|Version ||Published ||Changelog |
|3.10.2 ||17.10.16 || |
- Fixed bug in certificate cache usage that caused signature creation errors for some Lithuanian Mobile-ID users who had replaced their Mobile-ID SIM cards. (DDS-2009)
- Fixed a bug that occurred when trying to sign BDOC-TS/ASiC-E containers containing PDF data files by using MobileSign method. (DDS-2003)
- Fixed a bug that caused failure when signing BDOC-TS/ASiC-E documents with certificates issued by another CA than Sertifitseerimiskeskus. (DDS-2016)
- Updated service’s public documentation. (DDS-2014, DDS-2001, DDS-2000, DDS-1996, DDS-1995)
- Internal improvements of the service’s administration interface. (DDS-2017, DDS-2007, DDS-2006,DDS-1994)
|3.10.1 ||04.05.16 || |
- The service now supports BDOC-TS/ASiC-E container operations, including signature creation. This version support signing with user certificates issued by Sertifitseerimiskeskus. Handling BDOC-TS/ASiC-E containers without datafiles (in HASHCODE format) is not supported. (DDS-1955, DDS-1896, DDS-1730, DDS-1730, DDS-1725, DDS-1717, DDS-1661, DDS-1660, DDS-1660, DDS-1658, DDS-1657, DDS-1657, DDS-1651)
- Removed RevocationData element from MobileSignHash response. MobileSignHash method doesn’t include automatic OCSP validity check of the signer's certificate anymore. Checking validity of the certificate should be done separately by using CheckCertificate method or requesting the data directly from OCSP service (DDS-1878)
- Improved the cache refreshing during authetication with Lithuanian Mobile-ID. When certificate in internal certificate cache is revoked or expired, now the service tries to automatically retrieve new certificate from extenal store and use it. (DDS-1532)
- Fixed a bug in StartSession method. Using the StartSession method with BDOC files in HASHCODE format now correctly returns “HASHCODE” ContentType instead of “EMBEDDED_BASE64”. (DDS-1914)
- Fixed a bug that in some circumstances caused the GetMobileCertificate method with parameter ReturnCertData=bothRSA to return expired certificates. (DDS-1959)
- Updated libraries (incl DigiDoc4J and JDigiDoc). (DDS-1881)
- Internal improvements related with building system, administration interface and logging.
| ||14.04.16 ||The only supported HTTP protocol versions are 1.0 and 1.1 |
| ||10.03.16 ||In addition to existing rpc-encoded WSDL, service is now serving literal stile WSDL. The URL of the new WSDL is https://digidocservice.sk.ee/dds_literal.wsdl. (DDS-1647) |
|3.9.2 ||02.03.16 || |
- Fixed error that occurred in version 3.9.1 of the service and caused problems with supporting BDOC containers that contained BOM mark in signatures.xml file. (DDS-1947)
- In case of HASHCODE files, the DigestType parameter value is now returned with exactly the same upper and lower case formatting as it was sent to the service (analogously as in versions 3.8.x of the service). For example, if the StartSession request contains DigestType value formatted as "SHA1" then the respective GetSignedDoc response uses the same formatting, i.e. DigestType="SHA1”. (DDS-1953)
- Internal improvements in administrator interface. (DDS-1908)
|3.9.1 ||17.02.16 || |
- Added validation support for signatures in BDOC-TS/ASiC-E format. BDOC-TS/ASiC-E signatures can now be validated by using StartSession method, additionally, the signature container related methods supported are GetDataFileInfo, GetDataFile, GetSignedDoc, GetSignedDocInfo, GetSignersCertificate, GetNotary and GetSignersCertificate. Version 3.9.1 does not yet support methods PrepareSignature, MobileSign, AddDataFile, RemoveDataFile, RemoveSignature. (DDS-1662, DDS-1654, DDS-1655, DDS-1655, DDS-1758)
