAdES specification. The unsupported elements are CounterSignature, AttributeCertificateRefs, AttributeRevocationRefs, RefsOnlyTimeStamp, AttrAuthoritiesCertValues, AttributeRevocationValues, CommitmentTypeIndicationType, AllDataObjectsTimeStamp, IndividualDataObjectsTimeStampType.
Special characters in URI attribute values are handled according to RFC3986 (since v3.9 of the library): the characters are percent-encoded, except of unreserved characters and delimiters. Both percent-encoded and non-percent-encoded characters are supported during signature's validation.
When validating a BDOC-TS document then the difference between OCSP validity confirmation's production time (producedAt field) and time-stamp's production time (getTime field) is checked. An exception is thrown if the OCSP confirmation's time is earlier than time-stamp's time. If the OCSP confirmation's time is later than time-stamp's time by more than 15 minutes then a warning is returned. If the difference is more than 24 hours then exception is thrown.
During signature creation, it is checked that the difference between the signer's computer time and the OCSP response's production time (producedAt value) would not exceed 15 minutes. If the difference exceeds 15 minutes then an exception is returned and signing is cancelled.
Certificate related notes
Valid signatures (qualified electronic signatures) can be created with a certificate that has "Non-repudiation" value (also referred to as "Content Commitment") in its "Key usage" field. The requirement is based on the following sources:
ETSI TS 102 280 (V1.1.1): "X.509 V3 Certificate Profile for Certificates Issued to Natural Persons"; chap. 5.4.3;
Signature can be created with a certificate that doesn’t have "Non-repudiation" value in its "Key-Usage" field when specific parameters have been set but validation of such signature will produce a respective error message and the signature is not considered as a qualified electronic signature.
During signature validation, it is checked that the validity periods of the signer’s certificate and all the certificates in its CA chain include the signature creation time (value of the time in TSA response or case time-mark profile producedAt field in OCSP response).
Container related notes
ASiC-E files are created with .asice or .sce file extension.
Signatures are stored in META-INF/signatures*.xml files where ‘*’ is a sequence number, counting is started from zero.
It is not allowed to add two data files with the same name to the container as the signed data file must be uniquely identifiable in the container.
All data files in the container must be signed. All signatures in the container must sign all of the data files.
Relative file paths are used, for example "META-INF/signatures*.xml" and "document.txt" instead of "/META-INF/signatures*.xml" and "/document.txt" to ensure better interoperability with third party applications when validating signatures.
The ZIP container’s comment field contains application name of the library that was used for creating the file. The value can be useful, for example, when trying to determine the origin of an erroneous file.
"mimetype" file is not compressed in the ASiC-E file’s ZIP container as the results of ASiC plug-tests event shows that this solution is most widely used.
When a data file is added to the container then the modification time of the file (as it is registered in the file system) is preserved also in the ZIP container file. There is an exception if the file is added by reading it from an input stream - in that case, the current timestamp value is registered as "last modified" time in the ZIP file.
Generated on Thu Dec 19 2024 09:35:24 for libdigidocpp by 1.9.8