For developer

Last updated articles

ID-card

Using ID-cards for logging in to Windows (Windows 8.1, 10, Windows Server 2012 / 2016 / 2019)

Instructions for configuring Windows domain for authentication of users with ID-cards, digi-IDs and other digital eID documents

Development of encryption solutions

In the world of ID card, encryption means that one or more files requiring encryption are merged into one file with .cdoc extension, which can only be opened by the specified recipients with an ID’cards authentication certificate.

New ID-card and its changes

At the end of 2018, the manufacturer of ID-cards changed. Instead of the former manufacturer Gemalto, the Police and Border Guard Board started cooperating with IDEMIA. In relation to this, a number of changes were made to both the card supplied and the related software and services and updated standards were adopted in the course of changing the manufacturer.

What is the difference between digitally signed documents with .bdoc and .asice extensions?

In Estonia, the BDOC format and its two subformats are used for digital signatures, which can be recognised by .bdoc and .asice file extensions.

Recommended data file formats for digital signing

Nowadays, nearly all file formats are suitable for digital signing. There are no restrictions on digitally signed documents exchanged between information systems, but if a signed document is sent to an end-user, the most common and standard file formats should be preferred.

BDOC, CDOC and ASICE DigiDoc file formats

An overview of DigiDoc container formats supported by different versions and components of the ID-software can be found on the DigiDoc container format life cycle page. There is also a sample file for each format.

Certificates required for verifying digital signatures

In order to verify files that are digitally signed with an ID-card or a mobile-ID and/or digitally stamped, all of the root certificates, certifiers and OCSP-responder certificates used to date must be configured in the information system.

Using certificate Trust Service Status Lists (TSLs) in software libraries

Trust Service Status Lists (TSLs) are used in Libdigidocpp (v3.9 and later) and DigiDoc4j libraries. More information on TSLs can be found in the documentation.

ID-card documentation

Documentation of different generations of ID-cards: applicable standards and technical documents to review before developing ID-card services.

Cryptographic algorithms life cycle reports

Cryptographic algorithms life cycle reports ordered by the Information System Authority

Verifying signatures given with test certificates in the DigiDoc4 client

In order to verify signatures given with test certificates in the DigiDoc4 client, you need to configure the test certificates manually. Otherwise the signature validation check will return the status “Unknown”.

Verifying signatures given with test certificates in the DigiDoc4 client

In order to verify signatures given with test certificates in the DigiDoc4 client, you need to configure the test certificates manually. Otherwise the signature validation check will return the status “Unknown”.

Implementation of TLS 1.3 standard in web servers

Implementation of the TLS 1.3 standard (published in August 2018) in a web server may require changes in the authentication solution.

Implementation of TLS 1.3 standard in web servers

Implementation of the TLS 1.3 standard (published in August 2018) in a web server may require changes in the authentication solution.

DigiDoc libraries: overview

DigiDoc libraries can be used to create DigiDoc-compatible applications. An overview of DigiDoc libraries and file formats supported therein.

Digital stamping

Digital stamping means digital signing with an e-Stamp designed for legal persons. The service is offered by SK ID Solutions AS. There are two methods of digital stamping: stamping individual documents with DigiDoc4 and mass stamping with the DigiDoc4j utility program.

Electronic signatures and addressing them in Europe

eIDAS (electronic IDentification, Authentication and trust Services) is the regulation on e-identification and e-transactions effective in the European Union, which is aimed at simplification of the use of cross-border e-services through harmonised standards and operating principles.

Reading personal data files from ID-cards

Information necessary for reading personal data from ID-cards issued since 2018

Informing user of unsuccessful signing

Upon electronic use of an ID-card, setup related errors may occur with the browser. To avoid problems, we recommend doing an automated check-up of the signing plugin in the e-service and display to the user as precisely a formulated error message as possible.

eID symbols

Logos and other symbols of electronic identity (eID) can be used free of charge by all providers of e-services. Logos, pictograms, etc. can be found from the eID symbols page on the RIA website.

Service testing: general information

For testing services, it is recommended to order a test ID-card, which are issued by SK ID Solutions AS. Depending on the profile of the organisation’s users, ordering different generation cards should be considered.

Identification with mobile-IDs and ID-cards

Advantages of electronic identification over regular authentication solutions that use usernames and passwords.

Service testing

You should purchase a test ID-card for testing created services and applications. There are test numbers available for the developers of mobile-ID applications. Information and links to test environments.

Identification with ID-cards on websites: server configurations, problem solutions, etc.

Authentication success depends on the client platform used. Instructions for configuring web servers (Apache, IIS, NGINX, Ubuntu).

Signing with ID-cards and digi-IDs on websites

Several signing plugins have been developed for different operating systems and browsers: components and sample applications.

Digital signature profitability calculator

The digital signature profitability calculator provides an overview of costs related to the digital signing of documents. It was developed by SK ID Solutions in cooperation with MoZg Agentuur.

