Interoperability

The following provides an overview of the SignServer capabilities and support, with relevant links to documentation and external standards.

SignServer supports multiple application servers and standard, high-performance databases. For more information on SignServer requirements, see Installation Prerequisites in the SignServer Software Stack documentation.

Algorithms

SignServer supports* the following algorithm types and key size/curves.

Algorithm	Key Size/curve
RSA	Keys up to and including 8192 bits.
ECDSA	ECDSA key algorithm with named curves.
EdDSA	Pure EdDSA with Edwards25519 or Edwards448
Hash algorithms	Hash algorithms for signatures, SHA-1, SHA-2.
NSA SUITE B	Compliant with NSA SUITE B algorithms and certificates.
ML-DSA	ML-DSA-44 ML-DSA-65 ML-DSA-87
SLH-DSA	SLH-DSA-SHA2-128F SLH-DSA-SHA2-128S SLH-DSA-SHA2-192F SLH-DSA-SHA2-192S SLH-DSA-SHA2-256F SLH-DSA-SHA2-256S SLH-DSA-SHAKE-128F SLH-DSA-SHAKE-128S SLH-DSA-SHAKE-192F SLH-DSA-SHAKE-192S SLH-DSA-SHAKE-256F SLH-DSA-SHAKE-256S

*See individual workers and crypto tokens for information about what they support. For more information, see Signers Algorithm Support.

Post-Quantum Cryptography (PQC) Algorithm Support

What is post-quantum cryptography?

Post-quantum or quantum-safe cryptography is cryptography that is resistant to the theoretical threat that a cryptographically relevant quantum computer could port. While such a quantum computer does not yet exist, governments and standardization organizations are working towards a migration from classic asymmetric cryptography to new quantum-safe cryptography algorithms. The largest actor in this process is the National Institute of Standards and Technology (NIST).

NIST has announced the standardization of three post-quantum cryptography (PQC) algorithms, FIPS 203 for ML-KEM (derived from CRYSTALS-KYBER), FIPS 204 for ML-DSA (derived from CRYSTALS-Dilithium), and FIPS 205 for SLH-DSA (derived from SPHINCS+).

A fourth digital signature standard FN-DSA (derived from FALCON) will follow. In addition, there are two stateful hash-based signature (SHBS) algorithms standardized in NIST SP800-208 and IETF.

SignServer supports the following PQC algorithms:

Algorithm	Key Size/Curve	HSM Support
ML-DSA	ML-DSA-44 ML-DSA-65 ML-DSA-87	Entrust nShield Connect/5c Fortanix Data Security Manager (DSM) Thales Luna 7 Utimaco u.trust Anchor
SLH-DSA	SLH-DSA-SHA2-128F SLH-DSA-SHA2-128S SLH-DSA-SHA2-192F SLH-DSA-SHA2-192S SLH-DSA-SHA2-256F SLH-DSA-SHA2-256S SLH-DSA-SHAKE-128F SLH-DSA-SHAKE-128S SLH-DSA-SHAKE-192F SLH-DSA-SHAKE-192S SLH-DSA-SHAKE-256F SLH-DSA-SHAKE-256S	Fortanix Data Security Manager (DSM)

Composite Algorithms

The combination of a classic and a quantum-safe algorithm creates a composite key.

What are composite certificates?

Composite certificates are advanced digital certificates (X.509) that combine multiple cryptographic keys and signatures, typically a traditional algorithm (like RSA) and a quantum-safe cryptographic algorithm, into a single, secure entity. This dual-algorithm design enables defense in depth during the transition to quantum-safe cryptography, ensuring security remains intact even if one algorithm is compromised.

See SignServer Composite Certificates.

