SignServer

On behalf of business applications

SignServer is a server-side framework that operates on behalf of business applications. It is designed to perform automated signatures and other cryptographic operations on digital documents. The server uses plug-ins for customer specific applications and can also be clustered for high availability.

Cryptographic application framework

SignServer is intended for use in environments where key protection in hardware is complex:

  • Where it is impossible to connect the hardware to existing enterprise applications.
  • Where desired operations are considered extra sensitive, thus requiring extra hardware protection.

SignServer can also be used to provide a simple method for administering centrally managed signatures in different applications.

 

Picture: SignServer Architecture

 

 

Ready to use signing plug-ins and built in services

  • TimeStamp Authority (RFC 3161 compliant)
  • PDF Signer
  • MRTD Signer
  • XML Signer
  • Validation Service Framework
  • Group Key Service Framework
  • Mail Signer
  • Timed Services.

Multiple signing tokens

The private signature key is kept within signing tokens. Multiple types of tokens are supported by SignServer and can be used simultaneously by different signing applications running on the same server. For instance:

  • soft tokens using PKCS12 files
  • PKCS#11 HSM tokens, e.g. the Utimaco CryptoServer, nCipher nShield, AEP KeyPer or SafeNet ProtectServer/Luna
  • PrimeCardHSM tokens.

Types of services

Three kinds of processable services are included in SignServer 3.0:

  • Signers - used to sign or otherwise process requested data.
  • Validation Services - verifies the validity of certificates against the issuers. This service can be used to simplify the integration of PKIs into existing applications.
  • A group key service framework is used to manage and to distribute symmetric/asymmetric group keys for different applications.

In addition to processable services, there also exists another concept called Timed Service - which is plug-ins run at defined intervals, performing maintenance or reporting routines.

Highly available services

SignServer has been running in production for months and years virtually without downtime and was designed with high availability in mind.

SignServer offers you:

  • to easily cluster one or more servers in a load balancing and fail over configuration.
  • to manage a cluster of SignServers from a management node, in a central location.

Unmatched flexibility

Using the unique plug-in architecture of  SignServer, makes it easier than ever to build customized signers for your specific needs. Plug-ins can be uploaded, installed, configured and put in production - all while SignServer is running.

Time stamp authority

Signserver comes with a built-in plug-in for a Time stamp server (TSA). The TSA is RFC 3161 compliant and can be used to generate digitally signed time stamps. Time stamps are normally used together with eSignatures to provide proof of when documents were signed.

MRTD signer

Signserver comes with a built-in plug-in for Machine Readable Travel Documents (MRTD) signing. The MRTD signing is implemented throughout the world - within the electronic passports, mandated by ICAO.