- During signature creation process, the created signature is now also validated, if the signature is not valid then an error is returned instead of the signature. This change affects all signature creation methods: MobileCreateSignature, MobileSign, PrepareSignature and FinalizeSignature. (DDS-1522)
- Added possibilty to GetMobileCertificate method to choose certificate type (ECC/RSA). (DSS-1817)
- MobileSignHash is containing additional optional parameter KeyID which allows to choose used key type. This mean that with new generation Mobile-ID SIM cards it’s possible to use RSA keys instead of default ECC keys. (DSS-1816)
- When incorrect certificate is found in SignHash method, error code 201 is returned. Previously general error code 200 was used. (DDS-1891)
- Fixed conflict between CheckCertificateResponse and WSDL file. This difference appeared using Lithuanian and Finnish ID-card certificates. (DDS-1786)
- Unified the date and time format that is used in case of different container versions. Now, the date and time values that are returned in case of DIGIDOC 1.1 and DIGIDOC 1.2 documents are also in format YYYY-MM-DDTHH:MM:SSZ. (DDS-40)
- The service now provides .NET compliant document-literal style WSDL from a separate location. (DDS-1647)
- Fixed bug that didn’t allow Bite and Lithuanian Tele2 customers to sign BDOC-TS/ASiC-E format documents (DDS-1847)
- Patched operating system, updated DigiDoc4j and jDigiDoc libraries started using Java 8. (DDS-1655)
- Internal improvements related with logging and administration interface
|3.8.5 ||13.01.16 ||Added support for verification of the files which are signed with certificate issued by ESTEID-SK 2015 (DDS-1897) |
|3.8.4 ||03.12.15 ||Internal improvements related with log writing (DDS-1870) |
|3.8.3 ||26.06.15 || |
- Changed handling Lithuanian Tele2 and Bite Mobile-ID requests. Failures in mobile operator’s detection interface no longer cause service interruptions for Mobile-ID users (DDS-1785)
- Internal improvements in administrator and monitoring interface.
|3.8.2 ||06.05.15 || |
- Fixed a bug that caused failure in Mobile-ID usage for EMT and Tele2 Estonian clients, if the MID request message language was set as Lithuanian ("LIT"). (DDS-1756)
- Fixed a bug that, in rare occasions, caused failure of Omnitel Mobile-ID requests. (DDS-1701)
- Corrected the texts that are sent to mobile phone when conducting Mobile-ID operations with Elisa and Omnitel mobile operators. (DDS-1700, DDS-1702)
- Solved resource usage issue that, in certain occasions, caused one service node to incorrectly respond to requests. (DDS-148)
- Transformed the SOAP messages' style according to the style used in version 3.7.1 of the service. Unlike to the style used in version 3.8.1 of the service, the local name space attributes are not defined in all of the XML elements. (DDS-1696)
- Fixed a bug that caused GetVersion request to return an incorrect version of the JDigiDoc library that is used by the service. (DDS-1703)
- Changed the interval of closing expired sessions from 2 minutes to 30 seconds. The time-out of the service's own sessions remains at 2 minutes. (DDS-1706)
- In case of using MobileCreateSignature method with BDOC 2.1 format, the slash character ("/") is removed from the beginning of all data file references (element DataFiles/Id). (DDS-1694)
- Corrected the service's V2 WSDL: fixed broken reference to XSD, specified correct address of the service. The current change affects only users of the service's V2 method MobileSignHash. (DDS-1678)
- Internal improvements in the service related with logging, access management and administration environment.
