Versions Compared

Old Version 3

changes.mady.by.user Frode Beckmann Nilsen

Saved on

compared with

New Version Current

changes.mady.by.user Frode Beckmann Nilsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

Tip
iconfalse

BankID OpenB2B is a specific packaging of documentation, tools and example code on how to use BankID merchant certificates for B2B signing applications without the need to install or use any software from BankID

Warning
icontitlefalseNote

BankID Open B2B is currently in preview status. Using BankID OpenB2B for production purposes will work, but documentation and example code may change depending on customer feedback. The service currently supports B2B siging. It may be extended to support B2B encryption in the future.

Table of contents

...

...

Introduction

About this document

This document describes This page describes the BankID Open B2B packaging, which is a merchant BankID for use ie. a set of documentation, tools and example code on how to use BankID merchant certificates in business-to-business scenarios. An Open B2B BankID consists of industry compliant X.509 certificates, and can be used without the need for installed BankID software.

Target audience

...

 The target audience of this document is merchant project teams: Technical personnel designing and coding the use of BankID Open B2B. The rest of this document is organized as follows:

Table of Contents
outlinetrue
stylenone

Concepts and abbreviations

Concept/abbreviation 
BankID CABankID Certification Authority: The originator's system for issuing BankIDs.
BankID RABankID Registration Authority: The originator's system for handling the lifecycle of BankIDs.
BankID VABankID Validation Authority: The originator's system for online checking the revocation status of a BankID.
CN

Common Name: A field in the X.509 certificates of an BankID identifying the merchant.

CSRCertificate signing request: A request for a BankID CA to sign a certificate stating that the Common Name of an merchant is coupled to a BankID (i.e. coupled to a specific public/private key pair).
OCSPOnline Certificate Status Protocol.
OriginatorIssuer of an BankID.
Sky-MATMAT = Merchant Activation Tool: Online service for activating an Open B2B BankID.

...

The first step to create a fully functional (active) BankID is to submit an order to the originator's BankID RA. Inputs to the order are the merchants organization name and Common Name for the BankID. The order results in an activation URL and a shared secret, both to be used for activation of the BankID, see next chapter.

PREPROD

SelfA self-service BankID RA in preprod is available at BankID RA PREPROD. Kontaktinfo for å få user/pass?to issue BankID merchant certificates for testing. Note that this tool optionally support immediate activation of the certificate. Activation may also happen as a separate step via the Sky-MAT tool

PROD

Production BankIDs must be ordered from a reseller or from BankID Norge. Link/referanse til hvor det er beskrevet.

Activate

Before the BankID can be used it must be activated. This means acquiring a X.509 certificate with the merchant's CommonName coupled to the merchant's public key, where the corresponding private key is known to the merchant only. This is done by:

...

  • Use two different private/public key pairs for the two CSRs (authentication/signing).
  • Never use the same set of private/public key pairs for CSRs for two different BankIDs.Dette er ikke på plass pr i dag, løses i JiraserverJIRAcolumnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolutionserverIda68c4d92-7e18-3f70-8744-e8518df42e43keyNFOI-732
  • The Common Name in the CSRs MUST be the same as in the BankID order. 

...

  • Authentication: Digital Signature, Key Agreement
  • Signing: Non Repudiation

PREPROD

SelfA web-service based activation tool Sky-MAT for pre-preprod certificates is available at BankID Open B2B Sky-MAT PREPROD.

PROD

SelfA web-service based activation tool Sky-MAT for production certificates is available at BankID Open B2B Sky-MAT PROD.

...

The BankID expires after 4 years. Before this happens the BankID must be renewed.

PREPROD

Self-service renewal is not supported yet.

PROD

Renewal of preprod certificates is currently not supported via the Sky-MAT tool. Please use the legacy Java-based HAT tool for this.

PROD

Renewal of production certificates is currently not supported via the Sky-MAT tool. Please use the legacy Java-based HAT tool for thisProduction BankIDs must be renewed through a reseller or BankID Norge. Link/referanse til hvor det er beskrevet.

Revoke

If a BankID is not to be trusted anymore because it's integrity is broken, it must be revoked.

PREPROD

SelfPlease use the self-service BankID RA is available at BankID RA PREPRODKontaktinfo for å få user/pass?

PROD

in preprod to revoke BankID merchant certificates for testing. 

PROD

Please contact the your Production BankIDs must be revoked through a reseller or BankID Norge to revoke a BankID merchant certificate in productionLink/referanse til hvor det er beskrevet.

Appendix A: Keystores and trust

...

The example code loads the merchant certificate and private key from a Java keystore.

Change log

...