Method name: Seal

Service description including WSDL schema, and an example request and response for SOAP 1.1 and SOAP 1.2 are located at https://localhost/secusign/default.asmx?op=Seal.

Localhost is the name used for the local computer; write the SDK server name/IP address instead (according to the settings in IIS).

Request in SOAP 1.1 interface

POST /secusign/default.asmx HTTP/1.1
Host: localhost
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://software602.com/secusign/Seal"

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <Seal xmlns="http://software602.com/secusign/">
      <FileName>string</FileName>
      <Input>base64Binary</Input>
      <FileType>UNKNOWN or CMSPKCS7 or CMSPKCS7Ext or PDF or XML or XML602FORM or XMLISDOC or ASiC_S_CAdES or ASiC_S_XAdES or ASiC_S_Tst or ASiC_E_CAdES_Tst or ASiC_E_XAdES or MS_WORD or MS_EXCEL or MS_PWR_PNT or ODF</FileType>
      <CertificateID>string</CertificateID>
      <PrivateKeyPIN>string</PrivateKeyPIN>
      <SignatureType>DEFAULT or ENVELOPED or DETACHED or ENCAPSULATE or DETACHED_FROM_HASH</SignatureType>
      <Params>string</Params>
    </Seal>
  </soap:Body>
</soap:Envelope>

Input parameters of the method

<FileName>

[mandatory element]

Input	Description
string	Name of input file (including extension) to be provided with a qualified electronic seal. Example: Document.pdf Max. 260 characters.

Input

Description

string

Name of input file (including extension) to be provided with a qualified electronic seal. Example: Document.pdf

Max. 260 characters.

<Input>

[mandatory element]

Input	Description
Base64Binary	Input file data encoded in base64.

Input

Description

Base64Binary

Input file data encoded in base64.

<FileType>

[mandatory element]

Type of document or data to be signed
Input	Description
UNKNOWN	Unknown document type
CMSPKCS7	Document signed with an internal CMS/PKCS7 signature, e.g., Data messages from the Data Mailbox Information System.
CMSPKCS7Ext	Document signed with an external CMS/PKCS7 signature, e.g., Data messages from the Data Mailbox Information System.
PDF	PDF document.
XML	XML data.
XML602FORM	FO/ZFO forms for Software602 Form Filler.
XMLISDOC	XML ISDOC data.
ASiC_S_CAdES	ASiC-Simple with CAdES signature.
ASiC_S_XAdES	ASiC-Simple with XAdES signature.
ASiC_S_Tst	ASiC-Simple with Timestamp.
ASiC_E_CAdES_Tst	ASiC-Extended with CAdES signature or Timestamp.
ASiC_E_XAdES	ASiC-Extended with XAdES signature.
MS_WORD	MS Word document.
MS_EXCEL	MS Excel document.
MS_PWR_PNT	MS PowerPoint document.
ODF	OpenDocumentFormat (OpenOffice).
EML	Electronic mail message. Note: Experimental support. If you would like to enable it, contact us.

Type of document or data to be signed

Input

Description

UNKNOWN

Unknown document type

CMSPKCS7

Document signed with an internal CMS/PKCS7 signature, e.g., Data messages from the Data Mailbox Information System.

CMSPKCS7Ext

Document signed with an external CMS/PKCS7 signature, e.g., Data messages from the Data Mailbox Information System.

PDF

PDF document.

XML

XML data.

XML602FORM

FO/ZFO forms for Software602 Form Filler.

XMLISDOC

XML ISDOC data.

ASiC_S_CAdES

ASiC-Simple with CAdES signature.

ASiC_S_XAdES

ASiC-Simple with XAdES signature.

ASiC_S_Tst

ASiC-Simple with Timestamp.

ASiC_E_CAdES_Tst

ASiC-Extended with CAdES signature or Timestamp.

ASiC_E_XAdES

ASiC-Extended with XAdES signature.

MS_WORD

MS Word document.

MS_EXCEL

MS Excel document.

MS_PWR_PNT

MS PowerPoint document.

ODF

OpenDocumentFormat (OpenOffice).

EML

Electronic mail message.

Note: Experimental support. If you would like to enable it, contact us.

<CertificateID>

[optional element]

Input	Description
String	Identification of the certificate to create an advanced/qualified electronic seal or an advanced/qualified electronic signature. For in-house SecuSign SDK interface, the following formats can be used: HStore:[alias] Alias of the signing/sealing certificate from the HSM module of the Remote signing/sealing service. If configuration key Seal_DefaultToQStore is specified in the web service configuration, the HStore prefix is not used. PKCS11:[alias] Alias of the signing/sealing certificate from the client’s HSM module or from the Windows system store. QStore:[alias] A certificate uploaded to the client’s account in Azure KeyVault is used for sealing. urn:hex:[hexadecimal_encoded_sha1_hash_of_cert] Signing/sealing using a certificate from the Windows system store under the current user. The application pool must be run under the specific user. urn:sha:[Base64_encoded_sha1_hash_of_cert] Signing/sealing using a certificate from the Windows system store under the current user. The application pool must be run under the specific user. [path to PFX] Signing by a specific PFX locally accessible to the web service/application in a file. empty string The SigningCertPath setting in SecuSign SDK web service configuration will be used. If the web service configuration contains the configuration key Seal_DefaultToQStore, the default certificate from the Remote sealing service will be used. For SecuSign web services in Azure, it is possible to use e.g. the value from CN or SERIALNUMBER – both details can be found in the SecuSign service administration > Seal after logging in to the 602 ID account user interface. Default value: empty string.

