Signing

Page contents

• Signature support in MitID
• Sign flow
• MitID Sign Token
• Sign text

This page gives a high level overview of MitID signing features. For setup details, see From NemID to MitID signing.

With Signicat's electronic signature solution, end-users can electronically sign documents using MitID. This ensures a unified output format in accordance with EU specifications. The signing results in an LTV-SDO (Long Term Validation Signed Data Object), which then can be packaged to a PAdES (PDF Advanced Electronic Signature) consisting of one or more signed documents.

Signature support in MitID

Contrary to NemID, MitID does not provide a built-in signature functionality. Since MitID does not provide any native signature format, Signicat has implemented the signature format, MitID Sign Token. Signicat uses this to implement the signed statement technique with MitID. Signed statement gives a stronger binding between the authentication and the signing process than would be possible with normal authentication-based signing.

Sign flow

The process below illustrates a very basic process of how to sign a PDF document with MitID. The user interface may vary, depending on how you define the graphical profile.

1. Select the PDF document that should be signed.
2. Open and read the PDF document, select “Fortsæt” (Continue).
3. Confirm that you have read and understood the contents of the document.
4. Confirm the signature with MitID authentication. The sign text is shown when you confirm with the authenticator.
5. The PDF document is now signed.

Here is an example with screen images. This example shows the advanced graphical profile in mobile version.

MitID Sign Token

A part of the proof in MitID signatures is the MitID Sign Token. This is a JSON Web Signature (JWS, adhering to RFC 7519 (opens new window) / RFC 7515 (opens new window)). JWS is signed by a certificate in Signicat’s possession. It is not an end-user certificate, but a business certificate. JWS contains claims that

• identifies the end-user,
• gives context information about the MitID authentication,
• binds the MitID authentication to the signing process.

Sign text

The sign text is the statement presented to the end-user, expressing the end-user’s consent for the documents to be signed. Signicat provides a default sign text that is automatically generated unless you specify another sign-text. Here is an example on how it can look, starting with "I have read...":

Note

The sign text must not exceed 130 characters. This is because the MitID client only supports 130 characters in the reference text body, which is where the visual sign text will end up.

For more information about how the sign text is used in general, see Signed statement > The sign text.