Riigi allkirjastamisteenus| Table of contents |
|---|
| Introduction |
| Access to the service |
| Functionality |
| Hashcode Container form |
| Hashcode API description |
Introduction
Digital Signature Gateway service (Riigi allkirjastamisteenus) is based on Signature Gateway software, however it do not offer all the functionality present in the software.
Following chapters describe offered functionality.
Access to the service
Accessing the service is restricted, it is needed to register for usage. See Information System Authority webpage for registration info.
The authorization mechanism is described here. Upon registration service specific UUID and signing secret are provided through secure channel.
Functionality
| Functionality | **Signature Gateway software ** | Digital Signature Gateway service JSON | Comment |
|---|---|---|---|
| Container creation | Yes | Yes | Only hashcode form. |
| Manipulation of signable content | Yes | Yes | Only hashcode form “data files”. |
| Adding signatures | Yes | Yes | Signatures created with Estonian certificates. |
| Support for ASICE containers | Yes | Yes | Only hashcode form. |
| Signing with external device | Yes | Yes | ID card, e-seal, … (certificate must be in Estonian TSL). |
| Signing with Mobile-ID | Yes | Yes | Only Estonian Mobile-ID. |
| Signing with Smart-ID | Yes | Yes | Only QSCD level accounts are supported (accounts created after 08.11.2018). |
| Signature validation | Yes | Yes | Validation of BDOC and DDOC containers in hashcode form is also supported. Keep in mind that DDOC hashcode form differs from “standard” hashcode form. |
Hashcode container form
Digital Signature Gateway service supports only hashcode based data files manipulation. This means that signed data files are not leaving the integrating e-service premises giving protection to the content. In addition this enables to sign large data files as hashcode representation of the file is not tied to the size of real file.
The details how to convert ASICE/BDOC containers to and from hashcode form can be found here.
For validation of DDOC containers in hashcode form different conversion must be made. This is described here.
Hashcode API description
Digital Signature Gateway service supports subset of API methods supported by Signature Gateway software. In below table supported methods are listed. Refer Signature Gateway documentation for details.
| Action | API specifics | Comment |
|---|---|---|
| Create container | See details | Creating a container from hashcode files |
| Upload container | See details | Uploading a signed hashcode container |
| Add data file | See details | Adding hashcode representation of data file to container |
| Get data file list | See details | Retrieving list of hashcode representations of data files |
| Delete data file | See details | Deleting hashcode representation of data file from container |
| Start remote signing | See details | Initiating signing process |
| Finish remote signing | See details | Finalize signing process |
| Start Mobile-ID signing | See details | Initiating Mobile-ID signing process |
| Get Mobile-ID signing status | See details | Getting Mobile-ID signing process status |
| Trigger certificate selection for Smart-ID signing | See details | Requesting certificate to be used in signing process |
| Get Smart-ID certificate selection status | See details | Getting status for certificate choice |
| Start Smart-ID signing | See details | Initiating Smart-ID signing process |
| Get Smart-ID signing status | See details | Getting Smart-ID signing process status |
| Get signature list | See details | Retrieving signers list |
| Get signers information | See details | Retrieving signers information |
| Validate container in session | See details | Validating container in session |
| Validate container without session | See details | Validating container without session |
| Get container | See details | Retrieve hashcode container |
| Delete container | See details | Delete hashcode container in session |