DigiDoc4j

DigiDoc4j is a Java library for digitally signing documents and creating digital signature containers of signed documents.

Features

• Creating BDOC, ASiC-E containers
• Validating BDOC, ASiC-E and DDOC containers
• Creating, signing, timestamping and validating ASiC-S containers
• Creating and validating detached XadES

How to use it

• Take a look at the examples
• See the full DigiDoc4j API description
• Explore the Wiki section
• Download the latest release
• See the library development guide. Your contribution and pull requests are more than welcome

BDOC (ASiC-E - Associated Signature Container Extended) container format

• Has .bdoc, .asice or .sce extension
• BDOC is a new digital signature format developed in 2014 to replace the old, DDOC (DigiDoc) digital signature format.
• The benefits of the new format include the higher security level, the long-term integrity of the signed documents, as well as the better compliance with international standards.
• BDOC container is based on ASiC-E standard.
• Signatures are stored in XAdES format.
• Supports two signature formats: BDOC-TM and BDOC-TS
• BDOC-TM signature format has time-mark ensuring long-term provability of the authenticity of the signature.
  • This format has been used as a default digital signature format in Estonia since 2015.
  • It is based on XAdES baseline LT signature format.
  • Recommended extension is .bdoc
• BDOC-TS signature format has time-stamp.
  • In contrast to the BDOC-TM format, long-term provability of the authenticity of the signature is ensured by time-stamps.
  • It is based on XAdES baseline LT signature format and uses RFC3161 based time-stamps which makes it highly compliant in international context.
  • To ensure better compliance with international standards, it's recommended to sign documents with the BDOC-TS time-stamp signature profile.
  • Recommended extension is .asice
• .bdoc or .asice file is in fact a ZIP container with the signed files, the signatures and the protocol control information and can basically be opened by any program that recognizes the ZIP format.
• It is recommended not to use special characters in the data file’s name, i.e. it is suggested to use only the characters that are categorized as “unreserved” according to RFC3986 (http://tools.ietf.org/html/rfc3986).

ASiC-S (ASiC-E - Associated Signature Container Simple) container format

• Has .asics or .scs extension
• Container associates one data file with either:
  • one signature file containing one or more detached digital signature(s) that apply to it; or
  • one time assertion file containing a time assertion that apply to it.
• This format is used for timestamping the old DDOC containers in order to prove the inviolability of documents.

DDOC container format

• Has .ddoc extension
• An old DigiDoc digital signature format
• Since year 2015 it's recommended not to sign documents in the DDOC format
• It is based on XML Advanced Electronic Signatures (XAdES) format, corresponding to profile XAdES-X-L
• The DigiDoc container includes the source files (the files that were signed) as well as the signatures that are related to the signed file(s)
• Every signature contains the certificate, validity confirmation and the validity confirmation service certificate.

Documentation

• DigiDoc4j API
• Examples
• Wiki
• Pivotal Tracker contains user stories and issues
• Architecture of ID-software
• Digital signature formats
• BDOC 2.1.2 specification
• DDOC specification

Requirements

• Java 1.7
• Internet access to external verification services
• OCSP (Online Certificate Status Protocol) - http://ocsp.sk.ee
• EU TSL (European Commission's Trusted Status List) - https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml
• All the EU member states' TL servers referred in the EU TSL. Note that this list may change. (e.g. https://sr.riik.ee/tsl/estonian-tsl.xml, https://sede.minetur.gob.es/Prestadores/TSL/TSL.xml, https://www.viestintavirasto.fi/attachments/TSL-Ficora.xml etc.)
• TSA (Time Stamping Authority) - http://tsa.sk.ee

Maven

You can use the library as a Maven dependency from the Maven Central (http://mvnrepository.com/artifact/org.digidoc4j/digidoc4j)

<dependency>
	<groupId>org.digidoc4j</groupId>
	<artifactId>digidoc4j</artifactId>
	<version>3.x.x</version>
</dependency>

Known issues

The list of user stories and issues are tracked in Pivotal Tracker

Licence

• LGPL (GNU Library General Public License, see LICENSE.LGPL)
• © Estonian Information System Authority

Support

Official builds are provided through releases. If you want support, you need to be using official builds. Contact for assistance by email help@ria.ee.

Source code is provided on "as is" terms with no warranty (see license for more information). Do not file Github issues with generic support requests.