Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
DigiDoc3 Client and DigiDoc3 Crypto User’s Guide
Versioon 1.0
2
Dokumendi
informatsioon
Loomise kuupäev 01. oktoober 2010
Teema DigiDoc klient, DigiDoc krüpto kasutusjuhend
Kellele Avalik
Koostajad
OÜ Smartlink, AS Sertifitseerimiskeskus, Riigi
Infosüsteemide Arenduskeskus
Versioon 1.0
Versiooninfo 1.0 – dokumendi kaasajastamine
3
Contents
DigiDoc3 Client ............................................................................................................. 5
1.1 Opening DigiDoc3 Client ........................................................................................ 5 1.1.1 Opening DigiDoc3 Client in open container view ............................................................ 6
1.2 DigiDoc3 Client user interface................................................................................. 6 1.2.1 Personal data section......................................................................................................... 6
1.3 Signing documents ................................................................................................... 7 1.3.1 Container sections ............................................................................................................. 8 1.3.2 Basic steps for signing ...................................................................................................... 9 1.3.3 Signing with Mobile-ID .................................................................................................. 11 1.3.4 Adding signatures to digitally signed documents ........................................................... 13
1.4 Viewing signed documents .................................................................................... 14 1.4.1 Opening documents inside the container ........................................................................ 14
1.5 Container ................................................................................................................ 14 1.5.1 Creating a container ........................................................................................................ 14 1.5.2 Saving the container ....................................................................................................... 14 1.5.3 Opening containers ......................................................................................................... 14 1.5.4 Actions with containers .................................................................................................. 15
1.5.4.1 Saving container content ....................................................................................... 15 1.5.4.2 Emailing containers ............................................................................................... 15 1.5.4.3 Browsing container location .................................................................................. 16 1.5.4.4 Printing out the document’s digital signatures and compiling the confirmation
sheet 16 1.5.5 Documents inside the container ...................................................................................... 17
1.5.5.1 Removing documents from container ................................................................... 17 1.5.5.2 Adding documents to container ............................................................................. 18 1.5.5.3 Saving documents that are inside the container .................................................... 19
1.5.6 Actions with signatures ................................................................................................... 20 1.5.6.1 Removing document’s digital signatures .............................................................. 20 1.5.6.2 Setting signer’s role and location .......................................................................... 20 1.5.6.3 Viewing document’s digital signature details ....................................................... 21
1.6 DigiDoc3 Client settings ........................................................................................ 23 1.6.1 Settings: general ............................................................................................................. 23 1.6.2 Settings: access certificate .............................................................................................. 24
1.6.2.1 Automatic validity confirmation access certificate installation ............................. 24 1.6.2.2 Manual validity confirmation access certificate installation ................................. 25
1.6.3 Settings: signature ........................................................................................................... 27 1.6.4 Settings: proxy ................................................................................................................ 27
1.7 DigiDoc3 Client help ............................................................................................. 28
1.8 Choosing between several ID-cards ....................................................................... 28
1.9 DigiDoc3 Client language selection ....................................................................... 28
1.10 Special circumstances occurring in signing ........................................................... 29
DigiDoc3 Crypto .......................................................................................................... 31
1.11 Launching DigiDoc3 Crypto .................................................................................. 31
1.12 DigiDoc3 Crypto user interface ............................................................................. 32 1.12.1 Personal data .............................................................................................................. 32
1.13 File encryption for safe transfer ............................................................................. 33 1.13.1 Basic steps for encryption .......................................................................................... 33
1.14 Decryption .............................................................................................................. 36
1.15 Secure container ..................................................................................................... 37
4
1.15.1 Creating a secure container ........................................................................................ 38 1.15.2 Saving the secure container........................................................................................ 38 1.15.3 Opening secure containers ......................................................................................... 38 1.15.4 Actions with secure containers .................................................................................. 39
1.15.4.1 Browsing secure container location ...................................................................... 39 1.15.4.2 Emailing secure container ..................................................................................... 39
1.15.5 Files inside the secure container ................................................................................ 40 1.15.5.1 Opening file inside secure container ..................................................................... 40 1.15.5.2 Saving files inside secure container ...................................................................... 40 1.15.5.3 Adding file to secure container ............................................................................. 41 1.15.5.4 Removing file from secure container .................................................................... 42
1.15.6 Secure container recipients ........................................................................................ 42 1.15.6.1 Searching and adding secure container recipients ................................................. 42 1.15.6.2 Removing secure container recipients ................................................................... 46 1.15.6.3 Viewing secure container recipient details ............................................................ 46
1.16 DigiDoc3 Crypto settings ....................................................................................... 47
1.17 DigiDoc3 Crypto help ............................................................................................ 48
1.18 Choosing between several ID-cards ....................................................................... 48
1.19 DigiDoc3 Crypto language selection ..................................................................... 48
5
DigiDoc3 Client
DigiDoc3 Client enables you to digitally sign documents with your ID-card and
Mobile-ID, check the validity of digital signatures, as well as open and save
documents contained in the DigiDoc3 Client container.
Documents inside in the container (file with .bdoc or .ddoc extension) can be viewed
and saved into their computers by other persons.
From within DigiDoc3 Client you can launch the DigiDoc3 Crypto application to
secure (encrypt) documents and to make secure documents viewable to everyone
(decrypt). Secured files have the extension .cdoc.
