Imprecise documentation about certificates
Closed this issue · 1 comments
While implementing MID signing in Python, I encountered an issue that a signature I was getting from the signature endpoint could not be verified using the certificate returned by the authentication endpoint.
Please make the docs more clear about the fact that to verify the signature you need the certificate endpoint.
3.1. Certificate request
This method is necessary for *AdES-styled digital signatures which require knowledge of the certificate before creating the signature. For other types of digital signatures knowledge of the certificate is not needed.
This is misleading because you do need this certificate to verify the signature. I suggest replacing this phrase by:
This method is necessary for successful verification of the signature obtained by the
signatureendpoint, and for embedding the certificate into *AdES-styled digital signatures which require knowledge of the certificate before creating the signature.
3.3.5. Response structure
| cert | Authentication certificate used. DER + Base64 encoded. Signing process doesn't return this value (need to pull separately). ...
I suggest formulating this clause as follows:
Certificate used to create the authentication signature. DER + Base64 encoded. Signing process doesn't return a certificate, to obtain the certificate used to create the signature make a separate request as per 3.1. The authentication certificate can not be used to verify the signature returned by the signing process.
Hi @ykshatroff!
Thanks for feedback. I took it into account and adjusted documentation accordingly (#20)