Table of contents
Introduction
Access to the service
Functionality
Hashcode Container form
Hashcode API description

Introduction

Digital Signature Gateway service (Riigi allkirjastamisteenus) is based on Signature Gateway software, however it do not offer all the functionality present in the software.

Following chapters describe offered functionality.

Access to the service

Accessing the service is restricted, it is needed to register for usage. See Information System Authority webpage for registration info.

The authorization mechanism is described here. Upon registration service specific UUID and signing secret are provided through secure channel.

Functionality

Functionality **Signature Gateway software ** Digital Signature Gateway service JSON Comment
Container creation Yes Yes Only hashcode form.
Manipulation of signable content Yes Yes Only hashcode form “data files”.
Adding signatures Yes Yes Signatures created with Estonian certificates.
Support for BDOC and ASICE containers Yes Yes Only hashcode form.
Signing with external device Yes Yes ID card, e-seal, … (certificate must be in Estonian TSL).
Signing with Mobile-ID Yes Yes Only Estonian Mobile-ID.
Signing with Smart-ID Yes No No support.
Signature validation Yes Yes Validation of DDOC containers in hashcode form is also supported. Keep in mind that DDOC hashcode form differs from “standard” hashcode form.

Hashcode container form

Digital Signature Gateway service supports only hashcode based data files manipulation. This means that signed data files are not leaving the integrating e-service premises giving protection to the content. In addition this enables to sign large data files as hashcode representation of the file is not tied to the size of real file.

The details how to convert ASICE/BDOC containers to and from hashcode form can be found here.

For validation of DDOC containers in hashcode form different conversion must be made. This is described here.

Hashcode API description

Digital Signature Gateway service supports subset of API methods supported by Signature Gateway software. In below table supported methods are listed. Refer Signature Gateway documentation for details.

Action API specifics Comment
Create container See details Creating a container from hashcode files
Upload container See details Uploading a signed hashcode container
Add data file See details Adding hashcode representation of data file to container
Get data file list See details Retrieving list of hashcode representations of data files
Delete data file See details Deleting hashcode representation of data file from container
Start remote signing See details Initiating signing process
Finish remote signing See details Finalize signing process
Start Mobile-ID signing See details Initiating Mobile-ID signing process
Get Mobile-ID signing status See details Finalize Mobile-ID signing process
Get signature list See details Retrieving signers list
Get signers information See details Retrieving signers information
Validate container in session See details Validating container in session
Validate container without session See details Validating container without session
Get container See details Retrieve hashcode container
Delete container See details Delete hashcode container in session