You can also launch the ID-card utility in DigiDoc3 Client if the signature certificate
is about to expire or has expired. In this case a link will appear for opening the ID-
card utility (Image 1)
The number of signings is limited in the DigiDoc3 Client: pursuant to the general
terms and conditions of the validity confirmation service, up to ten signatures are
permitted for personal use per calendar month. You should contact the Certification
Centre’s (Sertifitseerimiskeskus – SK) sales department in order to use the signature
service more or for business purposes by email [email protected] or by telephone 1777.
1.1 Opening DigiDoc3 Client
Windows
Select START → Programs → ID-card →DigiDoc3 Client or click on the
DigiDoc3 Client icon on your desktop.
Mac OS X
Select Applications → DigiDoc3 Client or click on the DigiDoc3 Client icon in
Dock.
Linux
Select Office from the applications menu → DigiDoc3 Client or use the command
qdigidocclient to launch from the command line.
Image 1
6
1.1.1 Opening DigiDoc3 Client in open container view
DigiDoc3 Client opens in open container view if:
1. You drag the container (i.e. .bdoc or .ddoc file) or the document you wish to
sign onto the DigiDoc3 Client icon on your desktop.
2. Doubleclick the container (i.e. .bdoc or .ddoc file).
3. Click the document with the right mouse button in the file manager and select
the function Sign with ID-card from the dropdown menu.
1.2 DigiDoc3 Client user interface
The DigiDoc3 Client user interface (Image 2) contains three sections:
Personal data section is always visible when working with DigiDoc3 Client.
Actions section lets you sign documents, view signed documents and open the
Crypto application for the secure sending of documents.
Settings and help section enables you to make various adjustments required for
the operation of DigiDoc3 Client and get help in case problems occur.
1.2.1 Personal data section
In the personal data section you can first choose whether to sign with ID-card or
Mobile-ID. Select the relevant radio button for Use ID-card or Use Mobile-ID.
You can view the signer’s personal data (Image 3) – name, personal code, ID-
card number and signature certificate validity – if you have selected ID-card as
signing method and the ID-card is in the card reader.
Image 2
Personal data
Settings and help
Actions
s
7
A warning will be displayed in the personal data section if the certificate is expired or
about to expire (Image 4). The expiry warning will be displayed 105 days before the
signature certificate expires. In order to renew the certificate, open the ID-card utility
by clicking on the Open utility link.
If you sign with Mobile-ID then fields will be displayed in the personal data
section for entering your telephone number and personal code (Image 5).
1.3 Signing documents
At the start of the digital signing process, the application first creates an empty
container where you can add documents that need to be signed. Thereafter, click on
the sign button and enter the ID-card’s PIN2 code (PIN code for digital signing). As a
result, the programme will create a digital signature on the document and request a
validity confirmation to the signature from SK’s server. The signature along with the
validity confirmation will be added to container. You can then send this container to
another person who can, in turn, sign it or open it and check the validity of signatures.
You will recognise a container on your computer by the file extension .bdoc or .ddoc
and by the icon displayed below (Image 6).
Image 6
Image 5
Image 4
Image 3
8
When you sign using DigiDoc3 Client for the first time you are requested to install
an access certificate to the validity confirmation server. Read the section Settings:
access certificate on how to do it.
1.3.1 Container sections
Documents that you need to digitally sign are grouped in a container and signed (i.e.
digital signature and validity confirmation are added). Then the container is saved.
The container includes one or several documents and one person’s or several persons’
digital signatures along with relevant validity confirmations (Image 7). Signatures
may also be absent from the container.
If the container is open in DigiDoc3 Client then:
Container data section shows you whether the container has been signed by you
and where the container has been saved.
The container can also be saved without being signed. In that case you will see a note
in the container data section informing you that the container is unsigned (Image 8).
Signature information section displays signature details, enables you to remove
and add signatures. Read more in Actions with signatures.
Contents section lets you save and open documents from within the container
and while the container is unsigned you can also remove documents. Read more
in the section Documents inside the container.
Actions section enables you to perform various actions on the container, read
more in Actions with the container.
Image 8
Image 7
Container data
Actions
Contents
Signature
information
9
1.3.2 Basic steps for signing
1. Launch DigiDoc3 Client.
2. Select I want to: Sign documents in the DigiDoc3 Client user interface.
o You can see a brief introduction to digital signing when you sign using
DigiDoc3 (Image 9). You can disable the display of the introduction in
settings. Read the introduction and click on the Next button.
3. A window will open for adding files. Select the documents that you want to
sign.
4. A save file window will open next. Name the created container and select the
folder where the container will be saved. You will also see the container’s
saving format .bdoc or .ddoc here (Image 10). Read more about changing
container format from Settings: general.
If you have specified in settings that container name should not be asked for and no
container of the same name exists in the destination folder then no saving window
will appear. Instead, the container along with selected documents will immediately
open.
5. The container that will open has a list of documents to be signed (Image 11, 1).
Image 10
Image 9
10
o You can save documents to disk from within the container. Before
signing the container you can add documents to the container or
remove therefrom.
6. Enter your details if you like: role, resolution and location (Image 11, 2).
o If you like, you can replace previously saved details with new ones.
o Role and resolution is your association with the documents and the
signature: whom you are signing as and what you are confirming with
your signature. You can also leave role, resolution and location details
blank.
