In order to enable users and manufacturers of software to implement OSCI quickly, the Steering Committee of the IT Planning Council Anwendung Governikus offers an OSCI library and a test intermediary to which OSCI messages can be sent.
Download OSCI library
OSCI 1.2 library
OSCI is based on the globally recognized XML and SOAP standards coordinated by the W3C. The recommendations of the W3C for digital signature are concretized in a suitable way to meet the legal requirements. OSCI supports all quality levels from advanced to qualified electronic signatures. In addition, precise specifications are also made for the encryption procedures in order to ensure interoperability and vendor independence at this level as well.
In addition, OSCI defines the necessary data structures for acknowledgement mechanisms with time stamps. Similar to "registered mail with return receipt", it is provable that a message has reached the recipient and when this has happened.
OSCI allows the secure and media-break-free use of administrative applications by "outsiders" who can be authenticated and identified by electronic signatures of various levels, depending on the legal requirements of the business transactions.
The suitability of OSCI for the requirements of e-government as well as the fulfillment of the relevant European security requirements is confirmed by an expert opinion of the BSI. For the relevant DP applications of the federal government, OSCI is recommended by the SAGA 5.0 Technical Specifications module.
In addition, OSCI defines the necessary data structures for acknowledgement mechanisms with time stamps. Similar to "registered mail with return receipt", it is provable that a message has reached the recipient and when this has happened.
OSCI allows the secure and media-break-free use of administrative applications by "outsiders" who can be authenticated and identified by electronic signatures of various levels, depending on the legal requirements of the business transactions.
The suitability of OSCI for the requirements of e-government as well as the fulfillment of the relevant European security requirements is confirmed by an expert opinion of the BSI. For the relevant DP applications of the federal government, OSCI is recommended by the SAGA 5.0 Technical Specifications module.
The OSCI 1.2 protocol specification describes a secure, manufacturer-independent and interoperable data exchange format. In order to facilitate implementation for users in public administration and specialist procedure manufacturers, we are making the OSCI library available for download under the EUPL license in the context of Anwendung Governikus of the IT Planning Council.
The library implements OSCI version 1.2 and is therefore independent of specialist content. It is part of the OSCI infrastructure. The OSCI library is to be implemented in specialist procedures (on the administration side) or client systems (on the customer side).
The purpose of the OSCI library is to pragmatically ensure the functionality and interoperability required for the use of OSCI for the specialized procedures used in public administrations.
The OSCI 1.2 library is published by Governikus in Java and .NET from version 1.9 and can be downloaded from the download area.
The library implements OSCI version 1.2 and is therefore independent of specialist content. It is part of the OSCI infrastructure. The OSCI library is to be implemented in specialist procedures (on the administration side) or client systems (on the customer side).
The purpose of the OSCI library is to pragmatically ensure the functionality and interoperability required for the use of OSCI for the specialized procedures used in public administrations.
The OSCI 1.2 library is published by Governikus in Java and .NET from version 1.9 and can be downloaded from the download area.
The central task of the OSCI transport library is the composition of valid OSCI transport messages for sending, as well as the decomposition of OSCI transport messages when they are received and the checking of their syntactical correctness. Furthermore, all cryptographic functions for signature generation and verification as well as encryption and decryption are managed by functions of the library, whereas the actual processing of cryptographic tasks including the accesses to crypto tokens have to be provided by corresponding third party implementations.
In this sense, the OSCI transport library provides all objects required for the complete construction of an OSCI transport message, such as the actual content data, the signature and encryption certificates of all communication participants and their physical addresses in the form of corresponding classes or their attributes.
The creation and further processing of content data is not the task of the OSCI transport library, but must be performed by the client systems and specialist applications. The classes and methods of the library merely ensure that they are embedded in the message objects in a schema-compliant manner.
Another essential task of the OSCI transport library is to control and monitor the communication process. For this purpose, the library provides classes and methods that can be used to check and document the plausibility of a communication.
Methods for the technical sending and receiving of OSCI transport messages (e.g. based on the HTTP protocol), the provision of cryptographic functions for signing and encrypting messages, and the visualization of signed message components are not part of the OSCI transport library. These functionalities have to be realized by separate modules and integrated by interfaces of the OSCI transport library. This allows the use of different modules for the respective task area.
The design of the OSCI transport library has tried to achieve the greatest possible comfort for the user without limiting him in his possibilities.
A complete description of the functions can be found in the function description of the OSCI library, as well as in the documentation for the JAVA implementation and the .net implementation in the download area.
