LogoLogo
v3.7.x
v3.7.x
  • Introduction
  • Concept
  • Prerequisites
  • Trust1Connector JS SDK
  • Changelog
  • Core
    • Setting up the SDK
    • Initialize Trust1Connector
    • Readers
    • Core Service
    • Downloading latest Trust1Connector
    • Consent
    • Authenticated client
    • Module/container setup
    • Status codes / error handeling
    • Quick-Migration Guide (v2 -> v3)
  • Token
    • Token typing models
    • Generic token
    • Belgian eID
    • Aventra MyEID PKI
    • Idemia Cosmo One v8.2
    • Oberthur Cosmo One v7.3
    • Diplad (BeLawyer)
    • Chambersign*
    • Camerfirma*
    • Certigna*
    • Certinomis*
    • Jcop3*
    • Airbus
    • Eherkenning
    • Safenet*
    • Luxembourg ID
    • LuxTrust
    • Other PKCS11 Compatible Tokens*
  • Payment
    • Payment typing models
    • EMV*
    • Crelan
  • FIle
    • File exchange
  • HSM
    • Remote loading
  • Other
    • Print
    • Wacom*
  • Miscellaneous
    • Prerequisites New Token/Smart Card
    • Prerequisites Support
    • Troubleshooting
      • Changing Device date/time
      • Enable Debug Logging
      • Connector Connection Issues
      • Mac OSX Sonoma
    • Installation FAQ
    • Removal of Trust1Connector
Powered by GitBook
On this page
  • Introduction
  • Interface
  • Module
  • Models
  • Examples
  • Initializing Diplad Module
  • All Data
  • Biometric Data
  • Picture
  • All Certificates
  • Root Certificate
  • Authentication Certificate
  • Non-Repudiation Certificate
  • Verify PIN
  • Sign
  • Authenticate
  • Get Supported Algorithms
  • Bulk PIN Reset

Was this helpful?

Export as PDF
  1. Token

Diplad (BeLawyer)

PreviousOberthur Cosmo One v7.3NextChambersign*

Last updated 2 years ago

Was this helpful?

Sample code uses ES6 language features such as arrow functions and promises. For compatibility with IE11, code written with these features must be either transpiled using tools like Babel or refactored accordingly using callbacks.

Introduction

Each lawyer in Belgium registered at the balie is obliged since 1/1/2018 to have an electronic lawyer card. This is declared in atr. 193bis of the :

“De advocaat moet voor zijn identificatie en voor de authenticatie beschikken over de elektronische CCBE-advocatenkaart.”

More info at .

Interface

Module

export interface AbstractEidDiplad {
   allData(filters: string[] | Options, callback?: (error: T1CLibException, data: TokenAllDataResponse) => void): Promise<TokenAllDataResponse>;
  allCerts(parseCerts?: boolean, filters?: string[] | Options, callback?: (error: T1CLibException, data: TokenAllCertsResponse) => void): Promise<TokenAllCertsResponse>;
  biometric(callback?: (error: T1CLibException, data: TokenBiometricDataResponse) => void): Promise<TokenBiometricDataResponse>;
  tokenData(callback?: (error: T1CLibException, data: TokenInfoResponse) => void): Promise<TokenInfoResponse>;
  address(callback?: (error: T1CLibException, data: TokenAddressResponse) => void): Promise<TokenAddressResponse>;
  picture(callback?: (error: T1CLibException, data: TokenPictureResponse) => void): Promise<TokenPictureResponse>;
  rootCertificate(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateResponse) => void): Promise<TokenCertificateResponse>;
  intermediateCertificates(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateResponse) => void): Promise<TokenCertificateResponse>;
  authenticationCertificate(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateResponse) => void): Promise<TokenCertificateResponse>;
  nonRepudiationCertificate(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateResponse) => void): Promise<TokenCertificateResponse>;
  encryptionCertificate(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateResponse) => void): Promise<TokenCertificateResponse>;

