MRTD SOD Signer

The signer has the class name: org.signserver.module.mrtdsodsigner.MRTDSODSigner.

Overview

The MRTD SOD Signer creates the Complete Security Object (SOd) for Machine Readable Travel Documents (MRTD), such as electronic passports and residence permits, by signing the provided data groups (DGs).

The Document Signer (DS) certificate is included in the SOd. The SOd is verified (including the certificate path) before it is returned, so the certificate chain must contain the Country Signing CA (CSCA) certificate. For more information, see SODProcessServlet in HTTP interface or ClientWS interface.

Available Properties

Property	Description
DODATAGROUPHASHING	True if this signer first should hash the DG values. Otherwise, the values are assumed to be hashes already. Optional, default: false.
DIGESTALGORITHM	Message digest algorithm that is applied or should be applied to the values. Optional, default: SHA256.
SIGNATUREALGORITHM	Signature algorithm for signing the SO(d). Optional, default is SHA256withRSA, although SHA256withRSAandMGF1 is recommended by Doc9303.
LDSVERSION	Version of Logical Data Structure (LDS). For LDS version 1.7, enter "0107" and for version 1.8, "0108". Optional, default is 0107.
UNICODEVERSION	Version of Unicode used in the datagroups. Required if LDS 1.8 is used. Example: "040000" for Unicode version 4.0.0.