SignServer Digital Server Signatures

Signs any digital document

A server-side, digital signature software, the SignServer:

• signs any digital document and more
• operates on behalf of business applications
• is designed to perform automated signatures (and other cryptographic operations on digital documents)
• uses plug-ins for customer specific applications
• is easily clustered for high availability.

Cryptographic application framework

The SignServer is intended for use in environments where central management of cryptographic keys are desired:

• Where it is impossible to connect the hardware to existing enterprise applications.
• Where desired operations are considered extra sensitive, thus requiring extra hardware protection.
• Where sensitive keys should be centrally managed.

The SignServer provides a simple method for administering centrally managed signatures in different applications.

Ready to use signing plug-ins and built in services

• TimeStamp Authority (RFC 3161 compliant)
• MRTD Signer
• PDF and ODF Signers
• XML and OOXML Signers
• Generic CMS (PKCS#7) Signer
• Validation Service Framework
• Group Key Service Framework

Multiple signing tokens

The private signature key is kept within signing tokens. Multiple types of tokens are supported by the SignServer and can be used simultaneously by different signing applications running on the same server. For instance:

• Soft tokens using PKCS12 files
• PKCS#11 HSM tokens, e.g. the Utimaco CryptoServer, nCipher nShield, AEP KeyPer or SafeNet ProtectServer/Luna
• PrimeCardHSM tokens.

Types of services

Three kinds of services are included in the SignServer:

• Signers - used to sign or otherwise process requested data.
• Validation Services - verifies the validity of certificates against the issuers. This service can be used to simplify the integration of PKIs into existing applications.
• A group key service framework is used to manage and to distribute symmetric/asymmetric group keys for different applications.

In addition to processable services, there also exists another concept called Timed Service - which is plug-ins run at defined intervals, performing maintenance or reporting routines.

Highly available services

Running in production for months and years — virtually without downtime — SignServer was designed for high availability and allows you to:

• easily cluster one or more servers in a load balancing and fail over configuration.
• manage a cluster of SignServers from a management node, in a central location.

Unmatched flexibility - with custom modules

Using the unique plug-in architecture of  SignServer, makes it easier than ever to build customized signers for your specific needs. Plug-ins can be uploaded, installed, configured and put in production - all while the SignServer is running.

Time stamp authority

The Signserver comes with a built-in plug-in for a Time stamp server (TSA). The TSA is RFC 3161 compliant and can be used to generate digitally signed time stamps. Time stamps are normally used together with eSignatures to provide proof of when documents were signed.

PDF signer

The SignServer's PDF signer adds server generated digital document signatures to any received PDF. Thanks to a flexible authorization system you can easily control who is allowed to sign PDF documents. Generated PDF signatures can optinally include time stamps and validation information suitable for long term archival. The PDF signer is ideal for organizationally authenticated documents such as receipts, invoices and regulatory documents. Simple configuration of multiple signers even makes it possible to create server generated personal signatures.

MRTD signer

The Signserver comes with a built-in plug-in for Machine Readable Travel Document signing. MRTD is implemented throughout the world, within electronic passports mandated by ICAO.