What's the difference between the digital signature formats .ddoc, .bdoc and .asice?
BDOC is a new digital signature format developed in 2014 to replace the old, DDOC (DigiDoc) digital signature format. The benefits of the new format include the higher security level, the long-term integrity of the signed documents, as well as the better compliance with international standards.
The BDOC digital signature format comprises two technically different subformats. In order for end users to be able to easy differentiate between these subformats, each subformat has obtained its own file extension - .bdoc and .asice. See below for details on technical differences between the subformats.
Since version 3.10 the DigiDoc3 client application allows end users to create, verify and sign digital documents in both formats. By default DigiDoc3 client generates digitally signed files with the .bdoc extension. You can also change the default file format under the application settings. Since year 2015 it's recommended not to sign documents in the DDOC format.
Most Estonian organisations and e-services have already migrated to the BDOC format. However, it might still happen that their infosystems may sometimes not be able to process the files with the extenstion .ddoc. The .acise file format is primarily known as the internationally recognised digital signature format.
- .bdoc or BDOC-TM or ASiC-E LT-TM is the BDOC signature format with a time-mark. The RFC 2560 standard based time-marks ensure long-term proofability of the authenticity of the signature. This format has been used as a default digital signature format in Estonia since 2015.
- .asice or BDOC-TS or ASiC-E LT is the BDOC signature format with a time-stamp. In contrast to the LT-TM format, long-term proofability of the authenticity of the signature is ensured by the RFC 3161 standard based time-stamps. The ASiC-E LT signature is highly compliant with the international standards.
When it comes to deciding on choosing the BDOC signature profile, consider the purpose of the signed documents and potential end users. To ensure better compliance with international standards, it's recommended to sign documents with the time-stamp signature profile. Signature validation, on the contrary, works better when both profiles are supported. Also note that when you add a signature to the signed document, this signature must be created in the same format.
For information refer to the BDOC 2.1.2 specification.