  allCertsExtended(parseCerts?: boolean, filters?: string[] | Options, callback?: (error: T1CLibException, data: TokenAllCertsExtendedResponse) => void): Promise<TokenAllCertsExtendedResponse>;
  rootCertificateExtended(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateExtendedResponse) => void): Promise<TokenCertificateExtendedResponse>;
  intermediateCertificatesExtended(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateExtendedResponse) => void): Promise<TokenCertificateExtendedResponse>;
  authenticationCertificateExtended(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateExtendedResponse) => void): Promise<TokenCertificateExtendedResponse>;
  nonRepudiationCertificateExtended(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateExtendedResponse) => void): Promise<TokenCertificateExtendedResponse>;
  encryptionCertificateExtended(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateExtendedResponse) => void): Promise<TokenCertificateExtendedResponse>;

  verifyPin(body: TokenVerifyPinData, callback?: (error: T1CLibException, data: TokenVerifyPinResponse) => void): Promise<TokenVerifyPinResponse>;
  authenticate(body: TokenAuthenticateOrSignData, callback?: (error: T1CLibException, data: TokenAuthenticateResponse) => void): Promise<TokenAuthenticateResponse>;
  sign(body: TokenAuthenticateOrSignData, bulk?: boolean, callback?: (error: T1CLibException, data: TokenSignResponse) => void): Promise<TokenSignResponse>;
  allAlgoRefs(callback?: (error: T1CLibException, data: TokenAlgorithmReferencesResponse) => void): Promise<TokenAlgorithmReferencesResponse>
  resetBulkPin(callback?: (error: T1CLibException, data: BoolDataResponse) => void): Promise<BoolDataResponse>;
}

Models

Examples

Initializing Diplad Module

T1cSdk.initialize(config).then(res => {
    const diplad = res.client.createEidDiplad(readerId);
}, err => {
    console.error(error)
});

All Data

diplad.allData().then(res => {
}, err => {
   console.log(err);
}

Response will look like:

{
  "data": {
    "biometric": {
      "cardNumber": "cardNumber",
      "cardValidityDateEnd": "2021-01-08",
      "chipNumber": "c57c0a3f-d034-46c9-831e-a208b2e44fb6",
      "firstNames": "Tom",
      "name": "Van Cammen",
      "nationality": "BE",
      "rawData": "BASE64_ENCODED_CARD_DATA",
      "version": "1",
      "issuer": ""
    },
    "picture": {
      "picture": "BASE64_ENCODED_BYTE_ARRAY"
    }
  },
  "success": true
}

Biometric Data

diplad.biometric().then(res => {
}, err => {
   console.log(err);
}

Response will look like:

{
  "data": {
    "cardNumber": "cardNumber",
    "cardValidityDateEnd": "2021-01-08",
    "chipNumber": "c57c0a3f-d034-46c9-831e-a208b2e44fb6",
    "firstNames": "Tom",
    "name": "Van Cammen",
    "nationality": "BE",
    "rawData": "BASE64_ENCODED_CARD_DATA",
    "version": "1",
    "issuer": ""
  },
  "success": true
}

Picture

diplad.picture().then(res => {
}, err => {
   console.log(err);
}

Response will look like:

{
  "data": {
    "picture": "BASE64_ENCODED_BYTE_ARRAY"
  },
  "success": true
}

All Certificates

When additional parsing of the certificate is needed you can add a boolean to indicate if you want to parse the certificate or not.

const filter = ['rootCertificate', 'authenticationCertificate', 'nonRepudiationCertificate'];
diplad.allCerts(parseCertsBoolean, filter).then(res => {
}, err => {
   console.log(err);
}

The filter is optional

Response will look like:

{
    success: true,
    data: {
       authenticationCertificate?: {
             certificate?: string,
             certificates?: Array<string>,
             certificateType?: string,
             id?: string,
             parsedCertificate?: Certificate,
             parsedCertificates?: Array<Certificate>
       },
       
       nonRepudiationCertificate?: {
             certificate?: string,
             certificates?: Array<string>,
             certificateType?: string,
             id?: string,
             parsedCertificate?: Certificate,
             parsedCertificates?: Array<Certificate>
       },
       rootCertificate?: {
             certificate?: string,
             certificates?: Array<string>,
             certificateType?: string,
             id?: string,
             parsedCertificate?: Certificate,
             parsedCertificates?: Array<Certificate>
       },
    }
}

Root Certificate

When additional parsing of the certificate is needed you can add a boolean to indicate if you want to parse the certificate or not.