|3.8.1 ||12.03.15 || |
- Service method MobileCreateSignature allows creating signatures in BDOC-TS format. Other service methods will get BDOC-TS format support in service version 3.9 (DDS-1561)
- GetDataFile method parameter ContentType usage harmonized with documentation and DDOC implementation. ContentType parameter value with BDOC container is now same as for DDOC files – “EMBEDDED_BASE64” (3.7.1 and earlier versions had BDOC value set to "BINARY") (DDS-78)
- Fixed a bug where some access privileges were not properly checked (for example in case of getMobileCertificate method) (DDS-1595)
- ECDSA signature that's returned by the service is always converted to standardised CVC 512 bit form (DDS-1613)
- Service method PrepareSignature parameter SignersTokenId is no longer mandatory (DDS-1558)
- Improved processing of SOAP messages in Multiref form. (DDS-1612)
- StartSession query, while validating BDOC files containing unknown OCSP responder certificates, does not return a global error any more. Error will be returned inside signature validity SignedDocInfo structure. (DDS-1616)
- Fixed bugs that in some cases caused empty Signature and RevocationData parameter values in GetMobileSignHashStatus method responses (DDS-1614, DDS-1611)
- Error message has been specified for situation where service receives a BDOC hashcode form data and the received datafile hash is in incorrect form. Error message is now: “BDOC HASHCODE container has invalid length for file-entry: file1.txt. Hash length is 64 bytes, required length is 32 bytes.” (DDS-1553)
- Mobile-ID methods will now remove spaces inside PhoneNo parameter value. (DDS-1538)
- Started using DigiDoc4J library (DDS-1517)
- Upgraded internal libraries incl. JDigiDoc library version 3.10 (DDS-1624, DDS-1646)
- The XML in SOAP responses can contain duplicate namespace declarations. This change is caused by the use of a new library DigiDoc4J which uses different XML processing libraries.
- Internal service security patches (DDS-1622, DDS-1618)
- Internal improvements to administrator interface, service logs and performance.
| ||09.03.15 || |
- Operating system has been patched and Java upgraded.
- Internal improvements for performance.
|3.7.1 ||11.12.14 || |
- Added support for Mobile-ID SIM cards which use Elliptic Curve Cryptography. For auhentication and signing BDOC files new SIM cards are using ECC prime 256v1 key set and for signing DDOC files RSA 2024 key set. (DDS-1581, DDS-1580, DDS-1579, DDS-1578, DDS-1565, DDS-977)
- Defined using SigningProfile value “LT” in PrepareSignature, MobileSign and MobileCreateSignature methods. In the current version using this value will result as an error. BDOC-TS (BDOC with timestamp, ASiC-E) signature format is not supported in the service version. Support will be added in next version. (DDS-1592, DDS-1597)
- Improved the handling of BDOC HASHCODE files. The service is now less sensitive for input file "compressed size" value. (DDS-1577)
- Fixed an error when using MobileSign method for DDOC signing with Bite older generation Mobile-ID. (DDS-1562)
| ||23.10.14 ||Because of CVE-2014-3566 (POODLE attack) security vulnerability SSL v 3.0 protocol is not supported any more |
|wsdl ||01.10.14 || |
- Service WSDL file is now compliant with the service version 3.6:
- Added MimeType subelement to the DataFileDigest object. MimeType parameter was added in version 3.6.5
- GetVersion method response is now containing two new parameters “Libname" ja “Libver” instead of the old parameter “LibraryVersion”. Change was made in service version 3.3.11
- GetSignatureModules method description removed from the WSDL. Usage of the GetSignatureMethod method is not supported since service version 3.4.1
- Harmonized namespaces in the WSDL, removed the differences in production and public test environment WSDL files
|188.8.131.52 ||19.09.14 || |
- Fixed the compatibility issue in GetSignedDoc method when returning DDOC in hashcode format where element value in the container was after ver 3.6.5 always in lowercase letters
|3.6.6 ||18.09.14 || |
- Changed the interface with SK Mobile-ID OTA platform
|3.6.5 ||17.09.14 || |
- Added support for HASHCODE mode to BDOC file format. It's now possible to verify and sign files in BDOC format without sending the datafiles to the service (DDS-468)
- MobileCreateSignature method now allows to transmit MimeType parameter while signing BDOC files (DDS-1047)
- Prevented the creation of invalid signatures when service received a DDOC document in wrong namespace (DDS-446)
- Improved signature verification warning system. Now the JDigiDoc library errors 129 WARN_WEAK_DIGEST and 177 ERR_OLD_VER are considered as warnings. Detailed information can be found in the service specification, chapter 184.108.40.206 (DDS-134)
- Fixed an error when using MobileSignHash method with Bite Mobile-ID (DDS-1504)
- Fixed JDigiDoc library error where service changed signatures invalid when the initial DDOC container contained datafiles with wrongly calculated size DDS-381)
- Improved the logic of internal certificate buffer base renewal (DDS-1498)
- Improved the priority system when searching certificates from external certificate repositories (DDS-1051)
- Operating system has been patched and internal libraries in use have been updated (inc. JDigiDoc to version 3.9) (DDS-992, DDS-1499,DDS-976,DDS-949)
- Internal improvements to service logs, user and rights management, administrator interface and service statistics reports.