Read more about signing with Mobile-ID in Signing with Mobile-ID.
7. Confirm your decision to sign with ID-card by clicking the Sign button (Image
11, 3).
o When you are signing using DigiDoc3 Client for the first time you will
now be asked permission to install the access certificate to validity
confirmation server (), you will find installation instructions from
Settings: access certificate. You cannot digitally sign without access
certificate to validity confirmation server.
8. Enter the requested PIN2 code and click OK (Image 13).
Image 12
Image 11
1 2
3
11
9. In case of a successful signing you will see information about the signatures in
the container’s signature information section (Image 14)
10. You can perform various actions with documents inside the container and with
the container itself. Read more from Container.
N.B. You cannot edit the content of documents within the container but you can add
and remove signatures.
1.3.3 Signing with Mobile-ID
1. Launch DigiDoc3 Client, add documents you want to sign and the signer’s
details as described in sections 1-6 of Basic steps for signing.
2. Make sure that you have selected to use Mobile-ID in the personal details
section and enter your mobile number and personal code to the personal details
section (Image 15).
Image 15
Image 14
Image 13
12
o Your mobile number must be entered with country code included.
+37259998877 or 0037259998877 is correct, 59998877 is incorrect.
3. Confirm your decision to sign with Mobile-ID by clicking on the Sign button.
4. A window with control code opens (Image 16).
If you are not a Mobile-ID user, the Mobile-ID service is not linked to the entered
telephone number and personal code combination or another problem occurs, you will
see an error message.
5. A Mobile-ID connection message will appear on your mobile phone’s screen
(Image 17) and thereafter a control code will appear (Image 18).
6. Make sure that the control codes displayed in DigiDoc3 Client and your mobile
phone are the same.
7. If the control codes are the same, press Continue on your mobile.
8. Now you can enter the Mobile-ID PIN2 code (Image 19). Press Done. Your
mobile screen will display a confirmation that the message is being sent (Image
20).
Image 20 Image 19
Image 18 Image 17
Image 16
13
9. DigiDoc3 Client checks every few seconds whether you have entered the PIN2
code. In case the signing is successful you will see the documents that are
within the container and information about signatures.
A container signed with Mobile-ID is no different than a container signed
with ID-card (Image 21).
Image 21
1.3.4 Adding signatures to digitally signed documents
Other people and/or institutions can also add their signatures to containers that have
already been signed.
In order to add a signature to a previously signed container:
1. Launch DigiDoc3 Client.
2. Open the container.
3. You will see previous signatures in the container.
4. Click the Add signature button.
5. Add your details if you like.
6. Click on the Sign button.
7. Enter the requested PIN2 code and click OK.
8. Your signature will appear in the list of signatures added to the container (Image
22).
Image 22
14
1.4 Viewing signed documents
Viewing signed documents is essentially the opening of the container – a .bdoc or
.ddoc file. You can perform various actions with the container and with documents
therein, on which you can read more in relevant subsections of the Container section.
1.4.1 Opening documents inside the container
1. Doubleclick the document that is inside the container.
2. The document will open.
1.5 Container
1.5.1 Creating a container
A container will be created automatically after you begin signing a document if you:
Select the action I want to: Sign documents in DigiDoc3 Client user interface.
Drag the documents you want to sign into the DigiDoc3 Client window or onto
its icon.
Select sign with ID-card from the right-click menu in file manager.
1.5.2 Saving the container
The container is automatically saved after a signature has been added.
You can also save unsigned containers by clicking the Cancel button in the container.
You can choose whether to keep the container or remove it ().
Containers are saved to the folder configured in settings.
Save dialogue opens when each container is created if you have specified in
settings to Ask for document name.
You will see the container’s format in the save dialogue – .bdoc or .ddoc. The
default saving format is .ddoc. Read about changing the container format from
Settings: general.
N.B. You cannot change a created container’s format later.
1.5.3 Opening containers
1. Launch DigiDoc3 Client.
Image 23
15
By launching DigiDoc3 Client in open container view you will immediately see the
container’s content.
2. Select I want to: View signed document content in the DigiDoc3 Client user
interface.
3. In the file opening window that opens, select the container (.bdoc or .ddoc file)
that you wish to view.
4. You will see the open container’s content.
1.5.4 Actions with containers
You can perform various actions with containers (Image 24):
Save the entire container’s content to disk.
Send the container as an email attachment.
Browse the container’s location on disk.
Print a confirmation sheet with container content and signature details.
Image 24
Also see sections Documents inside the container and Actions with signatures.
1.5.4.1 Saving container content
In order to save container content into a folder of your choice:
1. Open the container.
2. Click on the link Save files to disk (Image 24, 1).
3. In a save file window that opens, select the folder where you wish to save the
files. All of the documents inside the container will be saved at once to the
selected folder.
1.5.4.2 Emailing containers
You can email the container to the recipients of your choice with DigiDoc3 Client if
you use Mail.app in MacOS X, Outlook and Thunderbird in Windows, Thunderbird in
Linux.
1. Launch DigiDoc3 Client.
2. Sign a document or open a saved container.
3. Click on the link Send container to email (Image 24, 2).
4. A new message will open in your default email application with the container
attached to the email (Image 25).
1
2
3
4
16
If you have no default email application, the default email application setup wizard
will open.
5. Send the email to the recipients of your choice.
1.5.4.3 Browsing container location
With this action you can directly go to the container’s location in file manager.
