General information about ASiC

Discuss this help topic in SecureBlackbox Forum

ASiC (Associated Signature Containers) is used to bind a number of signed objects (documents, images, and other content) with signatures and/or timestamps.

What you should know about ASiC:

ASiC is built on top of a ZIP archive that includes signed documents and certain metadata (stored in META-INF folder).
Two ASiC formats are defined: ASiC-S (Simple) and ASiC-E (Extended).

An ISiC-S container should include only one document; the document may have the following attachments: a CAdES signature (parralel signatures are allowed), and/or a XAdES signature, and/or a timestamp.
An ASiC-E may include multiple documents, with multiple CAdES signatures, XAdES signatures, and timestamp tokens. To distinguish the data signed by different signatures, manifest files are used.
ASiC container is a ZIP archive, but it is recommended to use ".asics" or ".scs" extension for ASiC-S files, and ".asice" or ".sce" for ASiC-E files.

The archive can have the following service entries:
- /mimetype file that specifies the container's content-type. It should be the first file in the archive, and it should be in uncompressed format. For ASiC-S, the application/vnd.etsi.asic-s+zip content-type or the original content-type of the archived document are allowed. For ASiC-E, only application/vnd.etsi.asic-e+zip is allowed.
- META-INF folder with signatures and manifests. A manifest is an XML document that contains links to other documents in the archive, and their hashes. So that signing the manifest will also protect the documents.
- ZIP comment field in the format mimetype="mime type of the document, as in mimetype file entry"

In SecureBlackbox all high level ASiC functionality is implemented in TElASiCContainer class, which is a descendant of TElZipWriter.

How To articles about ASiC

Discuss this help topic in SecureBlackbox Forum