The DSS (Digital Signature Service) project is an open-source software library, aimed at providing implementation of the standards for Advanced Electronic Signature creation, augmentation and validation in line with European legislation and the eIDAS Regulation in particular.
This project is available in Java language.
This document describes some examples of how to develop in Java using the DSS framework. The aim is to show to the developers, in a progressive manner, the different uses of the framework. It will familiarize them with the code step by step.
This document provides examples of code which allow easy handling of digital signatures. The examples are consistent with the Release {dssVersion} of DSS framework which can be downloaded via the webpage.
Three main features can be distinguished within the framework :
-
The creation of a digital signature;
-
The augmentation of a digital signature and;
-
The validation of a digital signature.
In a more detailed manner the following concepts and features are addressed in this document:
-
Forms of digital signatures: XAdES, CAdES, PAdES, JAdES and ASiC-S/ASiC-E;
-
Formats of the signed documents: XML, JSON, PDF, DOC, TXT, ZIP, etc.;
-
Packaging structures: enveloping, enveloped, detached and internally-detached;
-
Profiles associated to each form of the digital signature;
-
Trust management;
-
Revocation data handling (OCSP and CRL sources);
-
Certificate chain building;
-
Signature validation and validation policy;
-
Signature qualification;
-
Validation reports (Simple, Detailed, ETSI Validation report);
-
Management of signature tokens;
-
Validation of the signing certificate;
-
Timestamp creation;
-
Timestamp validation and qualification;
-
REST and SOAP webservices.
This is not an exhaustive list of all the possibilities offered by the framework and the proposed examples cover only the most useful features. However, to discover every detail of the operational principles of the framework, the JavaDoc is available within the source code.
|
Note
|
The DSS framework is actively maintained and new features will be released in the future. |
With the framework, some demonstrations are provided:
|
Note
|
European Commission does not intend to provide a service for a qualified signature creation, augmentation or validation through the available demonstrations. Usage of this demonstration should be limited to testing purposes only. European Commission claims no responsibility or liability whatsoever with regard to its usage. Please refer to the legal notice for further information. |
The requirements and build instructions for DSS demonstrations can be found in the section [DSSDemo].
|
Warning
|
The demonstrations use a fake timestamp service (Mock) so that is not recommended for a production usage. |
For the DSS core: GNU Lesser General Public License version 2.1 (LGPL).
For the DSS demo: GNU Lesser General Public License version 2.1 (LGPL). For more information please see DSS demonstration LICENSE.
Code |
Description |
AdES |
Advanced Electronic Signature |
API |
Application Programming Interface |
ASiC |
Associated Signature Containers |
BB |
Building Block (DIGITAL) |
BBB |
Basic Building Block (cf. [R09]) |
CA |
Certificate authority |
CAdES |
CMS Advanced Electronic Signatures |
CMS |
Cryptographic Message Syntax |
CRL |
Certificate Revocation List |
CSP |
Cryptographic Service Provider |
DER |
Distinguished Encoding Rules |
DIGITAL |
EC DIGITAL Building Block |
DSA |
Digital Signature Algorithm - an algorithm for public-key cryptography |
DSS |
Digital Signature Service |
EC |
European Commission |
ESI |
Electronic Signatures and Infrastructures |
ETSI |
European Telecommunications Standards Institute |
EUPL |
European Union Public License |
HSM |
Hardware Security Modules |
HTTP |
Hypertext Transfer Protocol |
JAdES |
JSON Advanced Electronic Signatures |
Java EE |
Java Enterprise Edition |
JavaDoc |
JavaDoc is developed by Sun Microsystems to create API documentation in HTML format from the comments in the source code. JavaDoc is an industrial standard for documenting Java classes. |