diplad.rootCertificate(parseCertsBoolean).then(res => {
}, err => {
   console.log(err);
}

Response will look like:

{
    success: true,
    data: {
        certificate?: string,
        certificates?: Array<string>,
        certificateType?: string,
        id?: string,
        parsedCertificate?: Certificate,
        parsedCertificates?: Array<Certificate>
    }    
}

Authentication Certificate

When additional parsing of the certificate is needed you can add a boolean to indicate if you want to parse the certificate or not.

diplad.authenticationCertificate(parseCertsBoolean).then(res => {
}, err => {
   console.log(err);
}

Response will look like:

{
    success: true,
    data: {
        certificate?: string,
        certificates?: Array<string>,
        certificateType?: string,
        id?: string,
        parsedCertificate?: Certificate,
        parsedCertificates?: Array<Certificate>
    }    
}

Non-Repudiation Certificate

When additional parsing of the certificate is needed you can add a boolean to indicate if you want to parse the certificate or not.

diplad.nonRepudiationCertificate(parseCertsBoolean).then(res => {
}, err => {
   console.log(err);
}

Response will look like:

{
    success: true,
    data: {
        certificate?: string,
        certificates?: Array<string>,
        certificateType?: string,
        id?: string,
        parsedCertificate?: Certificate,
        parsedCertificates?: Array<Certificate>
    }    
}

Verify PIN

  • If the card reader has a PIN pad, the PIN must always be entered via the card-reader PIN pad.

  • If the card reader has no PIN pad:

    • If the osDialog property is set to true, a OS dialog window will be displayed for the user the enter their PIN

    • If the pin property is defined, that value is used

    • If osDialog is set to false, and pin is undefined, an error will be returned

const data = {
    pin: "1234", // optional
    osDialog: true // optional
}
diplad.verifyPin(data).then(res => {
}, err => {
    console.error(err)
})

Response will look like:

{
    "success": true,
    "data": {
      "verified": true
    }    
}

Sign

When using bulk signing, great care must be taken to validate that the first signature request was successful prior to sending subsequent requests. Failing to do this will likely result in the card being blocked.

const data = {
    algorithm: "sha256",
    data: "E1uHACbPvhLew0gGmBH83lvtKIAKxU2/RezfBOsT6Vs=",
    pin: "1234"
}
const bulk = false;
diplad.sign(data, bulk).then(res => {
}, err => {
    console.error(err)
})

Response will look like:

{
    "success": true,
    "data": {
      "data": "..."
    }    
}

Authenticate

To sign data, an algorithm must be specified in the algorithm property (see Supported Algorithms), and a Base64-encoded string representation of the digest bytes of the same algorithm in the data property.

const data = {
    algorithm: "sha256",
    data: "E1uHACbPvhLew0gGmBH83lvtKIAKxU2/RezfBOsT6Vs=",
    pin: "1234"
}
diplad.authenticate(data).then(res => {
}, err => {
    console.error(err)
})

Response will look like:

{
    "success": true,
    "data": {
      "data": "..."
    }    
}

Get Supported Algorithms

diplad.allAlgoRefs().then(res => {
}, err => {
    console.error(err)
})

Response will look like:

{
    "success": true,
    "data": {
      "ref": ["sha1", "sha256", "sha512"]
    }    
}

Bulk PIN Reset

The PIN set for bulk signing can be reset by calling this method.

diplad.resetBulkPin().then(res => {
}, err => {
    console.error(err)
})

Response will look like:

{
    "success": true,
    "data": true
}

All model information can be found in the

To sign data, an algorithm must be specified in the algorithm property (see ), and a Base64-encoded string representation of the digest bytes of the same algorithm in the data property.

Additionally, it is possible to bulk sign data without having to re-enter the PIN by adding an optional bulk parameter set to true to the request. Subsequent sign requests will not require the PIN to be re-entered until a request with bulk being set to false is sent, or the method is called.

The PIN can provided/entered in the same way as

The PIN can provided/entered in the same way as

Codex Deontologie voor Advocaten
https://www.diplad.be/en-GB/t/23/elektronische-advocatenkaart.aspx
Supported Algorithms
Bulk PIN Reset
Verify PIN
Verify PIN
Token typings model page