Guidelines for using file digest till ASICE finalizing.

Digest preparation and signing

  1. Hash from files to be signed shall be calculated at service provider premises.
  2. Digest shall be encoded from calculated hash (HEX to Base64).
  3. Service provider shall receive authorisation token (Introspect scope) for accessing SignAPI
  4. Request "Add document digest" operation  (POST /api-storage/v1.0/{sessionId}/addDocumentDigest)
  5. Request "Calculate Digest" operation (POST /api-sign/v1.0/calculateDigest)
  6. Request "Finalize Signing" operation (POST /api-sign/v1.0/finalizeSigning)
  7. Request "File list" operation (GET /api-session/v1.0/{sessionId}/list) - get ASICE container "documentId" property
  8. Request "File download" operation (GET /api-session/v1.0/{sessionId}/{documentId}) - download signed ASICE container.
  9. Open container with zip processing tools (probably need to rename extension to ".zip").
  10. Add file, from which digest was calculated to container's root folder.
  11. When file is added - change extension back to ".edoc" or ".asice" if needed.

Adding additional signature to existing ASICE container

(in case when file digest is signed by more than one signer)

  1. If you have already signed ASICE with at least one signature, and you don't have stored signed file/s digest:
  2. Unpack ASICE container - extract file/s to be signed;
  3. Follow steps 1 to 9 from "Digest preparation and signing";
  4. Go to "META-INF" folder and extract signature XML file (Shall contain "signatures" name within file name (signatures1.xml));
  5. Open existing ASICE (where you want to add signature);
  6. Open "META-INF" folder:
  7. Check, if folder did not contain signature file with same filename as extracted in step 4:
    1. if contains, rename index of signature XML file extracted in step 4
  8. Add signature XML file to the "META-INF" folder
  9. When signature XML file is added - change extension back to ".edoc" or ".asice" if needed.

Only SHA256 HASH is supported

EDOC container is Equal to ASIC container just uses ".edoc" extension.

".edoc" is popular extension (legacy) in Latvia, but ".asice" extensions are used as well and are supported.

".asice" extension is EU recognized (in countries where ASICE containers are in use).

ASICE container contains XAdES (XML Advanced electronic signature).

ASICE container contains "META-INF" folder

Each signature creates a single XML file

Signature XML files Shall contain name "signatures" + index (in case of API "signatures0.xml or signatures1.xml")

All signature names shall be uniqe

(lightbulb) To avoid same names, use "signatureIndex" property in "Add Document Digest" operation