XAdES and CAdES Detached signature by providing the document digest
Integrators can perform hash signatures on XAdES and CAdES detached signature types. Server signing of file summaries, known as hashes or digests, is used when the document to be signed is too large to travel over the network. In this case, its hash or digest is calculated and it is this that is sent for signature.
The advantages of hash signing in XAdES and CAdES detached signature types are clear, instead of sending documents that can weigh several hundred Mb, the associated hash is sent, drastically reducing the size that navigates the network.
The configuration is identical to that of a traditional server signature, providing the digest of the document in the "bytesB64" of the document, in addition to adding parameters to specify that what is going to be signed is a hash and the algorithm used for the creation of said hash. Since these are signatures of large files, the type or envelope of the signature must be DETACHED, in order to later be able to validate that the original document corresponds to the signed hash.
This signature type is only available for XAdES and CAdES signatures.
Example of XAdES Detached signature providing in the digest of the document
The parameters that are received (in 'application/json' format) have the following form:
{
"signatureConfigurations": [
{
"document": {
"bytesB64": "gYbYj9w6DofPvCfwqKKwXitsErA=",
"name": "test.xml"
},
"signatureType": "XADES_B",
"signatureAlgorithm": "RSA_SHA256",
"packaging": "DETACHED",
"xadesConfiguration": {
"hashSignature": true,
"hashDigestAlgorithm": "SHA256"
}
}
]
}
Where:
| Parameter | Type | Description |
|---|---|---|
| signatureConfigurations/Document/bytesB64 | string | digest of the document to be signed. |
| signatureConfigurations/signatureType | string | Signature policy to be used. |
| signatureConfigurations/signatureAlgorithm | string | Algorithm that will be used to encrypt the signature. Available values: - 'RSA_SHA1' - 'RSA_SHA224' - 'RSA_SHA256' - 'RSA_SHA384' - 'RSA_SHA512' |
| signatureConfigurations/packaging | string | Signature wrap. Available values: - DETACHED |
| signatureConfigurations/xadesConfig/hashSignature | boolean | If the value is true, we are reporting that we want to sign a hash |
| signatureConfigurations/xadesConfig/hashDigestAlgorithm | string | We must inform the algorithm with which the hash or digest has been generated |
Example of a CAdES Detached signature provided in the digest of the document
The parameters that are received (in 'application/json' format) have the following form:
{
"redirectUri": "{{redirect_uri}}",
"certificateCode": "{{certificate_code}}",
"signatureConfigurations": [{
"document": {
"bytesB64": "duqznMIZ0P/3qE1Of7p3HPedybAVeRhXr235PgylADU=",
"name": "original.pdf"
},
"signatureType": "CADES_B",
"signatureAlgorithm": "RSA_SHA256",
"packaging": "DETACHED",
"cadesConfiguration": {
"hashSignature" : true,
"hashDigestAlgorithm" : "SHA256"
}
}]
}
Where:
| Parameter | Type | Description |
|---|---|---|
| signatureConfigurations/Document/bytesB64 | string | digest of the document to be signed. |
| signatureConfigurations/signatureType | string | Signature policy to be used. |
| signatureConfigurations/signatureAlgorithm | string | Algorithm that will be used to encrypt the signature. Available values: - 'RSA_SHA1' - 'RSA_SHA224' - 'RSA_SHA256' - 'RSA_SHA384' - 'RSA_SHA512' |
| signatureConfigurations/packaging | string | Signature wrap. Available values: - DETACHED |
| signatureConfigurations/cadesConfig/hashSignature | boolean | If the value is true, we are reporting that we want to sign a hash |
| signatureConfigurations/cadesConfig/hashDigestAlgorithm | string | We must inform the algorithm with which the hash or digest has been generated |
results matching ""
No results matching ""