Egypt ITIDA CMS Signatures with JSON Canonicalization
When sending signed documents to Egypt ITIDA, the expected format is a CAdES-BES signature (i.e. CMS/PKCS#7) embedded within your document payload—commonly encoded in Base64 and following specific structure rules:
Required Format
- CAdES-BES Signature (PKCS#7, OID 1.2.840.113549.1.7.2)
- Based on CMS, including mandatory signed attributes such as
contentType,messageDigest, andsigningCertificateV2.
- Based on CMS, including mandatory signed attributes such as
- No Data Inline in Signature
- The content is detached and not embedded inside the CMS; only the signature bytes are included.
- JSON Canonicalization (if signing JSON)
- Apply the ITIDA-specified JSON canonical format before hashing/signing. Chilkat automatically applies the canonicalization when the
CanonicalizeITIDAmember is specified inCmsOptions. See the examples below.
- Apply the ITIDA-specified JSON canonical format before hashing/signing. Chilkat automatically applies the canonicalization when the
- Base64 Encoding
- The final signature is base64-encoded and inserted into the document—typically in a JSON/XML element like:
{ "originalDocument": { ... }, "cadesSignature": "<base64-signature-here>" }
- The final signature is base64-encoded and inserted into the document—typically in a JSON/XML element like:
Coding Examples
Egypt ITIDA requires signed documents in a CAdES-BES CMS format, using ITIDA’s JSON canonicalization (for JSON payloads), with only the Base64 encoded signature attached—not the original data itself.