Sign hashes
Hash signature allows the signing of document hashes instead of the actual documents. These hashes are signed by fidentity and can subsequently be embedded into a PDF outside of the fidentity flow.
Procedure
To sign hashes instead of documents, the initial call is made based on the QES variations. The documentUris
array is set to empty and replaced by the hashesToSign
array. Other than this difference, the calls for signing PDFs and hashes are identical.
Example request
Example respond
At the end of the successful Process, you can get the process Object and in the field "signedHashes", there are 3 properties that are important:
signature -> Signature of CMS object
cmsObject -> CMS Object to integrate to pdf (pkcs7)
certificate -> Public certificate of signing party (DER encoded)
PDF handling with Hash Signing
Our TSP Partner Swisscom has created a step-by-step guide for developers wishing to integrate hashes into PDF files by themselves. There are also references to some tools that provide this feature as well as github examples.
Last updated