If you found this page then chances are that you need to replace your DigiDocService integration immediately with more modern solutions.
Unfortunately it is not most trivial task and might cost you decent amount of money and headache. Most companies with expertise in the field are big and well fed from government contracts so getting help for smaller businesses is not so easy if the project budget is not in the range of millions.
Jump here to see how eID Easy can help you replace DigiDocService with custom app or how to use eID Easy SaaS solution.
For some time, DigiDocService was the only method for integrating Mobile-ID into your app.
In addition to that, it was also the simplest way for integrating ID card authentication and signing into your app. Unless you were a Java or C developer, it was the only practical way. Ready-made libraries only existed in these two languages. This would have made implementing ID card signatures into your Node or PHP apps very impractical, for example.
Time moves fast and there are several options available for developers in the Estonian market now (e.g eID Easy). For DigiDocService, this means goodbye. As developer tooling is now cared for by third party service providers and public libraries, DigiDocService’s maintainer SK ID Solutions wishes to shift its attention elsewhere, probably even more to its core offerings – qualified certificates, the Smart-ID app etc.
Mobile-ID has moved to Mobile-ID REST API. For ID card signature services, developers are left to either build their own implementations with public libraries (Java and C), use one of the pre-made, self-hosted Java services (SiGa for signing and SiVa for validation), or use a third party provider.
What you should do
Self-hosted implementations are overly complex for most use-cases. They require developer time, put constraints on the technologies you can use, and they place a maintenance burden on you – all of these things need to be kept up to date, and they need to fit into your continuously evolving infrastructure. Unless your needs are highly specific and uncommon, using a third party provider is the best solution.
eID Easy, as a third party provider, gives you the following:
- All authentication methods from a single implementation – authentication by ID card, Mobile-ID and Smart-ID
- All signing methods from a single implementation – signing by ID card, Mobile-ID and Smart-ID
- Implement in any language, easily. Our authentication flow is OAuth 2.0 based – ready-made libraries exist for it in all popular languages. Our signature flow is sooo simple, send files to be signed and get back signed file after user has signed.
- No maintenance burden. You implement it once, we will take care of any necessary certificate updates etc.
- Implement multiple countries in one go. We support Estonian, Latvian and Lithuanian methods. If there’s some other method you’d like us to add, get in touch and let’s discuss it.
- Estonian made.
Ready to get started? Jump in to our documentation.
Our SaaS service doesn’t cover your needs? We are experts in the field of eID authentication and signatures. We can help you out with good advice, or offer our know-how in the form of development services. Get in touch with email@example.com or call +372 555 29 332.
More details of how to create ASICE containers.
Asice (or bdoc) container is itself zip file with data files and signatures. This means that you can add datafiles(files to be signed) with regular zip file tools.
Signing asice container contains of couple of steps. Before signing itself we need to get signer public certificate as this will be part of the signed object. Secondly most complex part – creating data to sign. This means that object is created containing all datafiles, current computer timestamp, signer certificate and some more magic. This object is then hashed and the hash will be signed. Since the source object creation is quite specific then digidoc4j or similar library is strongly recommended.
Once we have the hash to be signed then signing process happens in the ID card smart card chip or Mobile-ID service or wherever the signer private key is located.
Once the signature is created then timestamp will be added to the signature or sometimes timemark that contains just OCSP response telling us that certificate is valid at that point.
Now signature with timestamp will be added to the asice container and we are all done.