3KeyeIDASPKISigning

eIDAS SignServer: Front end and application support

In the previous articles, we have discussed the principles of the eIDAS compliant remote signing and how can eIDAS package for the SignServer help you achieve it. We have provided examples on how to configure Signers and start consuming remote electronic signatures.

When it comes to users who would like to use such service and start remotely signing documents or data, an important question comes to mind. How to present a user interface and how to integrate it with the signing solution. We need to move to a higher layer (see eIDAS SignServer: Typical setup and basic terms to get more information about the logical architecture of the remote signing solution)

Presentation and Signing Logic

The presentation and user interface is usually in tight relationship with the signing logic that defines the signing workflow, enforce rules and approvals and completes the document or data, including preservation in time.

The eIDAS package and the SignServer is implemented to be independent of the type of presentation or signing logic layers. Some examples are:

  • Desktop application running locally on the end user’s system providing signing capabilities through the eIDAS package and the SignServer
  • Web application with the GUI running in the end user’s browser and communicating with the signing logic backend to provide the workflows and manage cryptographic keys and certificates
  • Mobile application providing the similar signing capabilities as web applications
  • Cryptographic and signing providers, such as Microsoft Windows KSP (Key Storage Provider) or macOS KeyChain Access, providing consistent interface for applications to execute the signing process on to of the formatted data
  • Specialized form of the above tailored for specific use cases, such as code signing applications or IoT signing withing the device firmware

In this article we’re going to show you two solutions which we provide:

  • 3Key Windows Remote Singing KSP – interface for Windows application executing remote signing on the SignServer, with private key stored and managed securely in a remote HSM
  • SIGNIUS signature portal – Signing portal integrated with the SignServer, providing capabilities of document management, signing workflows, identity verification, and many more

3Key Windows Remote Signing KSP

3Key KSP utilizes the Microsoft CNG interface to integrate with the remote signing solution of the SignServer. It provides an abstraction layer to access the remotely managed private key and signing certificate. When installed on a target system, it runs in a background and you can start to sign any documents and data through application running on Windows.

Signing PDF files in Adobe Reader

Adobe Acrobat let’s you use your identities provisioned in the cryptographic storage and accessible through the KSP. When you have a 3Key KSP installed and configured to work with the SignServer, you start signing PDF documents:

Signing Microsoft Office files

In a very similar way, you can start signing Microsoft Office files, such as Word document, Excel sheets, or PowerPoint presentations. The 3Key KSP will handle the signing process with the remote SignServer.

SIGNIUS signature portal

SIGNIUS Professional is a remote, safe and extremely convenient to use electronic signature service that enables you to sign documents even in a minute from anywhere, without additional devices such as card readers or cards.

The unique value of the SIGNIUS electronic signature is the remote identity verification of each new user – compliant with eIDAS, KYC and AML and equivalent to personal identification. It allows in 100% to confirm the authenticity of the signatory and its document guaranteeing full security. Only in this way, using an electronic signature, you can be sure who actually signs the document.

See the official SIGNIUS pages for more details.

Signing PDF documents with SIGNIUS

The signing process with the SIGNIUS and eiDAS package for the SignServer is very simple.

Documents to be signed are managed from a web application. You can create your own folder representing the use case and setup the identities of users who should sign the document. When you execute the process, the SIGNIUS will handle the communication with parties and notifies you about the progress. Once the documents are signed, you can download them from the SIGNIUS portal, where they are archived.

Need help?

Do not hesitate to get in touch with us!

Get in touch with us!

security | data intelligence | consulting

Contact us!