Digital signing in web applications

In order to make it easier to add signing support to web applications, we recommend using a JavaScript library with a unified API that allows different plugins to be used in a similar way (independently of the operating system and the browser).

Digital signatures, i.e. digital signing

Integrating digital signing in your e-service: technical requirements, timestamping service, etc.

Knowledge base

KLASS3-SK 2016 vahesertifikaadi kasutusele võtmisega seotud info e-teenuste pakkujatele

Allolev info on oluline ennekõike infosüsteemide omanikele, kes kasutavad SK poolt väljastatud e-Templit (digitemplit), krüpteerimis-või autentimissertifikaati või veebiserveri (SSL) sertifikaate. Miks muudatused toimuvad? Tulenevalt uuenenud nõuetest sertifitseerimisteenustele on SK ID Solutions AS (SK) kasutusele võtnud…

BDOC, CDOC and ASICE DigiDoc file formats

An overview of DigiDoc container formats supported by different versions and components of the ID-software can be found on the DigiDoc container format life cycle page. There is also a sample file for each format..

ID-card documentation

Documentation of different generations of ID-cards: applicable standards and technical documents to review before developing ID-card services.

Cryptographic algorithms life cycle reports

​ Cryptographic algorithms life cycle reports ordered by the Information System Authority.

DigiDoc libraries: overview

DigiDoc libraries can be used to create DigiDoc-compatible applications. An overview of DigiDoc libraries and file formats supported therein.

Digital stamping

Digital stamping means digital signing with an e-Stamp designed for legal persons. The service is offered by SK ID Solutions AS. There are two methods of digital stamping: stamping individual documents with DigiDoc4 and mass stamping with the DigiDoc4j utility program.

Chip application generations supported by different versions of ID-software

The visual security elements and design as well as the chip application of ID-cards have been changed over the years. Only the latest ID-software supports the latest ID-cards.

Electronic signatures and addressing them in Europe

eIDAS (electronic IDentification, Authentication and trust Services) is the regulation on e-identification and e-transactions effective in the European Union, which is aimed at simplification of the use of cross-border e-services through harmonised standards and operating principles.

Architecture of ID-software

Architecture of ID-software document “Architecture of ID-software” gives an overview of ID components, their internal and external interfacing and their location in software runtime environments. 

eID symbols

Logos and other symbols of electronic identity (eID) can be used free of charge by all providers of e-services. Logos, pictograms, etc. can be found from the eID symbols page on the RIA website.

Mobile-ID

Handling signature validation warnings in DigiDoc libraries

Valideerimisvead ning hoiatustega dokumendid ja nende käsitlemine DigiDoc tarkvarateekides, lõppkasutaja rakenduses.

Digital signing in web applications

In order to make it easier to add signing support to web applications, we recommend using a JavaScript library with a unified API that allows different plugins to be used in a similar way (independently of the operating system and the browser).

Verifying signatures given with test certificates in the DigiDoc4 client

In order to verify signatures given with test certificates in the DigiDoc4 client, you need to configure the test certificates manually. Otherwise the signature validation check will return the status “Unknown”.

BDOC, CDOC and ASICE DigiDoc file formats

An overview of DigiDoc container formats supported by different versions and components of the ID-software can be found on the DigiDoc container format life cycle page. There is also a sample file for each format.

Recommended data file formats for digital signing

Nowadays, nearly all file formats are suitable for digital signing. There are no restrictions on digitally signed documents exchanged between information systems, but if a signed document is sent to an end-user, the most common and standard file formats should be preferred.

What is the difference between digitally signed documents with .bdoc and .asice extensions?

In Estonia, the BDOC format and its two subformats are used for digital signatures, which can be recognised by .bdoc and .asice file extensions.

Certificates required for verifying digital signatures

In order to verify files that are digitally signed with an ID-card or a mobile-ID and/or digitally stamped, all of the root certificates, certifiers and OCSP-responder certificates used to date must be configured in the information system.

Using certificate Trust Service Status Lists (TSLs) in software libraries

Trust Service Status Lists (TSLs) are used in Libdigidocpp (v3.9 and later) and DigiDoc4j libraries. More information on TSLs can be found in the documentation.

Verifying signatures given with test certificates in the DigiDoc4 client

In order to verify signatures given with test certificates in the DigiDoc4 client, you need to configure the test certificates manually. Otherwise the signature validation check will return the status “Unknown”.

Mobile-ID interfacing: authentication and signing

In order to use the mobile-ID identification and signing option in your information system, you need to use mobile-ID rest API.

Identification with mobile-IDs and ID-cards

Advantages of electronic identification over regular authentication solutions that use usernames and passwords.

Service testing

You should purchase a test ID-card for testing created services and applications. There are test numbers available for the developers of mobile-ID applications. Information and links to test environments.

