diff options
author | Florian Dold <florian.dold@gmail.com> | 2019-09-25 13:46:59 +0200 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2019-09-25 13:46:59 +0200 |
commit | 4d46659141131eb2a32cf7992faa9b4a4541aa1d (patch) | |
tree | 3a28242027bf1d56554a578fa9458129900d6baf /libeufin/ebics.rst | |
parent | 92dbfb9f810b24ff3d7da98446febc6dd7883cea (diff) | |
download | docs-4d46659141131eb2a32cf7992faa9b4a4541aa1d.tar.gz docs-4d46659141131eb2a32cf7992faa9b4a4541aa1d.tar.bz2 docs-4d46659141131eb2a32cf7992faa9b4a4541aa1d.zip |
ebics
Diffstat (limited to 'libeufin/ebics.rst')
-rw-r--r-- | libeufin/ebics.rst | 67 |
1 files changed, 63 insertions, 4 deletions
diff --git a/libeufin/ebics.rst b/libeufin/ebics.rst index e818ac69..a47b109f 100644 --- a/libeufin/ebics.rst +++ b/libeufin/ebics.rst @@ -13,6 +13,15 @@ EBICS Glossary .. glossary:: + A004 + Electronic signature process, used in H004, deprecated in H005 with EBICS 3.0. + + A005 + Electronic signature process. Used in H004 and H005. + + A006 + Electronic signature process. Used in H004 and H005. + BTF *Business Transaction Formats.* Before EBICS 3.0, many different order types were used for business-related messages. With EBICS 3.0, the more generic BTU and BTD @@ -37,6 +46,10 @@ EBICS Glossary Transport signature. Only used to verify authorized submission, but not to verify the bank-technical authorization. + In H004 and H005, the ES of the bank is specified as a "planned feature" that + is not actually implemented yet. Thus banks in practice only use their + encryption key pair and authentication/identity key pair. + EDS Distributed Electronic Signature. Allows multiple subscribers to authorize an existing order. @@ -47,6 +60,9 @@ EBICS Glossary See :term:`Subscriber`. + H004 + Host protocol version 4. Refers to the XML Schema defined in *EBICS 2.5*. + H005 Host protocol version 5. Refers to the XML Schema defined in *EBICS 3.0*. @@ -79,13 +95,18 @@ EBICS Glossary and ``UserId``. A technical subscriber cannot sign a bank-technical request. Technical Subscriber - See :term:`Subscriber`. TLS *Transport Layer Security*. All messages in EBICS are sent over HTTP with TLS. In the current version of the standard, only server certificates are required. + VEU + Distributed Electronic Signature (from German "Verteilte Elektronische Unterschrift"). + + X002 + Identification and authentication signature in H004 and H005. + Order Types =========== @@ -109,17 +130,55 @@ FUL FDL **Before EBICS 3.0, France**. File Download. Mainly used by France-style EBICS. -HPD +HIA + Transmission of the subscriber keys for (1) identification and authentication and (2) + encryption within the framework of subscriber initialisation. + +HPB + Query the three RSA keys of the financial institute. + +HP Host Parameter Data. Used to query the capabilities of the financial institution. -HVE: +INI + Transmission of the subscriber keys for bank-technical electronic signatures. + +The following order types are, for now, not relevant for LibEuFin: + +H3K + Send all three RSA key pairs for initialization at once, accompanied + by a CA certificate for the keys. This is (as far as we know) used in France, + but not used by any German banks. When initializing a subscriber with H3K, + no INI and HIA letters are required. + +HVE Host Verification of Electronic Signature. Used to submit an electronic signature separately from a previously uploaded order. -HVS: +HVD + Retrieve VEU state. + +HVD + Retrieve VEU overview. + +HVS Cancel Previous Order (from German "Storno"). Used to submit an electronic signature separately from a previously uploaded order. + +Key Management +============== + +RSA key pairs are used for three purposes: + +1. Authorization of requests by signing the order data. Called the *bank-technical key pair*. +2. Identification/authentication of the subscriber. Called the *identification and authentication key pair*. +3. Decryption of the symmetric key used to decrypt the bank's response. Called the *encryption key pair*. + +One subscriber *may* use three different key pairs for these purposes. +The identification and authentication key pair may be the same as the encryption key pair. +The bank-technical key pair may not be used for any other purpose.. + MT940 vs MT942 ============== |