Quantum-safe Algorithm	RSASSA-PSS^*	ECDSA^*	EdDSA^*
ML-DSA-44	2048^**	P-256	Ed25519
ML-DSA-65	3082^, 4096^	P-256, P-384, brainpool P-256 r1	Ed25519
ML-DSA-87	3072^, 4096^	P-384, P-521, brainpool P-384 r1	Ed448 (SHAKE 256)

^{* Only one of the classical algorithm can be mixed with the quantum-safe algorithm per composite}
^**^{Only RSASSA-PSS is supported and not RSASSA-PKCS1_v1.5.}

Complete List of Composite Algorithm Support

The P11NG Crypto Worker and Keystore Crypto Worker support composite keys:

Signature Algorithm	P11NG	Keystore Crypto Token
MLDSA44-RSA2048-PSS-SHA256
MLDSA44-ECDSA-P256-SHA256
MLDSA44-Ed25519-SHA512
MLDSA65-RSA3072-PSS-SHA512
MLDSA65-RSA4096-PSS-SHA512
MLDSA65-ECDSA-P256-SHA512
MLDSA65-ECDSA-P384-SHA512
MLDSA65-ECDSA-brainpoolP256r1-SHA512
MLDSA65-Ed25519-SHA512
MLDSA87-RSA3072-PSS-SHA512
MLDSA87-RSA4096-PSS-SHA512
MLDSA87-ECDSA-P384-SHA512
MLDSA87-ECDSA-P521-SHA512
MLDSA87-ECDSA-brainpoolP384r1-SHA512
MLDSA87-Ed448-SHAKE256

Signature Formats

Document Signing

SignServer can easily be adapted to customer-specific needs by using plug-ins and supports document signing formats such as the ones listed below.

Format	Documentation
PDF (ISO 32000) PDF document processing, including support for: Visible signatures. Different certification levels. Requesting and embedding timestamp responses. Requesting and embedding CRLs. Requesting and embedding OCSP responses. PDF permissions.	PDF Signer
PAdES (-B, -T, -LT, -LTA) (PDF Advanced Electronic Signatures)	ENTERPRISE AdES Signer
XAdES (–B, -T, -LT, -LTA) (XML Advanced Electronic Signatures)	ENTERPRISE AdES Signer
CAdES (–B, -T, -LT, -LTA) (CMS Advanced Electronic Signatures)	ENTERPRISE AdES Signer
XAdES (XAdES-BES and XAdES-T)	XAdES Signer
XML (XMLdSig)	XML Signer
CMS/PKCS#7 Generic CMS (PKCS#7) signer signs any document or file with support for encapsulated content or detached signatures and client-side hashing.	CMS Signer
CMS signing with support for time-stamping	ENTERPRISE Extended CMS Signer

Code Signing

SignServer supports code signing formats such as the following.

Format	Documentation
Plain signing	Plain Signer
CMS signing	CMS Signer
OpenPGP signing	OpenPGP Signer
Java code signing including JAR signing Android (APK) signing v1	JArchive Signer
CMS signing + time-stamping	ENTERPRISE Extended CMS Signer
OpenPGP signing with client-side hashing	ENTERPRISE Client-Side Hashing
Authenticode signing including: Signing of Windows Executable files Signing of Windows Installer files (.MSI) Signing of PowerShell script files (.ps1) Signing of Catalog files (.cat) Signing of Cabinet files (.cab)	ENTERPRISE MS Authenticode Signer
Microsoft APPX package signing (AppX)	ENTERPRISE Appx Signer
Java code signing with client-side hashing	ENTERPRISE Client-Side Hashing
Android (APK) signing v1, v2 and v3	ENTERPRISE APK Signer
Debian package signing (dpkg-sig)	Debian Dpkg-sig Signer

ePassport

SignServer is used both for MRTD signing and for ICAO CSCA Master list signing.

ePassport	Documentation
Document (MRTD SOD) signing with Logical Data Structure (LDS) version 1.7 and 1.8 support	MRTD SOD Signer
Document (MRTD) signing	(Legacy) MRTD Signer
ICAO CSCA Master list signing	ENTERPRISE Master List Signer
Additional algorithm support Subject to SoW/support agreement including for instance: Java patch with HSM support for ePassport required algorithms such as SHA256withRSAandMGF1 (RSASSA-PSS) SHA224withECDSA Brainpool ECC curves ...

Time-stamping

SignServer can be used as the time stamp unit within a Time Stamp Authority (TSA) to generate digitally signed time stamps and includes monitoring of time synchronization, offering both RFC 3161 and MS Authenticode time-stamps.

Format

External References

Documentation

Basic Time-stamping

RFC 3161, RFC 5816

Time Stamp Signer

Professional Time-stamping including: