Signing

Signed Statement signature requests

1398 views August 4, 2017 May 2, 2019 2

For an introduction to signed statements, refer to this page.

Creating a Signed Statement signing order

In order to trigger the use of Signed Statement, certain conditions must be fulfilled:

  • The bundle attribute on the task element must be set to true
  • The responsive attribute on the signature element must be set to true
  • The request must be sent to DocumentService-v3

The following SOAP example will result in a signing order for Signicat Signature with Signed Statement.

Signing Order Request Example
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns="https://id.signicat.com/definitions/wsdl/Document-v3">
   <soap:Header></soap:Header>
   <soap:Body>
      <create-request-request>
         <service>signicat</service>
         <password>Bond007</password>
         <request>
            <document id="1" mime-type="text/plain" xsi:type="provided-document" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
               <description>Text document</description>
               <data>VGFzayAx</data>
            </document>
            <task id="1" bundle="true">
               <document-action type="sign">
                  <document-ref>1</document-ref>
               </document-action>
               <signature responsive="true">
                  <method>nbid-sign</method>
               </signature>
            </task>
         </request>
      </create-request-request>
   </soap:Body>
</soap:Envelope>

Note that, while this example utilizes a provided text document, Signed Statement signing orders also support signing of PDF documents from SDS and the like, just like regular requests. You can find more about this in our guide for getting started with signing.

Additions to the result document (LTV-SDO)

In addition to the SAML response containing the signature value for the signed statement, the original sign text in its unprocessed form is also included:

<ltv:Authentication>
    <ltv:SAMLResponse Format="urn:signicat:format:saml-1.1" MimeType="application/x-saml+xml" Version="1.0"> [REMOVED FOR BREVITY] </ltv:SAMLResponse>

    <!-- THIS IS THE NEW PART -->
    <ltv:SignedStatement>
        <ltv:VisibleSignText> [HERE GOES VISIBLE SIGN TEXT] </ltv:VisibleSignText>
        <ltv:NonVisibleSignText> [HERE GOES NON-VISIBLE SIGN TEXT] </ltv:NonVisibleSignText>
        <ltv:DocumentIndex> [HERE GOES REFERENCE TO NON-VISIBLE SIGN TEXT]</ltv:DocumentIndex>
    </ltv:SignedStatement>
    <!-- NEW PART ENDS HERE -->

</ltv:Authentication>

The sign text

Visible sign text

The visible part of the sign text is the statement presented to the end-user, expressing the end-user’s consent for the documents to be signed. This text is automatically generated by Signicat.

Non-visible sign text

The non-visible part of the sign text is a JSON data structure containing cryptographic message digests of each of the documents to be signed, together with a zero-based index and the document’s description and MIME type.

Example of non-visible sign text
{
  "attachments": [
    {
      "index": 0,
      "documentDescription": "document.pdf",
      "mimeType": "application\/pdf",
      "primaryDigestValue": "aren3Efg3BTksqd7Iht0GWccosAFDL5ZAk4qi+2ifNU=",
      "primaryDigestMethod": {
        "algorithm": "http:\/\/www.w3.org\/2001\/04\/xmlenc#sha256"
      },
      "secondaryDigestValue": "mU7l\/lD\/HSWUzZY2yxNZ1ys34SNYm7vx2Jk8WBL51Vs=",
      "secondaryDigestMethod": {
        "algorithm": "http:\/\/www.w3.org\/2007\/05\/xmldsig-more#sha3-256"
      }
    }
  ]
}

Document index

If multiple documents are signed, the same sign text will be included in each LTV-SDO. In other words, each separate LTV-SDO will contain a sign text referring to each and every one of the documents. In order to make the connection between the LTV-SDO and the entry in the non-visible sign text clear and unambiguous, the zero-based index of the relevant entry in the non-visible sign text is included in each LTV-SDO.

Supported ID methods

The methods that currently support Signed Statement signatures are as follows:

ID method
Signature type
Norwegian BankID Simple signed statement
Norwegian BankID on mobile Simple signed statement
Swedish BankID Signed statement with non-visible properties
Danish NemID Signed statement with non-visible properties

Was this helpful?