search

open-eid / digidoc4j

DigiDoc for Java. Javadoc:
http://open-eid.github.io/digidoc4j
GNU Lesser General Public License v2.1
72 stars 40 forks source link

DataToSign.getDigestToSign() was removed #43

Closed iljau closed 6 years ago

iljau commented 6 years ago

In version 1.0.7.2, it was possible to calculate hash of container using following code:

DataToSign dataToSign = SignatureBuilder
        .aSignature(container)
        .withEncryptionAlgorithm(encryptionAlgorithm)
        .withSignatureProfile(SignatureProfile.LT) // asic-e
        .withSigningCertificate(signingCert)
        .withSignatureDigestAlgorithm(DigestAlgorithm.SHA256)
        .buildDataToSign();

//Data to sign contains the digest that should be signed
byte[] digestToSign = dataToSign.getDigestToSign();

Calculated hash can then be used for singing using idcard (hwcrypto.sign), Mobile-ID (MobileSignHash) or Smart-ID (/signature/document/:documentnumber).

It appears, that in 1.0.8.beta.1 following change was made:

But what getDataToSign() returns since 1.0.8.beta.1 is not hash.

The question is what is now (since 1.0.8.beta.1) the best method to get hash of container, which then could be used for signing?

nostneji commented 6 years ago

DataToSign.getDataToSign() returns signature data of the container. This data can be used for signing with ID card and for ID card with ECDSA keys the using that data is mandatory (using the hash of that data is not working). If the using of hash is neccessary then you can use java.security.MessageDigest in order to calculate hash of the signature data:

MessageDigest sha = MessageDigest.getInstance(hashType.value());
byte[] hash = sha.digest(dataToSign.getDataToSign());

You can find a code example for Mobile-ID in mID_DigiDoc4J_demo.