Technology

Here is listed some of the tools, frameworks and technologies we are working to achieve secure user identification and creating digital signatures.

  • Apache2 web server which has great built in support for Client Certificate Authentication. This means that it will request end user to present certificate from his ID card or token and sign SSL handshake data with authentication certificate and make certificate data fields readable by PHP. It will also perform Certificate Revocation list CRL and/or Open Certificate Status Protocol OCSP checks to make sure the certificate is valid.
  • Chrome token signing consists of 2 parts. a) OS native integration that interacts with ID card and the ID card reader, b) Browser integration that is using Chrome native messaging to talk with native component. Thanks to Estonian Information Systems Authority for making it work with not only Estonian cards but with many other countries also who are not able to build their own working software. It is officially tested to be working with Estonian ID Card, Finnish ID Card, Latvian ID Card, Lithuanian ID Card, Belgian ID Card, Luxembourgian LuxTrust Smartcard and Aladdin eToken.
  • hwcrypto.js is javascript library that works perfectly together with Chrome Token Signing. You click a button and hwcrypto requests chrome token signing to read (signing) certificate from the card and as a second steps asks the card to produce digital signature for the hash that is created with the certificate.
  • CEF eSignature building block DSS – backbone of eIDAS compliant digital signatures is https://github.com/esig/dss this enables working with all kinds of signature formats PAdES, XAdES, CAdES and ASiC-E and other types of containers. There is nice wrapper around it https://github.com/open-eid/digidoc4j that works especially well with Estonian ID card, Latvian ID card and Lithuanian ID card among others together with Timestamp and OCSP services from SK ID Solutions AS.
  • Spring Boot is used because it enables use of Java enhanced cryptography possibilities to work with digital signatures in all formats. Since DSS Digital Signature Services library works only with Java then most of the eIDAS digital signature apps are using some internal microservice build on Java if the application main language is not Java itself.
  • Laravel which is very secure and simple way to build web apps.
  • VueJS is enhancing Javascript on many places on our systems.

Special thanks

Augustus Vaškelis has been great help with Lithuanian translations. Vertimas į lietuvių kalbą by Augustus Vaškelis is licensed under CC BY-SA 4.0 

Categories: