DigiDoc

DigiDoc
Filename extension	.bdoc, .ddoc .cdoc
Internet media type	application/vnd.etsi.asic-e+zip, application/x-bdoc, application/x-cdoc, application/x-p12d
Developed by	RIA (ria.ee)
Container for	DigiDoc³, Web services
Standard	EVS 821:2014

DigiDoc (Digital Document) is a family of digital signature- and cryptographic computing file formats utilizing a public key infrastructure. It currently has two generations of sub formats, DDOC- and a new binary based BDOC format that is supposed to replace the first generation DDOC. DigiDoc was created and is developed and maintained by RIA^[1] (Riigi Infosüsteemi Amet, Information System Authority of Estonia).

The format is mainly used to hold digitally signed and optionally encrypted file(s). Any cryptographic operation is done using a national id card, a hardware token, that has a chip with digital certificates to verify a person's identity mathematically. Usually a document is created using an application of the user's choosing. qDigiDoc software or a web service with a plugin are then used to place the document into the container, and sign or encrypt the container. The software hashes the document and sends the resulting hash via the standardised PKCS 11 interface to the smart card. The smart card, after verifying the user's PIN, responds with a signature that corresponds with the provided hash; this hash is then placed in the container. Additionally, during the signing, the certificate validity of each signing party is checked, and a signed timestamp is retrieved, using an OCSP service. The signed timestamp makes it possible to prove at what time a document was signed (as the timestamp is derived from the document hash) which may be important if a card is lost and used to maliciously sign documents. If a user reports that their card was stolen at 12:00, and a document with their signature is presented at 12:10, it can be rejected. Any signatures prior to the revocation are still valid (therefore, documents do not have to be resigned when the user receives new certificates).

Currently Estonian- and Finnish government issued cards work with qDigiDoc 3.x and later versions. Web services also utilize identity cards for session authentication using an authentication certificate which is also stored on the card.

BDOC

BDOC (Binary Document), of which the latest version is 2.1, is based on ETSI's ASiC signature container standards. It is official Estonian national standard EVS 821:2014.^[2] Files use the .bdoc file extension.

DDOC

DDOC (Digical document) is the first generation DigiDoc format. Files use the .ddoc file extension.

Software

The most widely used application is the qDigiDoc graphical desktop software that runs on Microsoft Windows, Apple Mac OSX and on various Linux distributions. qDigiDoc is Open Source Software that can be freely downloaded and installed. Applications also exist for Apple iPad tablet devices and Windows phones.

installer.id.ee qDigiDoc home page.
itunes.apple.com - DigiDoc for Apple iPad tablets
windowsphone.com - DigiDoc for Windows phone

Software libraries

Multiple programming languages are supported to create applications and services utilizing DigiDoc-format, including C++, C, Java, .NET,

libdigidocpp c++ library
libdigidoc C library
digidoc4j Java library

References

↑ ria.ee Public Key Infrastructure PKI Competences of RIA: Is responsible for the functioning, development and management of the ID card base software. Is responsible for the mutual capacity of international electronic identities or the cross-country functioning, development and management of software solutions. Participates in work groups and in the development of the state’s PKI. Assures the existence of the user interface service of the ID card base software (www.id.ee). Referred at 2015-02-24
↑ evs.ee EVS 821:2014 - BDOC Format for Digital Signatures The present document defines XML formats for advanced electronic signatures that remain valid over long periods and incorporates additional useful information for common use cases. This includes evidence to its validity even if the signer or verifying party later attempts to deny (repudiates) the validity of the signature. Referred: 2016-04-13

External links

id.ee - The World of DigiDoc
id.ee - BDOC2.1 – new Estonian national standard on digital signatures
id.ee - DigiDoc libraries
installer.id.ee qDigiDoc home page.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[ria-roles-1] ria.ee Public Key Infrastructure PKI Competences of RIA: Is responsible for the functioning, development and management of the ID card base software. Is responsible for the mutual capacity of international electronic identities or the cross-country functioning, development and management of software solutions. Participates in work groups and in the development of the state’s PKI. Assures the existence of the user interface service of the ID card base software (www.id.ee). Referred at 2015-02-24

[evs-821-2009-2] vs.ee EVS 821:2014 - BDOC Format for Digital Signatures The present document defines XML formats for advanced electronic signatures that remain valid over long periods and incorporates additional useful information for common use cases. This includes evidence to its validity even if the signer or verifying party later attempts to deny (repudiates) the validity of the signature. Referred: 2016-04-13


Filename extension	`.bdoc, .ddoc .cdoc`
Internet media type	`application/vnd.etsi.asic-e+zip, application/x-bdoc, application/x-cdoc, application/x-p12d`
Developed by	RIA (ria.ee)
Container for	DigiDoc³, Web services
Standard	EVS 821:2014