myID.be®

Signature types

This section details what can be signed and what the signature session request should contain.

A signature session must use the myID.be® signature profile, identified by urn:myid:dss:1.0. This value should be provided as the only element of the profile field in the signature request.

myID.be® supports Digest, PDF (PAdES) and XML signatures.

Digest

The Digest profile allows signing arbitrary data using its digest value. A digest is the result of a one-way hash function that takes the arbitrary data as input. Any type of data can be signed using the Digest profile.

Signature session

The Digest signature type is identified using URI: urn:myid:dss:1.0:signature:digest. This value should be provided in the sigType field of the optInp field of the signature request.

The digest of the binary data should be added in the signature session using the inDocs.docHash field.

Digest methods

The binary data should be hashed using one of the following hash algorithms:

  • SHA256
  • SHA384
  • SHA512

Signature result

The resulting signature is available in the sigObj field of a completed signature result.

PDF - PAdES

The PAdES profile allows signing PDF files using LTA-Level conformance 1. It is based on PDF 1.7 of Adobe Systems and supports the following digital signature operations:

  • Adding a digital signature to a document,
  • Providing a placeholder field for signatures,
  • Checking signatures for validity.

Signature session

The PAdES signature type is identified using URI: urn:myid:dss:1.0:signature:pades-baseline-lta. This value should be provided in the sigType field of the optInp field of the signature request.

The PDF documents should be added in the signature session using the inDocs.doc field.

Signature field settings

Signature field settings configure the visual properties of the signature field. Only one signature field per document can be configured (and signed). The settings should be set using the optInp.sigFieldSettings field.

The following values are used by default if no signature field settings are provided:

{
  "page": -1,
  "x": 30,
  "y": 30, 
  "height": 80,
  "width": 500,
  "showReason": false,
  "showTime": true
}
Existing field

When signing an existing field, the field name is required. The field must exists in the PDF document and must not be signed already.

New Field

The new field should at least have a location. The location should be set using sigLocation.

A location is defined in the PDF coordinate system (user space). The units in the coordinate system are called points. There are 72 points in an inch with 1 point being approximately 0.35 milimeters. The origin is located in the bottom left corner of the page. X coordinates increase to the right. Y coordinates increase to the top of the page. Both height and width are expressed in points.

Signature result

The resulting PDF document is available in the optOutp.docWithSignature field of a completed signature result.

XML

Multiple XML signature types are supported. All types support enveloped signatures over the containing document. Hence only the containing XML document can be sent in a signature request. There is currently no support for enveloping or detached signatures.

XAdES is an extension to XMLDSig for advanced electronic signatures. All signature types thus comply to XML Signature Syntax and Processing Version 1.1. The XAdES signature types also comply to ETSI EN 319 132-1 V1.1.1.

Signature session

The specific signature type is identified using one of the following URIs:

Signature Type URI
XMLDSig urn:myid:dss:1.0:signature:xmldsig
XAdES Baseline B urn:myid:dss:1.0:signature:xades-baseline-b
XAdES Baseline T urn:myid:dss:1.0:signature:xades-baseline-t
XAdES Baseline LT urn:myid:dss:1.0:signature:xades-baseline-lt
XAdES Baseline LTA urn:myid:dss:1.0:signature:xades-baseline-lta

The URI value should be provided in the sigType field of the optInp field of the signature request.

The containing XML document should be added in the signature session using the inDocs.doc field. It is currently not possible to add more than one document.

The location of the Signature element can be defined using xPathAfter or xPathFirstChildOf field in optInp.sigPlacement. These fields are mutually exclusive. If no fields are provided, the signature is added as child of the root element of the containing document. Namespace declarations should be added in field nsDecl.

Signature result

The resulting XML document containing the Signature element is available in the optOutp.docWithSignature field of a completed signature result.

  1. ETSI TS 103 172: Electronic Signatures and Infrastructures (ESI); PAdES Baseline Profile