Signature types
This section details what can be signed and what the signature session request should contain.
A signature session must use the myID.be® signature profile, identified by urn:myid:dss:1.0
.
This value should be provided as the only element of the profile
field in the signature request.
myID.be® supports Digest, PDF (PAdES) and XML signatures.
Digest
The Digest profile allows signing arbitrary data using its digest value. A digest is the result of a one-way hash function that takes the arbitrary data as input. Any type of data can be signed using the Digest profile.
Signature session
The Digest signature type is identified using URI: urn:myid:dss:1.0:signature:digest
.
This value should be provided in the sigType
field of the optInp
field of the signature request.
The digest of the binary data should be added in the signature session using the inDocs.docHash
field.
Digest methods
The binary data should be hashed using one of the following hash algorithms:
- SHA256
- SHA384
- SHA512
Signature result
The resulting signature is available in the sigObj
field of a completed signature result.
PDF - PAdES
The PAdES profile allows signing PDF files using LTA-Level conformance 1. It is based on PDF 1.7 of Adobe Systems and supports the following digital signature operations:
- Adding a digital signature to a document,
- Providing a placeholder field for signatures,
- Checking signatures for validity.
Signature session
The PAdES signature type is identified using URI: urn:myid:dss:1.0:signature:pades-baseline-lta
.
This value should be provided in the sigType
field of the optInp
field of the signature request.
The PDF documents should be added in the signature session using the inDocs.doc
field.
Signature field settings
Signature field settings configure the visual properties of the signature field.
Only one signature field per document can be configured (and signed).
The settings should be set using the optInp.sigFieldSettings
field.
The following values are used by default if no signature field settings are provided:
{
"page": -1,
"x": 30,
"y": 30,
"height": 80,
"width": 500,
"showReason": false,
"showTime": true
}
Existing field
When signing an existing field, the field name
is required. The field must exists in the PDF document and must not be signed already.
New Field
The new field should at least have a location. The location should be set using sigLocation
.
A location is defined in the PDF coordinate system (user space). The units in the coordinate system are called points. There are 72 points in an inch with 1 point being approximately 0.35 milimeters. The origin is located in the bottom left corner of the page. X coordinates increase to the right. Y coordinates increase to the top of the page. Both height and width are expressed in points.
Signature result
The resulting PDF document is available in the optOutp.docWithSignature
field of a completed signature result.
XML
Multiple XML signature types are supported. All types support enveloped signatures over the containing document. Hence only the containing XML document can be sent in a signature request. There is currently no support for enveloping or detached signatures.
XAdES is an extension to XMLDSig for advanced electronic signatures. All signature types thus comply to XML Signature Syntax and Processing Version 1.1. The XAdES signature types also comply to ETSI EN 319 132-1 V1.1.1.
Signature session
The specific signature type is identified using one of the following URIs:
Signature Type | URI |
---|---|
XMLDSig | urn:myid:dss:1.0:signature:xmldsig |
XAdES Baseline B | urn:myid:dss:1.0:signature:xades-baseline-b |
XAdES Baseline T | urn:myid:dss:1.0:signature:xades-baseline-t |
XAdES Baseline LT | urn:myid:dss:1.0:signature:xades-baseline-lt |
XAdES Baseline LTA | urn:myid:dss:1.0:signature:xades-baseline-lta |
The URI value should be provided in the sigType
field of the optInp
field of the signature request.
The containing XML document should be added in the signature session using the inDocs.doc
field. It is currently not possible to add more than one document.
The location of the Signature element can be defined using xPathAfter
or xPathFirstChildOf
field in optInp.sigPlacement
.
These fields are mutually exclusive. If no fields are provided, the signature is added as child of the root
element of the containing document. Namespace declarations should be added in field nsDecl
.
Signature result
The resulting XML document containing the Signature element is available in the optOutp.docWithSignature
field of a completed signature result.