nostneji edited this page Dec 13, 2017 · 13 revisions


DigiDoc4j is a Java library for digitally signing documents and creating digital signature containers of signed documents.


  • Creating BDOC, ASiC-E and DDOC containers
  • Digitally signing containers in XAdES format
  • Validating BDOC, ASiC-E and DDOC containers
  • Since version 1.0.8
    • Creating, signing, timestamping and validating ASiC-S containers
    • Validating PADES signatures in PDF files

How to use it

BDOC (ASiC-E - Associated Signature Container Extended) container format

  • Has .bdoc, .asice or .sce extension
  • BDOC is a new digital signature format developed in 2014 to replace the old, DDOC (DigiDoc) digital signature format.
  • The benefits of the new format include the higher security level, the long-term integrity of the signed documents, as well as the better compliance with international standards.
  • BDOC container is based on ASiC-E standard.
  • Signatures are stored in XAdES format.
  • Supports two signature formats: BDOC-TM and BDOC-TS
    • BDOC-TM signature format has time-mark ensuring long-term provability of the authenticity of the signature.
      • This format has been used as a default digital signature format in Estonia since 2015.
      • It is based on XAdES baseline LT signature format.
      • Recommended extension is .bdoc
    • BDOC-TS signature format has time-stamp.
      • In contrast to the BDOC-TM format, long-term provability of the authenticity of the signature is ensured by time-stamps.
      • It is based on XAdES baseline LT signature format and uses RFC3161 based time-stamps which makes it highly compliant in international context.
      • To ensure better compliance with international standards, it's recommended to sign documents with the BDOC-TS time-stamp signature profile.
      • Recommended extension is .asice
  • .bdoc or .asice file is in fact a ZIP container with the signed files, the signatures and the protocol control information and can basically be opened by any program that recognizes the ZIP format.
  • It is recommended not to use special characters in the data file’s name, i.e. it is suggested to use only the characters that are categorized as “unreserved” according to RFC3986 (

ASiC-S (ASiC-E - Associated Signature Container Simple) container format

  • Has .asics or .scs extension
  • Container associates one data file with either:
    • one signature file containing one or more detached digital signature(s) that apply to it; or
    • one time assertion file containing a time assertion that apply to it.
  • This format is used for timestamping the old DDOC containers in order to prove the inviolability of documents.

DDOC container format

  • Has .ddoc extension
  • An old DigiDoc digital signature format
  • Since year 2015 it's recommended not to sign documents in the DDOC format
  • It is based on XML Advanced Electronic Signatures (XAdES) format, corresponding to profile XAdES-X-L
  • The DigiDoc container includes the source files (the files that were signed) as well as the signatures that are related to the signed file(s)
  • Every signature contains the certificate, validity confirmation and the validity confirmation service certificate.




You can use the library as a Maven dependency from the Maven Central (


Known issues

The list of user stories and issues are tracked in Pivotal Tracker


  • LGPL (GNU Library General Public License, see LICENSE.LGPL)
  • © Estonian Information System Authority
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.