JAXB |
Java Architecture for XML Binding |
JDBC |
Java DataBase Connectivity |
JWS |
JSON Web Signatures |
LGPL |
Lesser General Public License |
LOTL |
List of Trusted List or List of the Lists |
MOCCA |
Austrian Modular Open Citizen Card Architecture; implemented in Java |
MS / EUMS |
Member State |
MS CAPI |
Microsoft Cryptographic Application Programming Interface |
OCF |
OEBPS Container Format |
OCSP |
Online Certificate Status Protocol |
ODF |
Open Document Format |
ODT |
Open Document Text |
OEBPS |
Open eBook Publication Structure |
OID |
Object Identifier |
OOXML |
Office Open XML |
PAdES |
PDF Advanced Electronic Signatures |
PC/SC |
Personal computer/Smart Card |
Portable Document Format |
|
PDFBox |
Apache PDFBox - A Java PDF Library: http://pdfbox.apache.org/ |
PKCS |
Public Key Cryptographic Standards |
PKCS#12 |
It defines a file format commonly used to store X.509 private key accompanying public key certificates, protected by symmetrical password |
PKIX |
Internet X.509 Public Key Infrastructure |
RSA |
Rivest Shamir Adleman - an algorithm for public-key cryptography |
SCA |
Signature Creation Application |
SCD |
Signature Creation Device |
SOAP |
Simple Object Access Protocol |
SSCD |
Secure Signature-Creation Device |
SVA |
Signature Validation Application |
TL |
Trusted List |
TLManager |
Application for managing trusted lists. |
TSA |
Time Stamping Authority |
TSL |
Trust-service Status List |
TSP |
Trusted Service Provider |
TST |
Time-Stamp Token |
UCF |
Universal Container Format |
URI |
Uniform Resource Identifier |
WSDL |
Web Services Description Language |
WYSIWYS |
What you see is what you sign |
XAdES |
XML Advanced Electronic Signatures |
XML |
Extensible Markup Language |
ZIP |
File format used for data compression and archiving |
| Ref. | Title | Reference | Version |
|---|---|---|---|
ESI - XAdES digital signatures |
1.3.1 (2024-07) |
||
ESI - CAdES digital signatures |
1.3.1 (2023-06) |
||
ESI - PAdES digital signatures |
1.2.1 (2024-01) |
||
ESI - Associated Signature Containers (ASiC) |
1.1.1 (2016-04) |
||
ESI - JAdES digital signatures |
1.2.1 (2024-07) |
||
Document management - Portable document format - Part 1: PDF 1.7 |
First edition (2008) |
||
Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. |
|||
Internet X.509 Public Key Infrastructure - Time-Stamp Protocol (TSP) |
|||
ESI - Procedures for Creation and Validation of AdES Digital Signatures |
1.4.1 (2024-06) |
||
ESI - Signature validation policy for European qualified electronic signatures/seals using trusted lists |
1.1.1 (2021-05) |
||
ESI - Trusted Lists |
2.3.1 (2024-11) |
||
eIDAS Regulation No 910/2014 |
|||
ESI - Procedures for Creation and Validation of AdES Digital Signatures |
1.4.1 (2023-06) |
||
ESI - Procedures for using and interpreting EU Member States national trusted lists |
1.2.1 (2023-06) |
||
Internet RFC 2315 PKCS #7: Cryptographic Message Syntax |
|||
Commission implementing decision (EU) 2015/1506 of 8 September 2015 |
|||
ESI - Building blocks and table of contents for human readable signature policy documents |
1.1.1 (2015-07) |
||
ESI - XML format for signature policies |
1.1.1 (2019-12) |
||
ESI - ASN.1 format for signature policies |
1.1.1 (2019-12) |
||
ESI - Cryptographic Suites |
1.5.1 (2024-12) |
||
Internet RFC 7515: JSON Web Signature (JWS) |
|||
Internet RFC 6283: Extensible Markup Language Evidence Record Syntax (XMLERS) |
|||
Internet RFC 4998: Evidence Record Syntax (ERS) |
|||
Internet RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile |
|||
Internet RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP |
|||
Common PKI Specifications for Interoperable Applications from T7 & TeleTrusT |
2.0 (January 2009) |
||
Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 5: QCStatements |
2.4.1 (2023-09) |
||
Document management - Portable document format - Part 2: PDF 2.0 |
2.0 (2017) |
||
Internet RFC 9608: No Revocation Available for X.509 Public Key Certificates |