Working with electronic seal
| 🌐 This document is available in both English and Ukrainian. Use the language toggle in the top right corner to switch between versions. |
1. Main scenarios
1.1. Signing data using the system’s electronic signature (electronic seal)
Sequence diagram of putting the system signature:
It calculates the hash value for the data transmitted to the service using the corresponding hash function and puts the electronic seal of the organization with a time stamp on the resulting hash. It also adds the electronic signature certificate to the signature.
Request:
POST /api/eseal/sign --header 'X-Access-Token: token'Request body:
{
"data": "string"
}Responses:
-
200 OK: Document signed
Response body:
{
"signature": "string"
}-
400 Bad request: Invalid request
Request body:
{
"code": "string",
"message": "string",
"localizedMessage": "string"
}1.2. Validating the system’s electronic seal and data
Sequence diagram of the system signature verification:
The chain of validation checks is implemented in the following classes:
The service validates the following:
-
EDS is valid.
-
EDS contains the time stamp.
-
Data integrity is not compromised (the hash value from the signature corresponds to the hash calculated by the service based on the data received).
-
The document was signed using the system key (issuer and serial attributes from EDS are in the list of allowed system electronic seals).
Request:
POST /api/eseal/verify --header 'X-Access-Token: token'Request body:
{
"signature": "string",
"data": "string"
}Responses:
-
200 OK: Seal is valid
Response body:
{
"isValid": true,
"error": null
}-
200 OK: Seal validation error
Response body:
{
"isValid": false,
"error": {
"code": "ERROR_UNKNOWN_ESEAL",
"message": "Signature key is not allowed",
"localizedMessage": "Печатка не авторизована для накладання підпису"
}
}-
400 Bad request: Invalid request
Respones body:
{
"code": "string",
"message": "string",
"localizedMessage": "string"
}