Skip to content
Risto Seene edited this page Dec 4, 2024 · 27 revisions

DigiDoc4j

DigiDoc4j is a Java library for digitally signing documents and creating digital signature containers of signed documents.

Features

  • Creating ASiC-E and ASiC-S containers
  • Validating ASiC-E, ASiC-S, BDOC, and DDOC containers
  • Creating and validating detached XAdES signatures
  • Creating and validating timestamp tokens

How to use it

ASiC-E (Associated Signature Container Extended) container format

  • Has .asice or .sce extension.
  • This format is default format since 2019.
  • ASIC-E containers are in compliance with EU standards.
  • Signatures are stored in XAdES format.
  • Supports following signature profiles:
    • B_BES - Basic signature (not considered valid by DigiDoc4j validation rules).
    • T (Time) - Signature with time-stamp (not considered valid by DigiDoc4j validation rules).
    • LT (Long Term) - Signature with time-stamp and OCSP (both "regular" and AIA OCSP are supported).
    • LTA (Long Term Archival) - Signature has additional archival time-stamp(s) to LT profile.
  • .asice or .sce file is in fact a ZIP container with the signed files, the signatures and the protocol control information and can basically be opened by any program that recognizes the ZIP format.
  • It is recommended not to use special characters in the data file’s name, i.e. it is suggested to use only the characters that are categorized as “unreserved” according to RFC3986 (https://datatracker.ietf.org/doc/html/rfc3986).

BDOC (Estonian specific implementation of Associated Signature Container Extended) container format

The support for creating BDOC-specific time-mark signatures was removed since DigiDoc4j version 5.2.0 in relation to discontinuation of time-mark-capable OCSP responders in 2023.

  • Has .bdoc extension
  • BDOC is a digital signature format developed in 2014 to replace the old, DDOC (DigiDoc) digital signature format.
  • This format has been used as a default digital signature format in Estonia since 2015 until end of 2018.
  • BDOC container is based on ASiC-E standard.
  • Signatures are stored in XAdES format.
  • Supports signature profiles:
    • B_EPES - Basic signature with signature policy defined (not considered valid by DigiDoc4j validation rules). B_EPES signing support in DigiDoc4j was removed since version 5.2.0.
    • LT_TM (Long Term TimeMark) - Signature has time-mark ensuring long-term provability of the authenticity of the signature. LT_TM signing support in DigiDoc4j was removed since version 5.2.0.
      • It is based on XAdES baseline LT signature format.
  • .bdoc file is in fact a ZIP container with the signed files, the signatures and the protocol control information and can basically be opened by any program that recognizes the ZIP format.
  • It is recommended not to use special characters in the data file’s name, i.e. it is suggested to use only the characters that are categorized as “unreserved” according to RFC3986 (https://datatracker.ietf.org/doc/html/rfc3986).

ASiC-S (Associated Signature Container Simple) container format

  • Has .asics or .scs extension
  • Container associates one data file with either:
    • one signature file containing one or more XAdES detached digital signature(s) that apply to it; or
    • one or more time assertion file(s) containing a time assertion that apply to it.
  • This format is used for timestamping the old DDOC containers in order to prove the integrity of documents.
  • Starting from DigiDoc4j version 6.0.0-RC.1, this format is also supported for timestamping ASiC and BDOC containers in order to prove the integrity of their contents.

DDOC container format

  • Has .ddoc extension
  • An old DigiDoc digital signature format
  • Since year 2015 it's recommended not to sign documents in the DDOC format. DDOC signing support in Digidoc4j was removed in 2018.
  • It is based on XML Advanced Electronic Signatures (XAdES) format, corresponding to profile XAdES-X-L
  • The DigiDoc container includes the source files (the files that were signed) as well as the signatures that are related to the signed file(s)
  • Every signature contains the certificate, validity confirmation and the validity confirmation service certificate.

Documentation

Requirements

Maven

You can use the library as a Maven dependency from the Maven Central (http://mvnrepository.com/artifact/org.digidoc4j/digidoc4j)

<dependency>
	<groupId>org.digidoc4j</groupId>
	<artifactId>digidoc4j</artifactId>
	<version>6.x.x</version>
</dependency>

Licence

  • LGPL (GNU Library General Public License, see LICENSE.LGPL)
  • © Estonian Information System Authority