Convert XAdES to ASIC-E Container

What is XAdES?

XAdES (XML Advanced Electronic Signatures) is a flexible digital signature format based on XML, compliant with the eIDAS regulation. It includes details about:

• Which files were signed
• Who signed them
• Optional features like timestamps and OCSP responses
• File references or even full file contents

More information: Wikipedia - XAdES

What Is ASIC-E?

ASIC-E (Associated Signature Containers - Extended) is a packaging method for digital signatures. It bundles:

• All signed files
• Corresponding XAdES digital signatures

Into one compressed container with the .asice extension (other variants include .bdoc, .edoc, .adoc, .ddoc, .scs).

More information: Wikipedia - ASIC

Advantages of ASIC-E over Digitally Signed PDFs (CAdES, PAdES, PKCS#7)

• You can sign any type of file (not just PDFs)
• Multiple files can be signed in one container

Compatibility and Variants

Due to XAdES/ASIC-E's flexibility, regional differences exist. For example:

• Estonia: .bdoc, .ddoc
• Latvia: .edoc
• Lithuania: .adoc

To verify a valid .asice file across EU institutions, use the DigiDoc4 application:

• Windows Store
• id.ee Software Portal
• iOS & Android

If DigiDoc4 shows the signature as valid, it will be accepted by EU government institutions.

Structure of an .asice File

An .asice container is a ZIP file with a strict structure:

my-signed-container.asice
├── mimetype  (must be the FIRST file in the ZIP, content: "application/vnd.etsi.asic-e+zip")
├── META-INF/
│   ├── manifest.xml
│   ├── signatures0.xml (or other XAdES signatures)
├── test.txt
└── small.pdf

mimetype

• Content must be: application/vnd.etsi.asic-e+zip
• Must be the first entry in the ZIP file

META-INF/manifest.xml

Example if signing two files:

<?xml version="1.0" encoding="UTF-8"?>
<manifest:manifest xmlns:manifest="urn:oasis:names:tc:opendocument:xmlns:manifest:1.0">
  <manifest:file-entry manifest:full-path="/" manifest:media-type="application/vnd.etsi.asic-e+zip"/>
  <manifest:file-entry manifest:full-path="test.txt" manifest:media-type="text/plain"/>
  <manifest:file-entry manifest:full-path="small.pdf" manifest:media-type="application/pdf"/>
</manifest:manifest>

signatures0.xml

Contains the actual XAdES-Baseline-LT signature. (See full example in the original text.)

Creating an .asice Container

1. Put the signed files (test.txt, small.pdf) and XML files (manifest.xml, signatures0.xml) into a folder.
2. Ensure mimetype is the first file added when creating the ZIP.
3. Zip the contents.
4. Rename the .zip file to .asice.

Note: If you see an error like:

"An error occurred while opening the document. ASiContainer.cpp:312 Failed to read mimetype"

Then the mimetype file is not the first ZIP entry. Use a different ZIP tool or programmatically set the file order.

Tools and Resources

Sample code (PHP) for generating .asice files:
eideasy/eideasy-php on GitHub

Sample .asice container (for reference):
container.asice (hosted where applicable)