In OSCI 1.2 Corrigenda 7, an initialization vector (IV) with a length of 96 bits is specified for the use of GC mode (GCM) for AES encryption; this specification is based on the W3C Recommendation "XML Encryption Syntax and Processing Version 1.1" (https://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/#sec-AES-GCM).
As of OSCI library version 2.0.1, 96 bits is set as the default value for the length of the IV. As of version 3.23.0.0 (Fall 2019), the OSCI Manager supports IV lengths of 96 bits and 128 bits; in order responses, the OSCI Manager uses the IV length of the requesting OSCI client in each case. (In OSCI Manager, as of version 3.23.0.11, encryption to passive OSCI recipients with IV length of 96 bits is also supported).
Please note: During the communication between a client with OSCI library and an OSCI manager (intermediary), error or warning messages may appear in the respective logs, depending on the version levels used and, if applicable, the adjusted default values.
Furthermore, it is possible that the communication is aborted. This happens if an IV length is used that is not implemented at one of the two communication partners due to old version levels.
In this sense, the OSCI transport library provides all objects required for the complete construction of an OSCI transport message, such as the actual content data, the signature and encryption certificates of all communication participants and their physical addresses in the form of corresponding classes or their attributes.
The creation and further processing of content data is not the task of the OSCI transport library, but must be performed by the client systems and specialist applications. The classes and methods of the library merely ensure that they are embedded in the message objects in a schema-compliant manner.
Another essential task of the OSCI transport library is to control and monitor the communication process. For this purpose, the library provides classes and methods that can be used to check and document the plausibility of a communication.
Methods for the technical sending and receiving of OSCI transport messages (e.g. based on the HTTP protocol), the provision of cryptographic functions for signing and encrypting messages, and the visualization of signed message components are not part of the OSCI transport library. These functionalities have to be realized by separate modules and integrated by interfaces of the OSCI transport library. This allows the use of different modules for the respective task area.
The design of the OSCI transport library has tried to achieve the greatest possible comfort for the user without limiting him in his possibilities.
A complete description of the functions can be found in the function description of the OSCI library, as well as in the documentation for the JAVA implementation and the .net implementation in the download area.
In OSCI 1.2 Corrigenda 7, an initialization vector (IV) with a length of 96 bits is specified for the use of GC mode (GCM) for AES encryption; this specification is based on the W3C Recommendation "XML Encryption Syntax and Processing Version 1.1" (https://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/#sec-AES-GCM).
As of OSCI library version 2.0.1, 96 bits is set as the default value for the length of the IV. As of version 3.23.0.0 (Fall 2019), the OSCI Manager supports IV lengths of 96 bits and 128 bits; in order responses, the OSCI Manager uses the IV length of the requesting OSCI client in each case. (In OSCI Manager, as of version 3.23.0.11, encryption to passive OSCI recipients with IV length of 96 bits is also supported).
Please note: During the communication between a client with OSCI library and an OSCI manager (intermediary), error or warning messages may appear in the respective logs, depending on the version levels used and, if applicable, the adjusted default values.
Furthermore, it is possible that the communication is aborted. This happens if an IV length is used that is not implemented at one of the two communication partners due to old version levels.
To enable you to test your implementation of the library, we provide a test intermediary to which you can send OSCI messages. This is available at http://gov.test.osci.de/osci-manager-entry/externalentry.
Important notes for the use of the test intermediary
The test intermediary can be used to address a passive OSCI recipient. This receiver acknowledges the receipt of incoming messages or sends back an empty message (request-response scenario, source code see sample "PassiveRecipient.java").
The test intermediary is exclusively designed for functional tests. Especially load tests with e.g. many (large) messages per minute are not allowed. The functional addition of OSCI for efficient transmission of large amounts of data is enabled with the following parameters:
Maximum message size: 500 MB
Minimum packet size: 1 MB
Maximum packet size: 50 MB
Retention time for received packets of a message: 4 days
Retention time for uncollected packets of a message: 3 days
Deletion period: 30 calendar days
A certificate must be used for the intermediary, which can be downloaded from the download area together with other replacement certificates (for the previous, expired test certificates).
No guarantee is given for availability. In particular, the intermediary can be restarted at any time without warning, which may result in the loss of stored messages and routing slips.
The function of the intermediary is only tested with the currently available version of the OSCI library.
Log outputs of the intermediary mainly contain information about incoming requests as well as stack trace outputs in case of errors. The content of this file can also be deleted without prior notice. Intermediary log output can be provided upon request. To do so, please contact helpline@governikus.de. The contents of this file are deleted regularly and automatically.