1. In the actions section of DigiDoc3 Client’s open container, click on the link
Browse container location (Image 24, 3).
2. A new file manager window will open in the folder where the container
currently open in DigiDoc3 Client is located.
You can also see the container’s file path in the container data section.
1.5.4.4 Printing out the document’s digital signatures and compiling the confirmation
sheet
The digital signature confirmation sheet includes information about the document’s
signatories and signed files. It is not legally equal to the signatures but is suitable for
internal use and archiving if the original document remains in existence.
The confirmation sheet is mainly required in institutions and companies where
internal operations still take place on paper but which receive a few digital
documents.
The confirmation sheet is not legally binding without the original electronic
document.
1. Launch DigiDoc3 Client.
2. Sign a document or open a saved container.
3. In the open container click on the link Print confirmation sheet (Image 24,
4).
4. You will see the print preview of the data on your screen ().
Image 25
17
5. Click the printer icon (Image 26, 1).
6. Select the printer in a printing dialogue that opens.
7. The confirmation sheet will reach the printer
1.5.5 Documents inside the container
You can add documents to unsigned containers and remove documents from the
container. You can save documents to disk from both signed as well as unsigned
containers.
1.5.5.1 Removing documents from container
You can remove documents from container if the container is unsigned.
1. Open a container.
After opening an unsigned container, click on the “Add signature” button.
2. Click on the removal button that is next to the document (Image 27) or press the
Delete key when being on the file.
3. The document will disappear from the list of documents inside the container.
N.B. Removing documents from the container does not remove them from disk!
Image 27
Image 26
18
1.5.5.2 Adding documents to container
You can add documents to container as long as the container is unsigned or signatures
have been removed from the container. There are several ways to add documents.
By using the add file link:
1. Open or create a container.
2. Click on the link Add file (Image 28).
3. In the add file window that opens, select the documents that you wish to sign.
4. The selected documents will appear in the list of documents inside the
container.
By dragging them into the open container:
1. Open or create a container.
2. Drag the documents you wish to sign into the container.
3. The selected documents will appear in the list of documents inside the
container.
By creating a container:
1. Drag the documents you wish to sign onto the DigiDoc3 Client icon or into the
open DigiDoc3 Client window.
2. You will see the added documents in the container.
N.B. If a document of the same name already exists in the container then the
programme will ask for permission to overwrite it (Image 29).
Image 28
19
1.5.5.3 Saving documents that are inside the container
There are several ways to save documents that are inside the container.
Save button:
1. Open a container.
2. Click on the save button next to the document (Image 30, 1).
There is no button to save documents in an unsaved container. You can
save your document by dragging it with the mouse (see the description
below).
3. The save file window will open.
4. Select the folder where you wish to save the document.
By dragging with your mouse:
1. Open a container.
2. Point your mouse to the document that you wish to save.
3. Drag the selected document out of the container using your mouse to the file
manager’s folder where you wish to save it.
You can drag a document from the container to another application, such as an email
application, for example.
Image 30
Image 29
1
2
20
In order to save the container content at once:
1. Open a container.
2. Click on the link Save files to disk (Image 30, 2).
3. In the save file window that opens, select the folder where you wish to save
the files.
4. All of the documents inside the container are saved at once into the selected
folder.
1.5.6 Actions with signatures
1.5.6.1 Removing document’s digital signatures
You can remove your own as well as other persons’ signatures from the container.
The removal of signatures won’t affect the content of documents inside the container.
However, documents with removed signatures cannot be used in official proceedings
because unsigned documents are not legally binding.
1. Launch DigiDoc3 Client.
2. Open a container.
3. In the open container go to the signature that you wish to remove (Image 31).
4. Click on the link Remove.
5. Confirm the removal of the signature in the opening dialogue window (Image
32).
6. The signature will disappear from the list of signatures.
1.5.6.2 Setting signer’s role and location
You can add details to the container about your association with the documents and
signature in free text (Image 33). Adding this information is not mandatory, however
your employer or service provider may require it when signing documents related to a
service or your work.
Image 32
Image 31
21
You can replace details saved in previous settings with new details.
1.5.6.3 Viewing document’s digital signature details
1. Launch DigiDoc3 Client.
2. Open a container.
3. In the open container go to the signature for which you wish to see details
(Image 34).
4. Click on the link Show details.
5. In three tabs you will see detailed information about the selected signature
(Image 35).
o signer’s role and resolution details are in the same field in .ddoc format
containers and in separate fields in .bdoc format containers.
Image 34
Image 33
22
6. Click on the Show certificate button to see signature certificate details (Image
36).
7. You can save the certificate by clicking on the Save button in the Details tab.
8. In the dialogue window that opens, select the location and format (.pem, .crt,
.cer) for saving the certificate (Image 37).
Image 36
Image 35
23
1.6 DigiDoc3 Client settings
Select Settings in the settings and help section of DigiDoc3 Client’s user interface
(Image 38).
The DigiDoc3 Client settings window will open, consisting of four tabs: General,
Access certificate, Signature and Proxy.
1.6.1 Settings: general
In the DigiDoc3 Client settings General tab (Image 39), you can change the way
DigiDoc3 Client “behaves” in creating containers.
Container default location selection
The container is saved in the same folder as the first document added to the
container by default and the box Same folder is checked (Image 39, 1).
