Skip to content
This repository was archived by the owner on Dec 4, 2025. It is now read-only.

How to implement digital signing in a .NET web application back end

Jump to bottom
Mart Sõmermaa edited this page Feb 18, 2022 · 7 revisions

How to implement digital signing in a .NET web application back end

You have to use the C# bindings of the libdigidocpp library. libdigidocpp has a very different design from the popular DigiDoc4j Java library due to different third party libraries and framework constraints.

For better or worse, there is no support for in-memory serialization of the digital signature container objects, you have to use full file system paths when creating or opening a digital signature container. So instead of the object, you have to keep the full path to the container file in the user session. Be careful with race conditions and unintended file access.

In general, you should follow the DigiDocCSharp.Program.webSign() example.

Digital signing is a two-step process: preparing the container and attaching the signature to it.

Here are the steps in more detail:

  1. Get the certificate using web-eid.js and pass it through the ASP.NET Web API layer into Prepare().
  2. Instructions for Prepare():
    1. In Prepare(), add lines #127 - #137 from webSign(). Call b.save() after b.prepareWebSignature().
    2. The digest returned from c.dataToSign() is the hash to be signed. You can get the signature method and hash algorithm identifier from c.signatureMethod(), the identifiers are listed here.
    3. Save the signature ID and the container file path that you need to use during Sign() to the user session. You can get the signature ID with c.id().
    4. Convert the hash algorithm from c.signatureMethod() into Web eID format and return the hash to be signed and hash algorithm from Prepare() in a JSON-encoded ASP.NET Web API response. Verify that model.GetSupportedAlgorithmNames() contains the converted hash algorithm name.
  3. The digest will be signed by web-eid.js and signature returned to Sign() with HTTP POST.
  4. Instructions for Sign():
    1. Load the container with Container.open(), pass the full container file path from the user session as argument.
    2. container.signatures() contains the list of signatures, find the signature object whose ID equals the signature ID from the user session.
    3. Continue as lines #147 - #150 of webSign(). Convert the signature from Base64 to bytes and call signature.setSignatureValue() with the bytes.

Clone this wiki locally