13. CDOC2 system components¶
13.1 CDOC2 reference Java library¶
Implements client side functionality for CDOC2 system.
13.2 CDOC2 Capsule Server (CCS)¶
Stores encryption/decryption key material. Provides endpoints for auth-ticket creation and key material upload/download.
13.3 CDOC2 Shares Server (CSS)¶
Returns share identifiers to CDOC2 Client Application. Stores Key Shares. Recipient has to authenticate with the CSSs in order to download the shares contained in a Shares Capsule. Shares Capsules are distributed between multiple CDOC2 Shares Server instances, so that compromising one server doesn't expose key material. Instances run on independent premises.
13.4 Authentication proxy¶
A server that relays the Mobile-ID and Smart-ID authentication requests to actual Mobile-ID/Smart-ID RP API services and acts as relying party (RP). Generates and stores secrets that cannot be revealed to CDOC2 Client Applications.
13.5 CDOC2 CLI user application¶
Command line utility to create/process CDOC2 files. Provides CLI interface to CDOC2 reference Java library.
14. Interfaces between system components¶
14.1 CDOC2 Capsule Server (CCS) interface¶
CSS interface provides the following endpoints:
/key-capsules/{transactionId}
Get Server Capsule based on the transaction identifier. Used by recipient to request a Server Capsule./key-capsules
Upload a Server Capsule to a CCS. Used by sender to upload Server Capsule to a CCS.
For full CCS OpenAPI specification, see Appendix C in protocol and cryptography spec.
14.2 CDOC2 Shares Server (CSS) interface¶
/key-shares/{shareId}
Get key share for share identifier. Used by recipient to request a key share./key-shares
Upload a key share and receive a share identifier. Used by sender to upload key share./key-shares/{shareId}/nonce
Create nonce for creating an authentication ticket. Used by recipient to request a nonce.
For full CSS OpenAPI specification, see Appendix E in protocol and cryptography spec.