Image 39
Image 38
Image 37
1
2
3
4 5
24
You can change the default saving folder by selecting a new location in the
Container default location (Image 39, 2).
Asking for saved container name
Check the box Ask container name if you want to have the option to change
container name, format and destination folder when creating a container Image 39,
3).
If the programme has not been set to ask document name, the container will be
saved with the name of the first added document as a .bdoc or .ddoc file.
Showing introduction
Check the box Show signing intro if you want to see a brief introduction on
digital signatures each time you sign digitally (Image 39, 4).
File format selection
DigiDoc3 Client creates containers by default as .ddoc files.
Select the Default file type radio button next to the relevant file type in order to
change the default container format (Image 39, 5).
After a container has been created, its format can no longer be changed!
1.6.2 Settings: access certificate
When you sign digitally, the validity of the signature certificate at the time of signing
is checked and confirmed in SK’s server. Obtaining such a validity confirmation is a
separate service and an access certificate to the validity confirmation server must be
ordered from SK in order to use this service. You cannot sign digitally without an
access certificate to the validity confirmation server.
1.6.2.1 Automatic validity confirmation access certificate installation
DigiDoc3 Client requests, installs and updates the validity confirmation server access
certificate automatically. However, when you are signing using DigiDoc3 Client for
the first time, you are requested to download the validity confirmation server access
certificate:
1. When you are signing using DigiDoc3 Client for the first time, you will see a
message that you don’t have a validity confirmation server access certificate and
permission will be requested to install it (Image 40). Say Yes.
2. Enter PIN1 in the opening window and click OK (Image 41).
Image 40
25
3. Access certificate installation can take a few minutes. After installation is
complete, signing will continue as normal, with the entry of the PIN2 code.
1.6.2.2 Manual validity confirmation access certificate installation
Validity confirmation server access certificate must be installed manually if for some
reason automatic installation or update fails. When signing with Mobile-ID, the access
certificate must also be installed manually. Access certificates ordered from SK for
using the paid DigiDoc3 Client service (over 10 signatures per calendar month) must
also be installed manually.
1. DigiDoc3 Client will make sure if the validity confirmation server access
certificate is absent and it cannot automatically request it (in case of an error, for
example).
2. A relevant message will be displayed to you and a link to SK’s access certificate
ordering website.
3. Follow the instructions provided on SK’s access certificate ordering website for
obtaining the access certificate.
4. Save the access certificate file and copy the password obtained from SK’s
access certificate ordering website.
5. Open the tab OCSP PKCS#12 certificate in DigiDoc3 Client’s settings (Image
42).
Image 42
Image 41
26
6. Navigate to the access certificate with a .p12 extension in the file selection
dialogue window (Image 43).
Image 43
7. Enter the password obtained from SK’s access certificate ordering website
(Image 44) and close the settings window.
8. The access certificate has been installed and is ready for use (Image 44).
Image 44
You can also install the access certificate in file manager.
1. Doubleclick on the downloaded access certificate file (.p12 file extension).
2. Enter the password obtained from SK’s access certificate ordering website in
the opening window and click OK (Image 45).
3. The access certificate has been installed and is ready for use.
Image 45
27
1.6.3 Settings: signature
In the signature settings section you can save the signer’s details so that you wouldn’t
have to enter them again each time you sign (Image 46). The signer’s details are not
mandatory and their absence does not prevent you from signing documents.
You can overwrite saved details each time you sign.
By checking the Save last insert role and resolution checkbox, the information
entered when you sign is saved as default for future use.
1.6.4 Settings: proxy
A proxy or proxy server is a firewall component that acts as an intermediary for
external traffic and which is sometimes used to speed up the loading of web pages.
If your computer’s external traffic goes through a proxy then enter your proxy details
which you can obtain from your institution’s IT specialist or internet service provider
(Image 47).
Image 47
Image 46
28
1.7 DigiDoc3 Client help
DigiDoc3 Client user’s guide and a link to ID-card’s online support environment will
open if you click on the Help link (Image 48).
Image 48
1.8 Choosing between several ID-cards
The ID-card selection menu will only appear on the menu bar if several card readers
with ID-cards have been connected to the computer.
1. Click on the ID-card selection menu on the menu bar (Image 49).
2. A dropdown menu of all ID-cards that are connected will open.
Image 49
3. Click on your own ID-card number.
4. The application interface will display the selected ID-card’s card details and
personal details.
1.9 DigiDoc3 Client language selection
In order to change the language:
1. Go to the language selection menu using your mouse (Image 50).
Image 50
2. Click on your preferred language in the opening dropdown menu. The
selected language will appear in the language selection window and the
application’s user interface will be in another language.
29
1.10 Special circumstances occurring in signing
Various special circumstances and problems can occur in signing. Some more
frequent special circumstances have been described below. If an error has occurred,
you will generally see a straightforward description of the problem and usually
instructions for resolving it.
If the problem description includes error codes and other incomprehensible text then
forward it to the email address [email protected] or seek help from the ID-card support centre
at www.support.sk.ee.
1. An expired signature certificate cannot be used to sign documents. In this case
a warning will appear in the personal details section of DigiDoc3 Client (Image
51). From there you can launch ID-card utility to renew the certificate.
2. A locked PIN2 code cannot be used to sign documents. In this case you will see
a PIN2 is locked message. After you unlock your PIN2 code using the ID-card
utility you can continue signing.