Important notes for the use of the test intermediary
The test intermediary can be used to address a passive OSCI recipient. This receiver acknowledges the receipt of incoming messages or sends back an empty message (request-response scenario, source code see sample "PassiveRecipient.java").
The test intermediary is exclusively designed for functional tests. Especially load tests with e.g. many (large) messages per minute are not allowed. The functional addition of OSCI for efficient transmission of large amounts of data is enabled with the following parameters:
Maximum message size: 500 MB
Minimum packet size: 1 MB
Maximum packet size: 50 MB
Retention time for received packets of a message: 4 days
Retention time for uncollected packets of a message: 3 days
Deletion period: 30 calendar days
A certificate must be used for the intermediary, which can be downloaded from the download area together with other replacement certificates (for the previous, expired test certificates).
No guarantee is given for availability. In particular, the intermediary can be restarted at any time without warning, which may result in the loss of stored messages and routing slips.
The function of the intermediary is only tested with the currently available version of the OSCI library.
Log outputs of the intermediary mainly contain information about incoming requests as well as stack trace outputs in case of errors. The content of this file can also be deleted without prior notice. Intermediary log output can be provided upon request. To do so, please contact helpline@governikus.de. The contents of this file are deleted regularly and automatically.
If the integration of the work takes place in unchanged form, there is no processing in the sense of the EUPL or German copyright law. In particular, the manner of linking the Work within another software does not lead to the creation of a derivative work. The unchanged adoption of the work into another software does not lead to the fact that this software is to be licensed under the conditions of the EUPL.
For the passing on of the work itself, in unchanged or edited form, as source code or executable program, the license conditions of the EUPL apply in an unchanged manner.
For the passing on of the work itself, in unchanged or edited form, as source code or executable program, the license conditions of the EUPL apply in an unchanged manner.
The OSCI specification is published by the Coordination Office for IT Standards (KoSIT). The specification documents can be found on the KoSIT pages at https://www.xoev.de/downloads-2316#Standards.
The task of the OSCI library is to provide application programs and specialized procedures with a software component that enables them to use the OSCI transport protocol to generate and receive messages according to the OSCI specification. The OSCI Transport library is intended to make it as easy as possible to integrate OSCI Transport 1.2 into existing systems.
In conjunction with the external modules described in more detail in the functional description, it comprises all functionalities required for users in the sense of the specification, i.e. creation, transmission, reception, storage, encryption and decryption as well as mathematical signature verification of all message types.
With regard to the integration of specialized procedures, the interface of the OSCI transport library provides access to a complete OSCI transport infrastructure and is thus the only point at which adaptation to the different specialized procedures must take place.
In conjunction with the external modules described in more detail in the functional description, it comprises all functionalities required for users in the sense of the specification, i.e. creation, transmission, reception, storage, encryption and decryption as well as mathematical signature verification of all message types.
With regard to the integration of specialized procedures, the interface of the OSCI transport library provides access to a complete OSCI transport infrastructure and is thus the only point at which adaptation to the different specialized procedures must take place.
Governikus customers and partners who already have portal access can download the OSCI library.
If you do not have access to the Governikus portal, please use the download option provided on this page. In order to be able to inform you about security-relevant messages, we ask for your understanding that we can only make the download available after you have provided a valid e-mail address and a declaration of consent for data storage.
If you do not have access to the Governikus portal, please use the download option provided on this page. In order to be able to inform you about security-relevant messages, we ask for your understanding that we can only make the download available after you have provided a valid e-mail address and a declaration of consent for data storage.
to the current version:
There are currently no security advisories available.
There are currently no security advisories available.
The OSCI 1.2 protocol specification describes a secure, manufacturer-independent and interoperable data exchange format. In order to facilitate the implementation for users in the public administration and the manufacturers of specialist procedures, we are making the OSCI library available for download under the EUPL license in the context of Anwendung Governikus of the IT Planning Council. If the OSCI library is integrated in unmodified form, this does not constitute an adaptation within the meaning of the EUPL or German copyright law. In particular, the way in which the OSCI library is linked within an implementation does not lead to the creation of a derived work. The unmodified incorporation of the OSCI library into a specialist procedure and/or client software does not mean that this specialist procedure and/or client software must be licensed under the terms of the EUPL. For the distribution of the OSCI library itself, in unmodified or modified form, as source code or executable program, the license conditions of the EUPL apply in the same way.