Status of the Services
English (GB) العربية Català Deutsch Español (España) Français Italiano Português Русский 简体中文

Technical instructions for adaptation to the SHA-2 signature algorithm

Default signature algorithm

The system applies a default algorithm for the generation of signatures. This applies in requests where it is not specified which algorithm we want to use for the signature. This situation is typical when we send, for example, a PDF file.

The system configuration in this aspect is as follows:

  • Currently -> SHA1 Algorithm
  • From 04/26/2023 -> SHA256

How to request a specific algorithm in the signature request

The <SignatureDigestAlgorithm> field must be added to the <OptionalInputs> field in the request that arrives at TX

The possible values are:

  • md5
  • sha1
  • id_sha256
  • id_sha384
  • id_sha512

Example:

<OptionalInputs>

...

<SignatureDigestAlgorithm>id_sha256</SignatureDigestAlgorithm>

....

</OptionalInputs>

Requests that instead of a document provide an externally calculated HASH.

There are cases where the request does not contain the document to be signed but a HASH calculated externally to TrustedX. In this case the <Document> node contains a structure like this

<InputDocuments><DocumentHash>

<ns3:DigestMethod Algorithm=" urn:nist-gov:sha256 " xsi:type="ns3:DigestMethodType" xmlns:ns3=http://www.w3.org/2000/09/xmldsig#/>

<ns4:DigestValue xsi:type="ns4:DigestValueType" xmlns:ns4=http://www.w3.org/2000/09/xmldsig#>ZTgwZTYyZTQ2MTJmMjQ5NGE4OTAwY2QxZTJjZTA4ZjQwNjQwMjI0NTE1MzY4ZjYwNDVjOTU4YTM3MjFlZGY3MA==</ns4:DigestValue gestureValue>

</DocumentHash>

</InputDocuments>

In this case the value to indicate in <ds:DigestMethod> the Algorithm attribute that has been used, the values can be the following:

  • http://www.w3.org/2000/09/xmldsig#sha1
  • http://www.w3.org/2001/04/xmldsig-more#md5
  • urn:nist-gov:sha256
  • urn:nist-gov:sha384
  • urn:nist-gov:sha512
  • http://www.w3.org/2001/04/xmlenc#sha256 (only for generating XMLDSig/XAdES signatures)
  • http://www.w3.org/2001/04/xmldsig-more#sha384 (only for generating XMLDSig/XAdES signatures)
  • http://www.w3.org/2001/04/xmlenc#sha512 (only for generating XMLDSig/XAdES signatures)

NOTE : In these cases, it is necessary to ensure that the combination between SignatureDigestAlgorithm and the calculated HASH must be consistent or the system will not sign.

  • Was this article helpful?
    /


Didn't find what you needed?

Contact support