|3.5.4 ||02.07.2014 || |
- Fixed error that caused an invalid signature to be created when signing a BDOC document and the signer CA certificate's CN field contains brackets.
- Fixed error that caused an invalid container to be created when multiple data files with the same name were added to a BDOC container.
- Fixed error that occurred when removing a signature from BDOC container and then adding a new signature. Previously, an invalid signature was created as a result.
- Improved error handling of external certificate store functionality. If the certificate store returns "Internal error" then instead of error code 301 (Not a Mobile ID user), the DigiDocService web service now returns error code 201 (Error while requesting certificate from repository).
- Fixed internal error regarding logging functionality.
|3.5.3 ||26.05.2014 || |
- Bugfix: With BDOC files GetSignedDocInfo structure didn't contain SignatureInfo->Confirmation->ProducedAt element.
- Bugfix: Using HASHCODE mode it wasn't possible to send to the service big files (declared file size bigger than 70 MB)
- In case of restricted OCSP access instead of error code 200 (internal error) error code 103 (access denied) is returned.
- Fixed compatibility problems with new SK Mobile-ID OTA platform
- Database handling optimization updating internal certificate cache
|3.5.2 ||21.05.2014 || |
- Fixed a bug that prevented signing BDOC files with ID-cards issued before 2011.
- Added Elliptic Curve Cryptography (ECC) based certificates support to Mobile-ID signing methods
- BDOC container signature.xml datafile mime-type has been changed similarly to the rest of ID-software to "application/octet-stream"
- Changed error handling when requesting Mobile-ID certificates from other certifiers repositories. Displayed external certificate repository error is now 201 (Error while requesting certificate from repository) instead of 200 (Internal Error). Error objects "message" field also contains the name of external certificate respository.
- Changed error handling for OCSP requests. When using MobileAuthenticate, CheckCertificate and FinalizeSignature methods the OCSP request error code 200 (Internal Error) was replaced with 202 (Error in OCSP proccessing).
- Fixed bug that in rare cases returned incorrect info about the end of signing process when using MobileSign and GetStatusInfo requests.
- The performance of the service has been improved when using MobileSign and Finalizesignature methods
- Improved SOAP input message validation (phonenumber parameter, mandatory ServiceName element)
- GetMobileCertificates request was changed. The query no longer gives information regarding certificate status. More information can be found in service specification. GetMobileCertificate method no longer uses internal SK buffer database and the certificate is always requested from the original certificate repository. In case of certificate repository errors the code is 201 and error object "message" field contains the name of external certificate repository.
- If a document that is sent to the service contains multiple datafiles with same ID then there is now returned an error and it's no longer possible to operate with this document.
