For developer

Last updated articles

  • Subscribe to the newsletter!

    We invite all ID-software and Digidoc4j library users to join the RIA newsletter to stay up to date with the latest news.

  • The new ID-card version will come with some changes for developers

    As of 1 August 2021, the Police and Border Guard Board will be issuing new ID-cards which are equipped with biometric personal data according to the ICAO Doc 9303-1 specification (https://www.icao.int/publications/Documents/9303_p1_cons_en.pdf). The new ID-card version…

ID-card

DigiDoc4 digital signing and signature validation with a test ID-card, mobile-ID and Smart-ID

In order to verify signatures given with test certificates in the DigiDoc4 client, you need to configure the test certificates manually. Otherwise the signature validation check will return the status “Unknown”.

ID-card testing

To test ID-card solutions, we recommend ordering a test card* issued by SK ID Solutions AS. Please note that for authentication and signing in the test environment with an ID card, the identification and signing…

Personal identification with an ID-card

There are two ways to realize personal identification with an ID-card in your e-service: use the certificate authentication built into the browser (TLS client certificate authentication or TLS-CCA) or the new online authentication and signing…

ID-card documentation

Documentation of different generations of ID-cards: applicable standards and technical documents to review before developing ID-card services.

Using ID-cards for logging in to Windows (Windows 10, 11 Windows Server 2016 / 2019 / 2022)

Instructions for configuring Windows domain for authentication of users with ID-cards, digital IDs and other digital eID documents

Reading personal data files from ID-cards

Information necessary for reading personal data from ID-cards issued since 2018

Signing with an ID-card

Several signing plugins have been developed for different operating systems and browsers: components and sample applications.

Development of encryption solutions

In the world of ID-card, encryption means that one or more files requiring encryption are merged into one file with .cdoc extension, which can only be opened by the specified recipients with an ID-cards authentication certificate.

The new ID-card version will come with some changes for developers

As of 1 August 2021, the Police and Border Guard Board will be issuing new ID-cards which are equipped with biometric personal data according to the ICAO Doc 9303-1 specification (https://www.icao.int/publications/Documents/9303_p1_cons_en.pdf). The new ID-card version…

Chip application generations supported by different versions of ID-software

The visual security elements and design as well as the chip application of ID-cards have been changed over the years. Only the latest ID-software supports the latest ID-cards.

Certificates required for verifying digital signatures

In order to verify files that are digitally signed with an ID-card or a mobile-ID and/or digitally stamped, all of the root certificates, certifiers and OCSP-responder certificates used to date must be configured in the information system.

BDOC, CDOC and ASICE DigiDoc file formats

An overview of DigiDoc container formats supported by different versions and components of the ID-software can be found on the DigiDoc container format life cycle page. There is also a sample file for each format.

Digital signing

BDOC file format

BDOC file format and its use.

DigiDoc4 digital signing and signature validation with a test ID-card, mobile-ID and Smart-ID

In order to verify signatures given with test certificates in the DigiDoc4 client, you need to configure the test certificates manually. Otherwise the signature validation check will return the status “Unknown”.

Digital signing with ID-card, mobile-ID, Smart-ID and e-Seal

In order to make it easier to add signing support to web applications, we recommend using a JavaScript library with a unified API that allows different plugins to be used in a similar way (independently of the operating system and the browser).

Recommended data file formats for digital signing

Nowadays, nearly all file formats are suitable for digital signing. There are no restrictions on digitally signed documents exchanged between information systems, but if a signed document is sent to an end-user, the most common and standard file formats should be preferred.

BDOC2.1 – New Estonian digital signature standard format

The new version of the Estonian digital signature standard EVS 821:2014 can be purchased from the Estonian Centre for Standardisation. The new standard is valid from 5 June 2014.

DigiDoc container format life cycle

An overview of DigiDoc container formats supported by different versions and components of the ID-sofrware.