3. If the Add signature button is inactive, the reason may be that you have already
added your signature to the container.
Image 52
Image 51
30
4. If after entering PIN2 you see a message that the access certificate was not
found (Image 53), you can rectify the problem by clicking on Yes. You will find
instructions from Settings.
Image 52
5. An error will occur in saving the container if you have specified a write-
protected folder as the default saving folder in settings (Image 54). Change the
default saving folder details and sign again.
Image 53
6. When signing with Mobile-ID you may get a Request timeout message (Image
54). You probably took too long to enter your PIN2 code. Click on the Sign
button again.
Image 54
7. You cannot sign with Mobile-ID if the phone whose number you are using for
signing is switched off or drops the connection. In both cases you will get a
relevant error message (Image 55).
Image 55
31
DigiDoc3 Crypto
DigiDoc3 Crypto enables you to secure (encrypt) documents using your ID-card for
sending them securely and to view secured documents (decrypt).
Securing or encrypting enables you to protect sensitive information from other people
in the short term. The ID-card’s authentication certificate is used for encryption.
It is important to remember that the secured information will be lost if the
recipient’s ID-card cannot be used for decryption (for example if the ID-card
is lost, authentication certificate on the ID-card has been updated or
cancelled). There are two good options to avoid this problem: store the
information openly at another location, unencrypted, or encrypt the
information to a sufficient number of recipients, including yourself.
You can load the authentication certificate used for encryption from the LDAP folder
using your personal code, select among previously used and saved certificates, load
from the certificate file or read from your ID-card.
A secure container will be created upon encryption, i.e. a file with the .cdoc extension.
You will recognise a secure container by the pictured icon (Image 57).
1.11 Launching DigiDoc3 Crypto
Windows: Select START → Programs → ID-card→DigiDoc3 Crypto or click the
DigiDoc3 Crypto icon on your desktop.
Mac OS X: Select Applications → DigiDoc3 Crypto or click on the DigiDoc3 Client
icon in Dock.
Linux:Select Office from the applications menu → DigiDoc3 Crypto or use the
command qdigidoccrypto to launch from command line.
DigiDoc3 Crypto will also launch from DigiDoc3 Client if you select I
want to: Encrypt files for secure transfer in DigiDoc3 Client’s user
interface (Image 58).
DigiDoc3 Crypto will also launch if you doubleclick a secure container (.cdoc file
format). DigiDoc3 Crypto will open in secure container view in that case.
Image 57
Image 56
32
1.12 DigiDoc3 Crypto user interface
DigiDoc3 Crypto user interface (Image 59) comprises three sections:
Personal data section is always visible when working with DigiDoc3 Crypto.
Actions section lets you encrypt documents and view secure container content.
Settings and help section enables you to change the programme’s “behaviour” in
the creation of secure containers.
1.12.1 Personal data
Personal data – name, personal code, ID-card number and authentication certificate
validity – will only be visible if your ID-card is in the card reader (Image 60).
A warning will be displayed in the personal data section if the authentication
certificate is expired or about to expire (Image 61). The expiry warning will be
displayed 105 days before the authentication certificate expires. In order to
restore or update the certificate, open the ID-card utility by clicking on the Open
utility button.
Image 59
Image 58
Actions
Personal data
Settings and help
33
1.13 File encryption for safe transfer
1.13.1 Basic steps for encryption
1. Launch DigiDoc3 Crypto.
2. Click on the button I want to: Encrypt files in the DigiDoc3 Crypto user
interface.
a. You will see an introduction and warning about risks related to
encryption when you encrypt for the first time using DigiDoc3 Crypto
(Image 62). You will see the same warning if you have made the
introduction display mandatory in settings.
b. Check the box to confirm that you understand the meaning of
encryption (Image 62).
c. Click Next.
3. Add the files that should be encrypted in the opening dialogue window (also see
the section Files inside the secure container).
4. The save file window will open next. Name the secure container that you are
creating and specify the saving location.
The save file window will not appear if you have specified in settings that
secure container name should not be requested and if the destination folder
does not have a secure container of the same name. Instead, the secure
container will open immediately along with selected files.
Image 61
Image 60
34
5. You will see added files in the open secure container (, 1). You can add files to
the secure container and remove therefrom as long as the secure container is
unencrypted. Also see the section Files inside the secure container.
6. Add the secure container recipients by clicking on Add recipient in the secure
container section (Image 63, 2).
7. You can select the secure container recipient in the window that opens with two
tabs.
In the Encryption recipients section, all four ways to add recipients are explained:
searching from SK’s certificate depository by personal code or institution name,
loading from ID-card or file and selection from previously used certificates.
8. Enter the secure container recipient’s personal code or institution name in the
first tab (Image 64, 1) (Image 64, 2).
Image 63
Image 62
1
1
2 3
35
9. Click on the Search button (Image 64, 3).
10. The found person’s certificate details will be displayed (Image 65).
o If the found person’s certificate is expired, suspended or cancelled, a
relevant warning will be displayed (image 66).
11. Click on the selected certificate owner’s name so that its background colour
changes and click on the Add cert button (Image 67).
Image 66
o You can also doubleclick the certificate owner’s name.
12. The selected person will be added to the secure container’s recipients list
(Image 68, 1).
