OpenXAdES testing environment
Welcome to OpenXAdES testing environment! The purpose of this environment
is to demonstrate how you can give digital signatures using your certificates
on your smartcard, and to confirm the validity of those certificates in real
time. In an actual working/production environment, these services would be offered
by your Certificate Authority or its validation service provider, and the service
would reflect actual information about certificate validity.
How to use the service
There are three basic steps to using our testing environment.
- Upload your certificate to our responder database. If on uploading the status of the certificate was set "Good", our OCSP
responder will start issuing positive responses for your certificate.
- If you are willing to verify our OSCP responses on your own, download
and install our OCSP responder certificates. If you are only using the document
portal, this step is not necessary.
- Upload some documents to our document portal and sign them using your
OCSP responder address
The address of the OpenXAdES OCSP Testing Responder is http://www.openxades.org/cgi-bin/ocsp.cgi.
You can use it with any RFC2560-compliant OCSP client.
TERMS AND CONDITIONS
By uploading your certificate to our OCSP responder
database, using our OCSP responder, using our document portal or otherwise using
any related services provided on this site, you confirm that you have familiarized
yourself with the following conditions and fully agree to comply with them.
If you do not agree or comply with these services, do not use any of the provided
- Demonstration purposes only. The services on this site are provided
only for technology demonstration purposes and are not intended for real-life
usage. For actual implementation, technology provided on this site must be
maintained and operated by the relevant party in the corresponding
validation and digital signature community.
- No liability. The operator of these services disclaims any and
all liability regarding the validity information provided by the OCSP validity
service on this site. The responses provided by this service may or may
not reflect actual certificate validity status. For actual and up-to-date
validity information, please contact the issuer of the certificate.
- Privacy commitment. The operator of these services ensures that
all the data submitted to these services, including the certificates uploaded
into the responder database and the documents uploaded to the document portal,
will remain accessible only through these services and will not be disseminated
to third parties. The documents uploaded to the document portal will
be deleted after an indicated period of time and will then no longer be
accessible to anybody, including the original uploader.
- No legal validity for signatures and documents. The technology
used on this site is suitable for creating digital signatures and documents
having legal validity and being equivalent to handwritten signatures according
to European Community directive 1999/93/EC and national legislations. However, the
documents that are produced in the example document portal on this site
cannot be considered legally valid, as the certificate status info provided
by these services may not reflect actual up-to-date status. For considering
documents and signatures valid, the validity service must be operated by
a relevant party who can provide up-to-date certificate validity info.
- Relying party responsibility disclaimer. You agree that if you
are producing documents created in this document portal to a relying party,
you will clearly inform the relying party that these documents are created
using testing services and cannot be considered legally valid. If you fail
to observe this obligation and the relying party acts out of good faith
believing that the documents provided by you are legally valid, you may
be prosecuted and held responsible in the court of law for malicious intent
- Operator contact. The operator of these services is AS Sertifitseerimiskeskus,
available at www.sk.ee, tel +372 6101 880
or e-mail firstname.lastname@example.org. The operator may
be contacted with any questions about these services, as well as questions
about technology availability for real-life deployment.
Here are some more examples of what we are currently working on.
This is the DigiDoc Client, showing an open file with digital signatures
by two persons. (For those interested, they are the mayors of Tallinn and Tartu,
Estonia's two largest cities, signing a IT cooperation agreement between the
cities on October 7, 2002. This is the first legal digitally signed document
in Estonia.) You can download
this document to review its internals, but be aware that it is in the old
format, identified as "SK-XML ver 1.0". There are two newer formats
- "DIGIDOC-XML 1.1" and "DIGIDOC-XML 1.2", each newer one
providing some advantages over older ones. Of course, an important policy element
is backwards compatibility, so documents in older formats must be remain readable
for indefinite periods of time even with libraries that also support newer formats.
Here is a test document in the newer version
The Client is currently available only in Estonian, but we expect to produce
an English version of it towards the end of 2003.
This is the DigiDoc portal with Estonian ID card branding, with a document that is being signed. A separate
dialog window from Windows CSP has popped up to prompt the user for the ID card
PIN code. For signing, the portal uses an ActiveX component that works with
Microsoft CAPI and talks to the card through Windows native CSP interface, but
all the work concerning document creation, compilation and validation is done
on the server side, so the user needs nothing installed besides a card reader
and the ID card drivers.
The technology used by DigiDoc portal is exactly the same as the technology
that you can try out in the example document portal
on this site. The portal software can be easily branded and customized to match
the branding requirements of any environment.