BDOC, CDOC and ASICE DigiDoc file formats

An overview of DigiDoc container formats supported by different versions and components of the ID-software can be found on the DigiDoc container format life cycle page. There is also a sample file for each format.

Digital stamping

Digital stamping means digital signing with an e-Stamp designed for legal persons. The service is offered by SK ID Solutions AS. There are two methods of digital stamping: stamping individual documents with DigiDoc4 and mass stamping with the DigiDoc4j utility program.

Electronic signatures and addressing them in Europe

eIDAS (electronic IDentification, Authentication and trust Services) is the regulation on e-identification and e-transactions effective in the European Union, which is aimed at simplification of the use of cross-border e-services through harmonised standards and operating principles.

Informing user of unsuccessful signing

Upon electronic use of an ID-card, setup related errors may occur with the browser. To avoid problems, we recommend doing an automated check-up of the signing plugin in the e-service and display to the user as precisely a formulated error message as possible.

What is the difference between digitally signed documents with .bdoc and .asice extensions?

In Estonia, the BDOC format and its two subformats are used for digital signatures, which can be recognised by .bdoc and .asice file extensions.

Web eID

Web eID

The Web eID solution enables the use of Estonian digital documents (ID-card, digital ID, e-Resident’s digital ID, residence permit card, etc.) for secure authentication and signing on the web. Web eID is compatible with most…

The risk of session hijacking and man-in-the-middle attacks in Web eID

What measures will be taken to reduce the risk of a session hijacking attack in Web eID? As explained in the Cybernetica analysis, Web eID is protected against the session hijacking attack as well as all…

Identification

Personal identification with ID-card, mobile-ID and Smart-ID

Advantages of electronic identification over regular authentication solutions that use usernames and passwords.

Testing

Service testing: general information

For testing services, it is recommended to order a test ID-card, which are issued by SK ID Solutions AS. Depending on the profile of the organisation’s users, ordering different generation cards should be considered.

News for the developer

RIA is ending support for SOAP endpoints in the SiVa validation service

In version 3.9.0 of the SiVa validation service, support for SOAP endpoints will be discontinued in the third quarter of 2024.

EC LOTL trust anchors are changing

EC changed the LOTL (List of Possible Signers Certificates) trust anchors. Please note that those who have adopted the DigiDoc4j library must trust the corresponding trust anchors when using earlier versions (earlier than 5.0.0).

Changes in certification hierarchy during 2024

Dear customer, During the year 2024, SK will implement a new certification authority (CA) hierarchy. The current Estonian Certification Centre Root CA (EECCRCA) will be replaced with new root CA (ROOT G1), together with intermediate…

Tarkvaraarenduse komplekti (SDK) IDEMIA ID-kaartide rakenduste väljatöötamiseks avalikustamine RIA Github „open-eid“ koodihoidlas

Avalikustatud repositooriumid loovad baasi IDEMIA ID-kaartidele rakenduste arendamiseks. Avalikustatud repositooriumites on vahendid ID-kaardile rakenduste laadimiseks ning haldamiseks (armis-cli), enda rakenduste loomiseks (armis-applet-ecosystem) ning näidis teenus rakenduste isikustamiseks (armis-test-client-issuer-service). Põhjalikum kirjeldus asub vastavate projektide koodihoidlates:

Disclosure of the Software Development Kit (SDK) for developing IDEMIA ID-card applications in the RIA Github "open-eid" code repository

Publicized repositories create a base for IDEMIA ID cards for application development. The published repositories contain tools for loading and managing applications on the ID-card (armis-cli), creating your own applications (armis-applet-ecosystem) and a sample service…

TLS certificate is change in eID services

The change concerns eID services that use the *.ria.ee certificate. Certificate change schedule: On 07.11.2023 the TLS certificate will change in the tara-test.ria.ee environment On 14.11.2023 the TLS certificate will change in the tara.ria.ee environment…

Change of tsl certificate of sr.riik.ee server

Due to the change in the sr.riik.ee server's tsl certificate, users of the DigiDoc4J library may experience problems. Users of older DigiDoc4J library versions, in particular, may experience problems. The certificate and necessary instructions can…

Mobile-ID

DigiDoc4 digital signing and signature validation with a test ID-card, mobile-ID and Smart-ID

In order to verify signatures given with test certificates in the DigiDoc4 client, you need to configure the test certificates manually. Otherwise the signature validation check will return the status “Unknown”.