Input

Description

String

Identification of the certificate to create an advanced/qualified electronic seal or an advanced/qualified electronic signature.

For in-house SecuSign SDK interface, the following formats can be used:

HStore:[alias]
- Alias of the signing/sealing certificate from the HSM module of the Remote signing/sealing service.
- If configuration key Seal_DefaultToQStore is specified in the web service configuration, the HStore prefix is not used.
PKCS11:[alias]
- Alias of the signing/sealing certificate from the client’s HSM module or from the Windows system store.
QStore:[alias]
- A certificate uploaded to the client’s account in Azure KeyVault is used for sealing.
urn:hex:[hexadecimal_encoded_sha1_hash_of_cert]
- Signing/sealing using a certificate from the Windows system store under the current user. The application pool must be run under the specific user.
urn:sha:[Base64_encoded_sha1_hash_of_cert]
- Signing/sealing using a certificate from the Windows system store under the current user. The application pool must be run under the specific user.
[path to PFX]
- Signing by a specific PFX locally accessible to the web service/application in a file.
empty string
- The SigningCertPath setting in SecuSign SDK web service configuration will be used.
- If the web service configuration contains the configuration key Seal_DefaultToQStore, the default certificate from the Remote sealing service will be used.

For SecuSign web services in Azure, it is possible to use e.g. the value from CN or SERIALNUMBER – both details can be found in the SecuSign service administration > Seal after logging in to the 602 ID account user interface.

Default value: empty string.

<PrivateKeyPIN>

[optional element]

Input	Description
string	The PIN selected by the applicant as the access password to the private part of the certificate. The value is mandatory for QStore, PKCS11 and a PFX file. If HStore alias is used, it depends on whether it is used for signing or for sealing. When signing, it is necessary to specify the PrivateKeyPIN if the PIN is set for confirmation (default). PrivateKeyPIN should be omitted if the 602KEY is set for confirmation (see the AuthMode value in ListCerts2). When sealing, PrivateKeyPIN does not need to be included, because access to the certificate is based on the calling application’s authentication (license) certificate, unless specified otherwise.

Input

Description

string

The PIN selected by the applicant as the access password to the private part of the certificate.

The value is mandatory for QStore, PKCS11 and a PFX file.

If HStore alias is used, it depends on whether it is used for signing or for sealing.

When signing, it is necessary to specify the PrivateKeyPIN if the PIN is set for confirmation (default). PrivateKeyPIN should be omitted if the 602KEY is set for confirmation (see the AuthMode value in ListCerts2).

When sealing, PrivateKeyPIN does not need to be included, because access to the certificate is based on the calling application’s authentication (license) certificate, unless specified otherwise.

<SignatureType>

[mandatory element]

Input	Description
enum	Electronic signature type. Values: DEFAULT ENVELOPED DETACHED ENCAPSULATE DETACHED_FROM_HASH. For CAdES: The DEFAULT and ENCAPSULATE values have the same meaning – the signed data is attached to the signature. The DETACHED value means the signature is separated in another file. The DETACHED_FROM_HASH value is the same as DETACHED with the only difference that only the hash of signed data is on the input when creating the signature. For XAdES, the values have the following meaning: DEFAULT – the signed data is inserted in the signature structure. ENVELOPED – the signature is inside the signed data. DETACHED – the signature is separated from the data in another file. Default value: DEFAULT.

Input

Description

enum

Electronic signature type. Values:

DEFAULT
ENVELOPED
DETACHED
ENCAPSULATE
DETACHED_FROM_HASH.

For CAdES:

The DEFAULT and ENCAPSULATE values have the same meaning – the signed data is attached to the signature.
The DETACHED value means the signature is separated in another file.
The DETACHED_FROM_HASH value is the same as DETACHED with the only difference that only the hash of signed data is on the input when creating the signature.

For XAdES, the values have the following meaning:

DEFAULT – the signed data is inserted in the signature structure.
ENVELOPED – the signature is inside the signed data.
DETACHED – the signature is separated from the data in another file.

Default value: DEFAULT.

<Params>

[optional element]

Input	Description
String	Optional, contains other parameters to meet project requirements, e.g.: add_timestamp=false – no time stamp is attached to the signature/seal. id_user=string – identifies the user of the signature certificate.

Input

Description

String

Optional, contains other parameters to meet project requirements, e.g.:

add_timestamp=false – no time stamp is attached to the signature/seal.
id_user=string – identifies the user of the signature certificate.

Response structure

HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <SealResponse xmlns="http://software602.com/secusign/">
      <SealResult>int</SealResult>
      <Output>base64Binary</Output>
      <StatusMessage>string</StatusMessage>
    </SealResponse>
  </soap:Body>
</soap:Envelope>

Output parameters of the method

<SealResult>

Return value	Description
Int	Result of the Seal method (document sealing/signing). 0 = OK, otherwise see Return codes of all methods and error described in StatusMessage.

<Output>

Return value	Description
base64Binary	Output data of the signed/sealed document or external signature/seal (in the case of FileType=CMSPKCS7Ext), encoded in Base64.

Return value

Description

base64Binary

Output data of the signed/sealed document or external signature/seal (in the case of FileType=CMSPKCS7Ext), encoded in Base64.

<StatusMessage>

Return value	Description
string	Text statement corresponding to the overall document signing/sealing result. The value is only filled if the result is complicated.

Return value

Description

string

Text statement corresponding to the overall document signing/sealing result. The value is only filled if the result is complicated.