DigiDoc

DigiDoc
	DigiDoc³
Filename extension	.asice, .bdoc, .ddoc .cdoc
Internet media type	application/vnd.etsi.asic-e+zip, application/x-bdoc, application/x-cdoc, application/x-p12d
Developed by	RIA (ria.ee)
Latest release	.asice; 2014-06-05
Type of format	Digital signature
Container for	any file format
Extended from	ASiC
Standard	EVS 821:2014
Open format?	Yes (implementations)
Free format?	No (standard text)

DigiDoc (Digital Document) is a family of digital signature- and cryptographic computing file formats utilizing a public key infrastructure. It currently has three generations of sub formats, DDOC- , a later binary based BDOC and currently used ASiC-E format that is supposed to replace the previous generation formats. DigiDoc was created and is developed and maintained by RIA^[1] (Riigi Infosüsteemi Amet, Information System Authority of Estonia).

The format is used to legally sign and optionally encrypt file(s) like text documents as part of electronic transactions. All operations are done using a national id-card, a hardware token, that has a chip with digital PKI certificates to verify a person's signature mathematically. Signed file is a container holding actual signed, unmodified files and hence operation does not require any support from software that created those files.

Format container and its signatures can be created using application like qDigiDoc or a web service with user's web browser with signing extension. When an application is used, container is typically exchanged between signing parties as an email attachment until everyone has signed it and have their own complete copy.

Web services also utilize identity cards for session authentication using an authentication certificate which is also stored on the id-card.

Technical description[edit]

DigiDoc container contains actual files and metadata, including a hash that represents those files. When signing, software sends content hash using standardised PKCS 11 interface to the user's id-card. After verifying the user's PIN, id-card signs the hash internally and returns a signature which is then stored into DigiDoc container.

During the signing, the certificate validity of each signing party is checked, and a signed timestamp is retrieved, using an OCSP service. The signed timestamp makes it possible to prove later at what time a document was signed (as the timestamp is derived from the document hash) and that each signing certificate was not in certificate revocation list at the time of signing. Any signatures prior to the revocation are still valid (therefore, documents do not have to be resigned when the user receives new certificates).

ASiC-E[edit]

ASiC-E (Associated Signature Containers) and its extended variant is the latest DigiDoc container format. Used file extension is .asice.

BDOC[edit]

BDOC (Binary Document), of which the latest version is 2.1, is based on ETSI's ASiC signature container standards. It is official Estonian national standard EVS 821:2014.^[2] Files use the .bdoc file extension.

DDOC[edit]

DDOC (Digical document) is the first generation DigiDoc format. Files use the .ddoc file extension.

Software[edit]

The most widely used application is the qDigiDoc graphical desktop software that runs on Microsoft Windows, Apple Mac OSX and on various Linux distributions. qDigiDoc is Open Source Software that can be freely downloaded and installed. Applications also exist for Apple iPad tablet devices and Windows phones.

Currently Estonian- and Finnish government issued cards work with qDigiDoc 3.x and later versions.

installer.id.ee qDigiDoc home page.
itunes.apple.com - DigiDoc for Apple iPad tablets
windowsphone.com - DigiDoc for Windows phone

Software libraries[edit]

Multiple programming languages are supported to create applications and services utilizing DigiDoc-format, including C++, C, Java, .NET,

libdigidocpp c++ library
libdigidoc C library
digidoc4j Java library

References[edit]

^ ria.ee Public Key Infrastructure PKI Archived 2015-02-24 at the Wayback Machine Competences of RIA: Is responsible for the functioning, development and management of the ID card base software. Is responsible for the mutual capacity of international electronic identities or the cross-country functioning, development and management of software solutions. Participates in work groups and in the development of the state’s PKI. Assures the existence of the user interface service of the ID card base software (www.id.ee). Referred at 2015-02-24
^ evs.ee EVS 821:2014 - BDOC Format for Digital Signatures The present document defines XML formats for advanced electronic signatures that remain valid over long periods and incorporates additional useful information for common use cases. This includes evidence to its validity even if the signer or verifying party later attempts to deny (repudiates) the validity of the signature. Referred: 2016-04-13

External links[edit]

id.ee - The World of DigiDoc
id.ee - BDOC2.1 – new Estonian national standard on digital signatures
id.ee - DigiDoc libraries
installer.id.ee qDigiDoc home page.

[ria-roles-1] ria.ee Public Key Infrastructure PKI Archived 2015-02-24 at the Wayback Machine Competences of RIA: Is responsible for the functioning, development and management of the ID card base software. Is responsible for the mutual capacity of international electronic identities or the cross-country functioning, development and management of software solutions. Participates in work groups and in the development of the state’s PKI. Assures the existence of the user interface service of the ID card base software (www.id.ee). Referred at 2015-02-24

[evs-821-2009-2] vs.ee EVS 821:2014 - BDOC Format for Digital Signatures The present document defines XML formats for advanced electronic signatures that remain valid over long periods and incorporates additional useful information for common use cases. This includes evidence to its validity even if the signer or verifying party later attempts to deny (repudiates) the validity of the signature. Referred: 2016-04-13

[1]

[2]