You wish to add a digital signature in RIA DigiDoc using mobile-ID
You wish to add a digital signature in RIA DigiDoc using mobile-ID

Do you need to sign digitally with your mobile-ID and wish to do it on a mobile phone using the RIA DigiDoc application?

Mobile-ID testing

Additional information necessary for developing and testing mobile-ID (mID) services

Personal identification and digital signing with mobile-ID

In order to use the mobile-ID identification and signing option in your information system, you need to use mobile-ID rest API.

BDOC, CDOC and ASICE DigiDoc file formats

An overview of DigiDoc container formats supported by different versions and components of the ID-software can be found on the DigiDoc container format life cycle page. There is also a sample file for each format.

Certificates required for verifying digital signatures

In order to verify files that are digitally signed with an ID-card or a mobile-ID and/or digitally stamped, all of the root certificates, certifiers and OCSP-responder certificates used to date must be configured in the information system.

DigiDoc libraries

Subscribe to the newsletter!

We invite all ID-software and Digidoc4j library users to join the RIA newsletter to stay up to date with the latest news.

DigiDoc Java library - cdoc4j

Cdoc4j is Java library for encryption and decryption of files, designed to replace the encryption and decryption functionality in the JDigiDoc Java library. All the information related to the digital signing library has been gathered to the project…

DigiDoc Java library - digidoc4j

DigiDoc4j is a Java library for electronic signature creation and validation. Digidoc4j uses European Commission managed DSS software library as a base library. DigiDoc4j library source code can be found in GitHub - https://github.com/open-eid/digidoc4j.  For…

DigiDoc libraries - C++ library - libdigidocpp

​As of ID-software version 3.8, an additional multi-platform libdigidocpp library was added to the libraries designed for developers and integrators.

DigiDoc libraries: overview

DigiDoc libraries can be used to create DigiDoc-compatible applications. An overview of DigiDoc libraries and file formats supported therein.

Using certificate Trust Service Status Lists (TSLs) in software libraries

Trust Service Status Lists (TSLs) are used in Libdigidocpp (v3.9 and later) and DigiDoc4j libraries. More information on TSLs can be found in the documentation.

Knowledge base

Undersign.js - JavaScript library for creating digital signatures

Undersign.js is a JavaScript library for creating eIDAS-compliant XAdES digital signatures and ASiC-E containers. Undersign.js has built-in support for the use of the Estonian ID-card, Mobile-ID and Smart-ID services, but can also be used with…

Developer-friendly electronic authentication and signing solutions by Dokobit

Dokobit offers businesses various SaaS solutions for authentication, signing and validation processes.

Cryptographic algorithms life cycle reports

Cryptographic algorithms life cycle reports ordered by the Information System Authority

Architecture of ID-software

Architecture of ID-software document “Architecture of ID-software” gives an overview of ID components, their internal and external interfacing and their location in software runtime environments. 

eID symbols

Logos and other symbols of electronic identity (eID) can be used free of charge by all providers of e-services. Logos, pictograms, etc. can be found from the eID symbols page on the RIA website.

eID Easy - a solution for eID developers

eID Easy is a solution provider in the field of Qualified Electronic Signatures (QES) and electronic identity in Estonia and in other countries.

Encryption

CDOC 2.0

In 2024, the Information System Authority will start the transition to the new CDOC 2.0 file format for document encryption, tentatively called CDOC2. CDOC is a file format designed to encrypt data in such a…