Page tree
Skip to end of metadata
Go to start of metadata

Elektroniskā paraksta paketes izveidošana serverī

Description

Creates a batch of digital signatures from the hashes of the data to be signed using a server signing identity. 

The signature is created with the signing identity on server specified in the request. This identity must belong to the end-user on behalf of whom the operation is performed.

This method can be used for single signing as well. Main differences: Batch method response with base64 encoded Signed data, but single signing method response with PKCS#1 raw signature.

Request

POST /trustedx-resources/esigp/v1/signatures/server/raw/batch

Content-Type Header

Content-Type: application/json

Body

{
    "sign_identity_id" : {string},
    "signature_algorithm" : {string},
    "requests" : [
        {
            "digest_value" : {string},
			"signature_algorithm" : {string}
        }
    ]
}


PropertyDescription
sign_identity_id
Identifier of the signing identity that must be used for generating the signature (it must be a server signing identity that belongs to the end-user on behalf of whom the signature is performed).
signature_algorithm
Algorithm for obtaining the cryptographic hashes to be used for generating the signatures (rsa-sha1rsa-sha256rsa-sha384 and rsa-sha512) if no other algorithm is specified for each of them.
requests[ ]
Information on the cryptographic hashes to be used for generating the signatures.
requests[ ].digest_value
Base64 encoding of the cryptographic hash used to generate the signatures.
requests[ ].signature_algorithm
Algorithm that must be used to generate one of the digital signatures ("rsa-sha1", "rsa-sha256", "rsa-sha384" and "rsa-sha512").

Access Control

The request must contain a bearer access token generated by a trusted authorization server associated to the domain of the signing identity to be used for generating the signature. This token must have a scope that includes the value configured for the signing identity (by default, urn:safelayer:eidas:sign:identity:use:server) and must be used as explained in RFC 6750. Basically, the token must be included in an Authorization header as follows:

Authorization: Bearer <token>

The access token must be obtained via an authorization code grant OAuth 2.0 flow.

Example

POST /trustedx-resources/esigp/v1/signatures/server/raw/batch
Host: eidas.eparaksts.lv
Content-Type: application/json
Authorization: Bearer cbc...6daf
Content-Length: 213
{
	"sign_identity_id": "12345678",
    "signature_algorithm": "rsa-sha1",
	"requests": [
        {
            "digest_value": "RXN0byBlcyB1biBoYXNoIFNoYTE=",
            "signature_algorithm": "rsa-sha1"
       	},
       	{
            "digest_value": "siHZ27CDp/M0KNfCo8MZiuklYU1wIQ4ocWzKp81N23k",
            "signature_algorithm": "rsa-sha256"
        }
    ]
}

Response

Body

{
    "signatures" : [ {string} ]
}
PropertyDescription
signatures[]

Digital signatures encoded in base64. The signatures follow the same order as the cryptographic hashes from which they were created appear in the request.


  • No labels