- Added support for new BITE Mobile-ID service provider
- Many internal fixes and improvements
|3.5.1 ||27.03.2014 || |
- Added support for BDOC 2.1 file format
- Implemented support of validation statuses used by JDigiDoc library. In case of minor technical errors in the signed files validation results is shown together with WARNING, meaning that the file is legally valid but further alterations (adding/removing signatures) are restricted. When validating such files in SignedDocInfo block the validity of the signature is shown as OK, but there is also added Errorinfo element with WARNING level. Warning situations and corresponding error codes are described in the documentation of JDigiDoc library in section 220.127.116.11 http://www.id.ee/public/SK-JDD-PRG-GUIDE.pdf
- Added Elliptic Curve Cryptography (ECC) based certificates support for Mobile-ID authentication methods
- Improved error handling for Bite Mobile-ID certificate store requests when certificate is expired, instead of common INTERNAL ERROR error message NO_CERTS_FOUND is returned.
- Added ReturnRevocationData default value "false" when using method CheckCertificate
- Installed all op. system updates and patches and updated internal libraries, incl JDigiDoci library updated to ver. 3.8.1
- Many internal fixes and improvements
|18.104.22.168 ||05.03.2014 || |
- Fixed the problem which caused double OCSP request when using method MobileCreateSignature
|3.4.1 ||20.02.2014 || |
- Added support of the new SK Mobile-ID OTA platform.
- Added multiple OTA platform support for single mobile operator.
- CheckCertificate method now allows to verify Finnish and Latvian ID-card certificates.
- Security fix in jdigidoc library.
- Fixed an Elisa Mobile-ID usage error in SEB EE internet bank.
- In StartSession method DataFile element it's allowed to use nil/nul and empty string values as it was in 2.3.5 and older service versions.
- Improved hash (challenge) generation algorithm in MobileAuthenticate method.
- MobileSignHashRequest method's error 5 description has been modified to match the documentation.
- GetSignatureModules method has been removed, it was already unsupported in the earlier versions.
- It's now allowed to use empty Message field in MobileSignHashRequest method.
- Many internal fixes and improvements to simplify service administration.
|3.3.14 ||23.01.2014 || |
- Fixed DDOC <DataFile> elements DigestValue atribute verification. This is very important security fix that affects the verification of DDOC files
- In order to take into account the service provider server configuration the load balancer in Sonic connections was made configurable.
- The Java version used in services was updated.
|3.3.13 ||14.01.2014 || |
- Enhanced OCSP query processing logic
- Increased EMT Mobile-ID operations timeout to 120 seconds
|3.3.12 ||11.12.2013 || |
- Fixed a Bite Mobile-ID error that occurred when MobileSignHash method was used.
- Fixed an error where in some cases GetMobileAuthenticateStatus response didn't contain "signature" field value.
- Internal service improvements for log writing and access management.
|3.3.11 ||15.11.2103 || |
- Added support for "multiRef" and "href" SOAP requests
- Added support for SOAP messages with namespace prefix
- MobileAuthenticate method "Challenge" parameter value is always returned with upper case characters
- Added support for different hash algorithm name formats (sha1, SHA-1, SHA1, sha-1) when HASHCODE DigiDoc is sent to service
- GetVersion method returns correct version number
- WSDL complies with updated method GetVersion (since version 3.x GetVersion method has 4 response parameters (Name, Version, Libname, Libver) instead of 3)
- Improved Lithuanian number portability database query handling
|3.3.10 ||10.10.2013 || |
- Security fix. DigiDocService ver 3.x could mistakenly give positive results on verificaton invalid DDOC container in certain conditions.
- Fixed session handling
|3.3.9 ||03.10.2013 || |
|Differences between versions 3.2.5 and 3.3.8 ||19.09.2013 || |
- Client cookies are no longer used.
- Added support for HTTP chunked mode.
- Added support for BOM markers in SOAP messages.
- Different hash algorithm name formats are supported (sha1, SHA-1, SHA1, sha-1).
- Fixed XML messages namespace handling. Now there is support for the form where namespace prefix for XML element can be inherited from the parent element.
