 DigiDoc³ | |
| Filename extension | .asice, .bdoc, .ddoc .cdoc |
|---|---|
| Internet media type | application/vnd.etsi.asic-e+zip, application/x-bdoc, application/x-cdoc, application/x-p12d |
| Developed by | RIA (ria.ee) |
| Latest release | .asice 2014-06-05 |
| Type of format | Digital signature |
| Container for | any file format |
| Extended from | ASiC |
| Standard | EVS 821:2014 |
| Open format? | Yes (implementations) |
| Free format? | No (standard text) |
DigiDoc (Digital Document) is a family ofdigital signature- andcryptographic computing file formats utilizing apublic key infrastructure. It currently has three generations of sub formats,DDOC- , a later binary basedBDOC and currently usedASiC-E format that is supposed to replace the previous generation formats. DigiDoc was created and is developed and maintained byRIA[1] (Riigi Infosüsteemi Amet,Information System Authority of Estonia).
The format is used tolegally sign and optionally encrypt file(s) like text documents as part ofelectronic transactions. All operations are done using anational id-card, ahardware token, that has a chip with digitalPKIcertificates to verify a person's signaturemathematically. Signed file is acontainer holding actual signed, unmodified files and hence operation does not require any support from software that created those files.
Format container and its signatures can be created using application like qDigiDoc or aweb service with user's web browser with signingextension. When an application is used, container is typically exchanged between signing parties as an email attachment until everyone has signed it and have their own complete copy.
Web services also utilize identity cards for session authentication using an authentication certificate which is also stored on the id-card.
DigiDoc container contains actual files andmetadata, including ahash that represents those files. When signing, software sends content hash using standardisedPKCS 11 interface to the user's id-card. After verifying the user's PIN, id-card signs the hash internally and returns a signature which is then stored into DigiDoc container.
During the signing, the certificate validity of each signing party is checked, and a signed timestamp is retrieved, using anOCSP service. The signed timestamp makes it possible to prove later at what time a document was signed (as the timestamp is derived from the document hash) and that each signing certificate was not incertificate revocation list at the time of signing. Any signatures prior to the revocation are still valid (therefore, documents do not have to be resigned when the user receives new certificates).
ASiC-E (Associated Signature Containers) and itsextended variant is the latest DigiDoc container format. Usedfile extension is.asice.
BDOC (Binary Document), of which the latest version is 2.1, is based onETSI's ASiC signature container standards. It is official Estonian national standardEVS 821:2014.[2] Files use the.bdoc file extension.
DDOC (Digical document) is the first generation DigiDoc format. Files use the.ddoc file extension.
The most widely used application is the qDigiDoc graphical desktop software that runs onMicrosoft Windows,Apple Mac OSX and on variousLinux distributions. qDigiDoc isOpen Source Software that can be freely downloaded and installed. Applications also exist for Apple iPad tablet devices and Windows phones.
CurrentlyEstonian- andFinnish government issued cards work with qDigiDoc 3.x and later versions.
Multiple programming languages are supported to create applications and services utilizing DigiDoc-format, includingC++, C, Java,.NET,