Image 64
Image 65
36
13. After all secure container recipients are added, click on the Encrypt button
(Image 68, 2).
Image 67
14. Files inside the secure container are encrypted.
You can perform various actions with the secure container: email them, decrypt them
and browse the secure container’s location on disk.
1.14 Decryption
It is important to remember that the secured information will be lost if the recipient’s
ID-card cannot be used for decryption (for example if the ID-card is lost,
authentication certificate on the ID-card has been updated). There are two good
options to avoid this problem: store the information openly at another location (i.e.
unencrypted) or encrypt the information to a sufficient number of recipients, including
yourself.
1. Open the secure container by selecting I want to: View encrypted document
content in DigiDoc3 Crypto user interface or by doubleclicking the .cdoc file.
2. You will see the lists of files and secure container recipients inside the secure
container (Image 69, 1 and 2).
Image 68
1 2
3
1
2
37
3. Click on the Decrypt button (Image 69, 3).
o The decryption button is inactive if the secure container’s ID-card is
not in the card reader.
4. Enter PIN1 in the window that opens (Image 70).
If the entered PIN1 code is incorrect or the use of the authentication
certificate is blocked then such information will be displayed (Image 71).
Image 70
5. The secure container will be decrypted.
A decrypted secure container is the same as a created but unencrypted secure
container. You can open, save, add and remove files that are inside. You can
also add and remove the secure container’s recipients and re-encrypt the secure
container.
1.15 Secure container
Files that are to be encrypted are assembled into a secure container, encryption
recipient addresses are added and then the secure container is encrypted. A secure
container includes one or several files and one or several recipients (Image 72).
Image 69
38
Container location section shows you where the container has been saved.
Secure container keys section enables you to view recipient details. You can add
and remove recipients from unencrypted secure containers. Read more from
Secure container keys.
Content section shows you the list of files inside the secure container. You can
view, save, open, remove and add files inside unencrypted secure containers.
Read more from Files inside the secure container.
Actions section lets you perform various actions with the secure container, read
more from Actions with secure containers.
1.15.1 Creating a secure container
Files needing to be secured are assembled into a secure container, encrypted and then
the secure container is saved. A secure container may contain one or several files.
A secure container will be created automatically if you select I want to: Encrypt files
in the DigiDoc3 Crypto user interface or drag the files that should be encrypted into
the DigiDoc3 Crypto window using your mouse.
1.15.2 Saving the secure container
Secure container is automatically saved into the folder specified in settings after
having been encrypted.
A saving dialogue will always open when creating a new secure container if the
Ask container name checkbox has been checked in settings.
1.15.3 Opening secure containers
1. Click on the DigiDoc3 Crypto interface I want to: View encrypted document
content or doubleclick the .cdoc file.
Image 71
Container location
Actions
Secure
container
keys Content
39
2. In the secure container that will open you will see the lists of files and keys
inside the container (Image 73).
1.15.4 Actions with secure containers
You can perform various actions with secure containers:
Browse container location on disk.
Email container to other persons.
Also see Files inside the secure container and Secure container recipients.
1.15.4.1 Browsing secure container location
1. Click on the link Browse container location in the DigiDoc3 Crypto secure
container actions section (Image 74).
Image 73
2. A new file manager window will open in the folder where the secure container
currently open in DigiDoc3 Crypto is located.
You will also see the secure container’s location on disk in the container location
section.
1.15.4.2 Emailing secure container
You can use DigiDoc3 Crypto to send secure containers by email if you are using
Mail.app in MacOS X, Outlook Express, Windows Mail or Thunderbird in Windows
or Thunderbird in Linux.
1. Open the secure container.
2. Click on the link Send container to email (Image 75).
Image 72
40
Image 74
3. The email application you have configured will open, with the secure container
already attached to an email (Image 76).
If you have not configured an email application, the default email
application setup wizard will open.
4. Send the email to the recipients of your choice.
1.15.5 Files inside the secure container
Before encrypting a secure container or after its decryption, you can open files inside
the container, add files to secure container, save files inside the secure container to
disk, remove files from secure container.
You cannot perform any actions with files inside an encrypted secure container until
the container is decrypted.
1.15.5.1 Opening file inside secure container
Before a secure container is encrypted or after it is decrypted you can open files inside
the container.
1. Go to the file in the secure container that you want to open, using your mouse.
2. Doubleclick.
3. The file will open.
1.15.5.2 Saving files inside secure container
You can save files before a secure container is encrypted or after it is decrypted.
By dragging with your mouse
1. Go on the file you wish to save in the secure container, using your mouse.
Image 75
41
2. Drag the selected file out of the secure container into a file manager folder
where you would like to save the file.
Using the save button
1. Click on the save button next to the file in the secure container (Image 77, 1).
Image 76
2. A file saving dialogue will open.
3. Select the folder where you would like to save the file.
Saving all files inside the container at once
1. Click on the link Save files to disk in the secure container (Image 77, 2).
2. In the file saving window that opens, select the folder where you wish to save the
files.
3. All of the files inside the container are saved at once into the selected folder.
You can drag a file from the container to another application, such as an email
application, for example.