Mobile-ID testing

Additional information necessary for developing and testing mobile-ID (mID) services

Suspending mobile-ID certificates

​If the phone connected to your mobile-ID is lost or stolen, you should immediately suspend the mobile-ID certificates in order to be protected from identity theft.

Mobile-ID certificates: general information

Mobile-ID certificates can be suspended, but not updated: in order to use the mobile-ID with expired or suspended certificates you have to replace the SIM card.

Digital signing

BDOC file format

BDOC file format and its use.

TEST-timestamping service

The timestamping service is a secure archiving solution which proves that certain data exist at a certain time. Therefore, this is widely used with digital signing (in order to verify the legality of the document) and archiving solutions, where the objective is to keep guaranteed information unchanged.

What is the difference between digitally signed documents with .bdoc and .asice extensions?

In Estonia, the BDOC format and its two subformats are used for digital signatures, which can be recognised by .bdoc and .asice file extensions.

DigiDoc container format life cycle

An overview of DigiDoc container formats supported by different versions and components of the ID-sofrware.

Recommended data file formats for digital signing

Nowadays, nearly all file formats are suitable for digital signing. There are no restrictions on digitally signed documents exchanged between information systems, but if a signed document is sent to an end-user, the most common and standard file formats should be preferred.

BDOC, CDOC and ASICE DigiDoc file formats

An overview of DigiDoc container formats supported by different versions and components of the ID-software can be found on the DigiDoc container format life cycle page. There is also a sample file for each format.

Verifying signatures given with test certificates in the DigiDoc4 client

In order to verify signatures given with test certificates in the DigiDoc4 client, you need to configure the test certificates manually. Otherwise the signature validation check will return the status “Unknown”.

Informing user of unsuccessful signing

Upon electronic use of an ID-card, setup related errors may occur with the browser. To avoid problems, we recommend doing an automated check-up of the signing plugin in the e-service and display to the user as precisely a formulated error message as possible.

Signing with ID-cards and digi-IDs on websites

Several signing plugins have been developed for different operating systems and browsers: components and sample applications.

Digital signature profitability calculator

The digital signature profitability calculator provides an overview of costs related to the digital signing of documents. It was developed by SK ID Solutions in cooperation with MoZg Agentuur.

Digital signing in web applications

In order to make it easier to add signing support to web applications, we recommend using a JavaScript library with a unified API that allows different plugins to be used in a similar way (independently of the operating system and the browser).

Digital signatures, i.e. digital signing

Integrating digital signing in your e-service: technical requirements, timestamping service, etc.

BDOC2.1 – New Estonian digital signature standard format

The new version of the Estonian digital signature standard EVS 821:2014 can be purchased from the Estonian Centre for Standardisation. The new standard is valid from 5 June 2014.

Identification

Using ID-cards for logging in to Windows (Windows 8.1, 10, Windows Server 2012 / 2016 / 2019)

Instructions for configuring Windows domain for authentication of users with ID-cards, digi-IDs and other digital eID documents

Implementation of TLS 1.3 standard in web servers

Implementation of the TLS 1.3 standard (published in August 2018) in a web server may require changes in the authentication solution.

Mobile-ID interfacing: authentication and signing

In order to use the mobile-ID identification and signing option in your information system, you need to use mobile-ID rest API.

Identification with mobile-IDs and ID-cards

Advantages of electronic identification over regular authentication solutions that use usernames and passwords.

Identification with ID-cards on websites: server configurations, problem solutions, etc.

Authentication success depends on the client platform used. Instructions for configuring web servers (Apache, IIS, NGINX, Ubuntu).

DigiDoc libraries

DigiDoc Java library - digidoc4j (v4.0.3)

DigiDoc4j is a Java library for digital signing, replacing the old JDigiDoc Java library.  Digidoc4j uses European Commission managed SD-DSS software library as a base library. All the information related to the digital signing library has been gathered to the project…

DigiDoc libraries - C++ library - libdigidocpp (ver 3.14.2.1391)

​As of ID-software version 3.8, an additional multi-platform libdigidocpp library was added to the libraries designed for developers and integrators.

DigiDoc Java library - cdoc4j (v1.3)

Cdoc4j is Java library for encryption and decryption of files, designed to replace the encryption and decryption functionality in the JDigiDoc Java library. All the information related to the digital signing library has been gathered to the project…

DigiDoc libraries: overview

DigiDoc libraries can be used to create DigiDoc-compatible applications. An overview of DigiDoc libraries and file formats supported therein.

Testing

Mobile-ID testing

Additional information necessary for developing and testing mobile-ID (mID) services

Service testing: general information

For testing services, it is recommended to order a test ID-card, which are issued by SK ID Solutions AS. Depending on the profile of the organisation’s users, ordering different generation cards should be considered.

Service testing

You should purchase a test ID-card for testing created services and applications. There are test numbers available for the developers of mobile-ID applications. Information and links to test environments