Profile ENTSOG
The ENTSOG AS4 profile is independent from CEF and Peppol.
Underlying specification: https://www.entsog.eu/interoperability-and-data-exchange-nc for the full specification
The ENTSOG profile was kindly contributed by Pavel Rotek
- ID
entsog(since v0.14.0)
ENTSOG v4.0 adopts the same EdDSA/X25519 crypto stack as eDelivery AS4 2.0 and is not backward compatible with v3.6.
- ID
entsog4-eddsa: EdDSA/X25519 primary profile - ID
entsog4-ecdsa: ECDSA/ECDH-ES alternative profile
| Aspect | v3.6 | v4.0 |
|---|---|---|
| Signing | RSA-SHA256 | EdDSA Ed25519 |
| Hash | SHA-256 | SHA-256 |
| Encryption | AES-128-GCM | AES-128-GCM |
| Key Exchange | RSA-OAEP (key transport) | X25519 key agreement + HKDF + AES-128 KeyWrap |
| TLS | TLS 1.2+ | TLS 1.2+ (TLS 1.3 recommended) |
| Compression | GZIP mandatory | GZIP recommended (SHOULD) |
| MEP | One-way/Push only | One-way/Push + Two-way/Push-Push |
| Alternative Crypto | N/A | ECDSA + ECDH-ES (SHOULD support) |
| Aspect | Primary Profile | Alternative EC Profile |
|---|---|---|
| Signing | Ed25519 | ECDSA-SHA256 (secp256r1) |
| Hash | SHA-256 | SHA-256 |
| Encryption | AES-128-GCM | AES-128-GCM |
| Key Agreement | X25519 | ECDH-ES |
| Key Derivation | HKDF (HMAC-SHA256) | HKDF (HMAC-SHA256) |
| Key Wrap | AES-128 KeyWrap | AES-128 KeyWrap |
<dependency>
<groupId>com.helger.phase4</groupId>
<artifactId>phase4-profile-entsog</artifactId>
<version>x.y.z</version>
</dependency>For the client (sending messages):
<dependency>
<groupId>com.helger.phase4</groupId>
<artifactId>phase4-entsog-client</artifactId>
<version>x.y.z</version>
</dependency>// Load keystore with Ed25519 signing key and X25519 encryption key
final IAS4CryptoFactory aCryptoFactory = new AS4CryptoFactoryInMemoryKeyStore (
aKeyStore, "sign-alias", "password".toCharArray (), aTrustStore);
final EAS4UserMessageSendResult eResult =
Phase4ENTSOGSender.builderEdDSA ()
.cryptoFactory (aCryptoFactory)
.fromPartyIDType (ENTSOGPMode.ENTSOG_PARTY_ID_TYPE)
.fromPartyID (sSenderEIC)
.fromRole (CAS4.DEFAULT_INITIATOR_URL)
.toPartyIDType (ENTSOGPMode.ENTSOG_PARTY_ID_TYPE)
.toPartyID (sReceiverEIC)
.toRole (CAS4.DEFAULT_RESPONDER_URL)
.payload (AS4OutgoingAttachment.builder ().data (aPayloadBytes).compressionGZIP ().mimeTypeXML (),
aPayloadParams)
.receiverEndpointDetails (aReceiverEncCert, sEndpointURL)
.sendMessageAndCheckForReceipt ();For the ECDSA alternative profile, use Phase4ENTSOGSender.builderECDSA() instead.
For the legacy v3.6 profile, use Phase4ENTSOGSender.builder().
- v4.0 Final: https://www.entsog.eu/sites/default/files/2025-09/INT2819_25%20AS4%20Usage%20Profile_Version%204.0%20Final.pdf
- v3.6 to v4.0 comparison: https://www.entsog.eu/sites/default/files/2025-08/INT2819_25%20ENTSOG%20AS4%20comparison%20version%203.6%20to%204.0.pdf
- Landing page: https://www.entsog.eu/interoperability-and-data-exchange-nc#as4-documents-for-implementation
