Electronic signature

E-signature verification service

To integrate with an external electronic signature verification service, a special signature verification library must be developed. The system will perform electronic signature verification through this system after this library is specified in the configuration file, in the blitz.prod.local.idp.login.methods.x509 section, as follows:

"x509-verifier" : {
    "javaClass" : "<Java-класс реализации коннектора>",
    "pathToJar" : "/usr/…/check-signature-1.0.0.jar",
    "signatureValidationServiceUrl" : "<адрес сервиса >"
}

E-signature plugin

To set non-standard settings for calling the e-signature plugin when a user requests login by e-signature, it is necessary to create a plugin settings block with overridden plugin call settings in the blitz.prod.local.idp.login.methods.x509 section of the configuration file:

"plugin" : {
    "allModulesEnabled" : false,
    "capi" : {
        "providers" : [
            {
                "name" : "Crypto-Pro GOST R 34.10-2001 Cryptographic Service Provider",
                "pinMode" : 1
            },
            {
                "name" : "Crypto-Pro GOST R 34.10-2012 Strong Cryptographic Service Provider",
                "pinMode" : 1
            },
            {
                "name" : "Infotecs Cryptographic Service Provider",
                "pinMode" : 1
            },
            {
                "name" : "Signal-COM GOST R 34.10-2012 (512) Cryptographic Provider",
                "pinMode" : 1
            },
            {
                "name" : "Signal-COM CPGOST Cryptographic Provider",
                "pinMode" : 1
            },
            {
                "name" : "Signal-COM GOST R 34.10-2012 (256) Cryptographic Provider",
                "pinMode" : 1
            }
        ],
        "stores" : []
    },
    "modules" : [
        "capi",
        "Aladdin R.D. Unified JaCarta",
        "ISBC ESMART",
        "Rutoken",
        "SafeNet"
    ]
}

In the configuration block you can remove unnecessary modules from modules and providers to limit the list of available electronic signature means. Also for used providers it is possible to configure the mode of pin code input according to documentation on plugin.

If it is necessary to display only signature keys from the Windows OS registry, accessible via MS CAPI, then the settings block should look as follows:

"plugin": {
    "allModulesEnabled": false,
    "capi": {
        "stores": [
            {
                "name": "My"
            }
        ]
    },
    "modules": []
}