- Fixed JDigiDoc error where signature XML's X509IssuerName and X509SerialNumber elements were in the wrong namespace.
- SignersCountry parameter was made optional.
- File name has to be unquie in the document container.
- Added new method for hash signing, MobileSignHashRequest().
- Added new version of MobileAuthenticate() method, the MobileAuthenticateRequest().
- Country code was made optional in the input data of GetMobileCertificate(), MobileAuthenticate(), MobileCreateSignature() and MobileSign() methods.
- Container format BDOC 2.0 is supported
- jdigidoc ver 3.8.0 is used
|Differences between versions 2.3.5 and 3.2.5 ||04.04.2013 || |
- The usage of this method is limited (IP-address based access). It is necessary to request the separate access from SK with clear argument why it is needed.
- GetMobileCertificate method’s all 3 input parameters (IDCode, Country, PhoneNo) are mandatory
- Not supported POST requests to https://digidocservice.sk.ee/?wsdl. Requests should be posted to https://digidocservice.sk.ee/ or https://digidocservice.sk.ee/DigiDocService/
- Updated methods GetMobileAuthenticateStatus,
GetMobileCreateSignature and GetStatusInfo response messages status descriptions.
- Updated SOAP error codes (103; 203; 304; 305).
- When MobileSign method is active (until the end of mobile signing process) GetSignedDocInfo method returns error 203 - "Session is in use by another SOAP call"
- In case of expired certificate MobileAuthenticate, MobileCreateSignature and MobileSign method return error code 305
- Container format BDOC 1.0 is not supported
- The only supported container format is DIGIDOC-XML 1.3
- Previous formats (SK-XML 1.0, DIGIDOC-XML 1.1 and DIGIDOC-XML 1.2) are only supported for verification (container format is checked MobileCreateSignature and CreateSignedDoc methods). If an inappropriate combination of given format and version number is used in request parameters, a SOAP error object with error message “Invalid format & version combination!” will be returned.
- Added the limitation on the number of concurrent connections. When limit is exceeded HTTP errorcode 503 is returned.
- The size limit of 4 MB applies for DigiDoc containers and datafiles sent to Service. When limit is exceeded HTTP errorcode 413 is returned.
- Many service inner updates
- GetSignatureModules method is not supported
- GetVersion method has 4 response parameters (Name, Version, Libname, Libver) instead of 3
- Added support for Lithuanian operator's Bite and Tele2 Mobile-ID. For Lithuanian Mobile-ID, it is mandatory to send always 2 input parameters - personal code and phone number in all requests.
- Added support for Lithuanian ID-card and digital identity issued in USB-token.
- jdigidoc ver 3.7.0 is used
- As a result of transition from DigiDoc C-library to JDigiDoc library, some XML elements' namespace attribute values and whitespace characters in DigiDoc files may be different in comparison with the files created with the previous version.
|Differences between versions 2.3.30 and 2.3.5 || || |
- Added method CheckCertificate
- Many internal updates to the service
|Differences between versions 2.3.3 and 2.3.5 || || |
- Added method GetMobileCertificate.
|Differences between versions 1.100 and 2.3.3 || || |
- Added methods MobileAuthenticate, GetMobileAuthenticateStatus, MobileCreateSignature ja GetMobileCreateSignatureStatus;
- Updated method MobileSign;
- All parameter names are capitalized (Sesscode, Datafile etc).
- Enhanced service performance and continuity
|Differences between versions 1.100 and 1.101 || || |
- Added new parameter SigningProfile to methods StartSession, MobileSign, PrepareSignature.
- Session identifier moved from SOAP message header to message body as a first parameter.
- Added methods to deal with RFC 3161 timestamps and certificate revocation lists (CRL).
|Differences between versions 1.000 and 1.100 || || |
- Added methods for signing with Mobile-ID: MobileSign and GetStatusInfo