1.15.5.3 Adding file to secure container
You can add files before a secure container is encrypted or after it is decrypted. There
are several ways to do it:
By creating a container:
1. Drag the files you wish to encrypt into the open DigiDoc3 Crypto window.
2. You will see the added files in the container.
In the add file dialogue:
1
2
42
1. Click on the link Add file in the secure container (Image 78, 1).
Image 77
2. In the add file window that opens, select the files that you wish to encrypt.
3. You will see the added files in the container.
By dragging them into the open secure container:
1. Drag the files you wish to encrypt into the secure container.
2. You will see the added files in the container.
1.15.5.4 Removing file from secure container
You can remove files from container before a secure container is encrypted or after it
is decrypted.
1. Click on the remove button next to the file in the secure container (Image 78, 2)
or press the Delete key while having selected the file using your mouse.
2. The file will be removed from the list of files inside the secure container.
1.15.6 Secure container recipients
1.15.6.1 Searching and adding secure container recipients
New secure container recipient certificates found from LDAP folder are
automatically saved, so that they could be selected from the list of previous
encryption recipients next time.
You cannot add the same recipient twice.
If the authentication certificate for a recipient added from the ID-card is expired,
a warning will be displayed saying that the secure container cannot be decrypted
after the certificate is updated.
1
2
43
1. Select Add recipient in the keys section of an open container (Image 79).
Image 78
2. A window with two tabs will open (Image 80), which will let you select the
secure container recipient’s certificate in four different ways:
Image 79
o From Certification Centre’s (Sertifitseerimiskeskus – SK) certificate
depository or LDAP folder by personal code or company name (Image
79, 1),
o load from ID-card (Image 80, 2),
o load from file (Image 80, 3),
o select from among previously used certificates (Image 80, 4).
Adding certificate from SK’s certificate depository or LDAP folder by personal
code
1. Enter the secure container recipient’s personal code (Image 81) or company
name (Image 82) in the first tab.
Image 80
1 4
2 3
44
Image 81
2. Click on the Search button.
3. The found person’s certificate data will be displayed (Image 83).
4. Click on the selected certificate owner’s name so that its background colour
changes and then click on the button Add certificate.
o You can also doubleclick the certificate owner’s name.
5. The selected person will be added to the list of keys in the secure container
(Image 84).
Adding certificate among previously saved recipients
1. Go to the person’s name that you would like to add as recipient on the Used
certificates tab, using your mouse (Image 85).
2. Doubleclick the person’s name.
3. The first tab will open.
Image 83
Image 82
Image 84
45
4. Click on the selected certificate owner’s name so that its background colour
changes and then click on the button Add certificate (Image 86).
Image 85
o You can also doubleclick the certificate owner’s name.
5. The selected person will be added to the list of keys in the secure container
(Image 87).
Image 86
Adding certificate from ID-card
1. Click on the button Add cert from card.
2. The owner of the ID-card currently in the reader will be added to the list of
keys in the secure container (Image 87).
If the found person’s certificate is expired, suspended or cancelled then a
relevant warning will be displayed (Image 88).
Image 87
Adding certificate from file.
1. Click on the button Add cert from file.
46
2. In the dialogue window that will open, select the pem., cer or .crt format
certificate file that you wish to add.
3. The owner of the selected certificate will be added to the list of keys in the
secure container (Image 87).
1.15.6.2 Removing secure container recipients
You can remove recipients from container before a secure container is encrypted or
after it is decrypted.
1. Select the recipient whom you would like to remove from the list of keys
2. Click on the link Remove (Image 89).
Image 88
3. The selected recipient will be removed from the secure container’s list of keys.
1.15.6.3 Viewing secure container recipient details
1. Select the secure container’s recipient whose details you would like to view
(Image 90)
Image 89
2. Click on Show details below the recipient’s data
3. A window will open containing the recipient’s encryption key details (Image
91).
Image 90
47
If you like, you can view the recipient’s authentication certificate details by
clicking on the button Show certificate. You can also save the certificate.
1.16 DigiDoc3 Crypto settings
Select Settings in the settings and help section of DigiDoc3 Crypto’s user interface
(Image 92).
Image 91
The DigiDoc3 Crypto settings window will open (Image 93).
Container default location selection.
If you check the Same folder checkbox (Image 93, 1), the secure container will
be saved in the same folder as the first file added to the container.
You can change the default saving folder by selecting a new location in the
Container default location (Image 93, 2).
Asking for saved container name.
Check the box Ask container name if you want to have the option to change
container name, saving format and destination folder when creating a container
(Image 93, 3).
Showing introduction
Image 92
1 1
4
3
2
48
Check the box Show encrypting intro, if you want to see a brief introduction on
encryption and associated dangers each time before you encrypt something (Image
93, 4).
1.17 DigiDoc3 Crypto help
DigiDoc3 Crypto user’s guide and a link to ID-card’s online support environment will
open if you click on the Help link (Image 94).
Image 93
1.18 Choosing between several ID-cards
The ID-card selection menu will only appear on the menu bar if several card readers
with ID-cards have been connected to the computer.
1. Click on the ID-card selection menu on the menu bar (Image 95).
2. A dropdown menu of all ID-cards that are connected will open.
Image 94
3. Click on your own ID-card number.
4. The application interface will display the selected ID-card’s card details and
personal details.
1.19 DigiDoc3 Crypto language selection
In order to change the language:
1. Go to the language selection menu using your mouse (Image 96).
Image 95
2. Click on your preferred language in the opening dropdown menu.
3. The selected language will appear in the language selection window and the
application’s user interface will be in another language.