It's recommended for DigiDoc library users to use the "direct" encrypting solution as often as possible. During "direct" encryption the files are not put into the intermediate DDOC container. All DigiDoc software libraries that support CDOC format also have support for "direct" encryption and decryption. Starting from DigiDoc3 crypto version 3.10 the same solution is also available for end-users. Read more about DigiDoc3 crypto here.
NB! "directly" encrypted CDOC documents can only be decrypted with DigiDoc3 crypto version 3.9 or newer. Other applications and information systems that use DigiDoc libraries for decrypting and assume that the decryptable files are inside the intermediate DDOC container may not be able to decrypt files created with DigiDoc3 crypto (starting from version 3.10) and by "direct" encrypting in libraries. The next version of TempelPlus software will also support files encrypted without intermediate DDOC container.
When using DigiDoc libraries it's needed to add an encryption method detection to the decryption process. Encryption method can be retrieved from <EncryptedData> element „Mimetype“ attribute value.
In case of DDOC intermediate containers the <EncryptedData> element „Mimetype“ attribute value is „http://www.sk.ee/DigiDoc/v1.3.0/digidoc.xsd“. When decrypting it's important to remember that for these containers the original files are inside DDOC container and have to be taken out to be used. The data about original files in DDOC container is found in <EncryptionProperty Name="orig_file"> element in the form of "<file-name>|<file-size-in-bytes>|<mime-type>|<DataFile-ID-DDOC-container>".
For all other "Mimetype" attribute values or in case of empty value, it's safe to assume that the file was encrypted "directly".
To avoid compatibility issues with other applications it's recommended to ensure that CDOC document XML parameters are correct and different encryption methods can be distinguished.
When ecnrypting "directly" it's necessary to set following CDOC container parameters:
- <EncryptedData> element „Mimetype“ attribute value should be set to encryptable input file MIME-type. „application/octet-stream“ could be used as default value.
When encrypting with DDOC intermediate container it's necessary to set following CDOC container parameters:
- <EncryptedData> element „Mimetype“ attribute value should be set to „http://www.sk.ee/DigiDoc/v1.3.0/digidoc.xsd“
- For every datafile in the intermediate DDOC container it's necessary to create <EncryptionProperty> element named "orig_file". Inside the element, the datafile data should be formatted as follows:
Additional information regarding parameters can be found in CDOC format documentation.