Calculate Digest

Scope

Provide a signable data value calculation from the signable file by using the end-user signature certificate received.

Description

1. Start signing session. If there are problems with the files or the request does not meet the format requirements for the document signing, the process is terminated and an error is returned;
2. The hash of each file to be signed are calculated as well as signable data;
3. The signature algorithm  is determined from certificate;
4. The prepared signable data in base64 format is returned to the requester for signature.

Request

The Service provider's application sends the following GET request using TLS:

POST /api-sign/v1.0/CalculateDigest

Authorization

The request must contain an Authorization header with an OAuth Introspect access token obtained via Integration Platform a Service provider's credentials grant flow.

Unable to render {include} The included page could not be found.

Body

{
"sessions":[
    {
      "sessionId": "string"
    }
  ],
  "certificate": "string",
  "signAsPdf": true,
  "createNewEdoc": true
}

PropertyDescription
sessions
Information about file processing sessions
sessions.sessionId
File processing session identifier. It is possible to specify multiple sessions.
certificate
Signing certificate in base64 format
signAsPdf
True - will be signed as PDF (can only be used for signing PDFs and only one PDF file per session). In this case, the propery "createNewEdoc" will be ignored.
False - will create XAdES signature in ASICE container (EDOC).
createNewEdoc

True - Always creates new ASICE container (even if signable file is already a ASICE container - ASICE in the ASICE container);

False - If existing file is ASICE container, new signature will be added within existing ASICE container. If file is not ASICE, it will be added in ASICE container.


Example of single session signing

POST /api-sign/v1.0/CalculateDigest HTTP/1.1
Authorization: Bearer a477b3a3366768c07e4c458f518711b4b351e8d2c2f0f78a1524e4d3efd00603
Host: signapi-prep.eparaksts.lv
{
  "sessions": [
     {
        "sessionId": "fefdaec2b14bf2977d32a861fb49545244c654f7a4736dcc081ae1857a3a3dd4"
     }
  ],
  "certificate": "MIIG/j.......<sign certificate base64 here>.......xFP/IP==",
  "signAsPdf": false,
  "createNewEdoc": false
}

Example of batch session signing

POST /api-sign/v1.0/CalculateDigest HTTP/1.1
Authorization: Bearer a477b3a3366768c07e4c458f518711b4b351e8d2c2f0f78a1524e4d3efd00603
Host: signapi-prep.eparaksts.lv
{
  "sessions": [
          {
                 "sessionId": "fefdaec2b14bf2977d32a861fb49545244c654f7a4736dcc081ae1857a3a3dd4"
          },
          {
                 "sessionId": "fefdaec2b14bf2977d32a861fb49545244c654f7a4736dcc081ae18512121212"
          },
          {
                 "sessionId": "fefdaec2b14bf2977d32a861fb49545244c654f7a4736dcc081ae185bbbbbbbb"
          }
  ],
  "certificate": "MIIG/j.......<sign certificate base64 here>.......xFP/IP==",
  "signAsPdf": false,
  "createNewEdoc": false
}


Response

JSON object:

{
"sessionDigests":[
    {
      "sessionId": "string",
      "digest": "string",
      "error": {
          "code": "string",
          "message": "string"
      }
    }
  ],
  "digests_summary": "string",
  "algorithm": "string"
}

PropertyDescription
sessionDigest
Information about signable data session
sessionDigest.sessionId
File processing session identifier
sessionDigest.diggest

Signable data in base64 format

In case of server signing - received "diggest" property value shall be used (as is, without any reformatting) in Electronic signature provider API when Create a Digital Signature on the Server as "digest_value" property value.

In case of signing with Smart Card by using LVRTC provided browser extension integration, then this value shall be converted to HEX.

sessionDigests.error
Session error if any
sessionDigests.error.code
Session error code
sessionDigests.error.message
Session error message 
digests_summary

(warning) This parameter must only be used to obtain the authorization from the end-user for generating a digital signature with a server signing identity enabled via password stored on the HSM. (warning)

It is already precalculated digest summary. In case of server signing - "digests_summary" property value shall be used (as is, without any reformatting) in OAuth2.0 Authorization API when obtaining authorization code for signing operation as "digests_summary" property value.

algorithm
Algorithm of the digital signature


Example of single session signing

{
   "data": {
       "sessionDigests": [
           {
               "sessionId": "a37e460b4c65cb01a01dce5c58149806ca2d20dab22e99905d45128c4e693a90",
               "digest": "4xZX5G+R4gTbK2r6RlismZw4EBftvbSDcE3lXfpLMM4="
           }
       ],
       "digests_summary": "mnF3XVRWujh/Tsc3oA2HVGl0SI8VNb3pmscMcDhEzDo=",
       "algorithm": "SHA256"
   }
}

Example of batch session signing 

{
  "data": {
          "sessionDigests": [
                 {
                    "sessionId": "fefdaec2b14bf2977d32a861fb49545244c654f7a4736dcc081ae1857a3a3dd4",
                    "digest": "wRX+DNmDdlDrMK8X/MEdersGZbsgTiSFHi26domxjwA="
                 },
                 {
                    "sessionId": "fefdaec2b14bf2977d32a861fb49545244c654f7a4736dcc081ae18512121212",
                    "digest": "wRX+DNmDdlDrMK8X/MEdersGZbsgTiSFHi26domxjwA="
                 },
                 {
                    "sessionId": "fefdaec2b14bf2977d32a861fb49545244c654f7a4736dcc081ae185bbbbbbbb",
                    "digest": "wRX+DNmDdlDrMK8X/MEdersGZbsgTiSFHi26domxjwA="
                 }
           ],
                  "digests_summary": "mnF3XVRWujh/Tsc3oA2HVGl0SI8VNb3pmscMcDhEzDo=",
         "algorithm": "SHA256"
  }
}



  • No labels

© VAS Latvijas Valsts radio un televīzijas centrs

Registered address: Zemitāna iela 9 k-3, Rīga, Latvija, LV-1012

Unified reg. no: 40003011203

wiki.eparaksts.lv administrators: wiki@eparaksts.lv

Privacy policy Cookie policy

Data protection: lvrtc@lvrtc.lv; +371 67108704