Breadcrumbs

Interoperability

The following provides an overview of the SignServer capabilities and support, with relevant links to documentation and external standards.

SignServer supports multiple application servers and standard, high-performance databases. For more information on SignServer requirements, see Installation Prerequisites in the SignServer Software Stack documentation.

Signature Formats

Document Signing

SignServer can easily be adapted to customer-specific needs by using plug-ins and supports document signing formats such as the ones listed below.

Format

Documentation

PDF (ISO 32000)

PDF document processing, including support for:

  • Visible signatures.

  • Different certification levels.

  • Requesting and embedding timestamp responses.

  • Requesting and embedding CRLs.

  • Requesting and embedding OCSP responses.

  • PDF permissions.

PDF Signer

PAdES (-B, -T, -LT, -LTA) Enterprise

(PDF Advanced Electronic Signatures)

AdES Signer

XAdES (–B, -T, -LT, -LTA) Enterprise

(XML Advanced Electronic Signatures)

AdES Signer

CAdES (–B, -T, -LT, -LTA) Enterprise

(CMS Advanced Electronic Signatures)

AdES Signer

XML (XMLdSig)

XML Signer

CMS/PKCS#7

Generic CMS (PKCS#7) signer signs any document or file with support for encapsulated content or detached signatures and client-side hashing.

CMS Signer

CMS signing with support for time-stamping Enterprise

Extended CMS Signer

Code Signing

SignServer supports code signing formats such as the following.

Format

Documentation

Plain signing

Plain Signer

CMS signing

CMS Signer

OpenPGP signing

OpenPGP Signer

Java code signing including

  • JAR signing

  • Android (APK) signing v1

JArchive Signer

CMS signing + time-stamping Enterprise

Extended CMS Signer

OpenPGP signing with client-side hashing Enterprise

Client-Side Hashing

Authenticode signing Enterprise

  • Signing of Windows Executable files

  • Signing of Windows Installer files (.MSI)

  • Signing of PowerShell script files (.ps1)

  • Signing of Catalog files (.cat)

  • Signing of Cabinet files (.cab)

MS Authenticode Signer

Microsoft APPX package signing (AppX) Enterprise

Appx Signer

Java code signing with client-side hashing Enterprise

Client-Side Hashing

Android (APK) signing v1, v2 and v3 Enterprise

APK Signer

Debian package signing (dpkg-sig)

Debian Dpkg-sig Signer

ePassport

SignServer is used both for MRTD signing and for ICAO CSCA Master list signing.

ePassport

Documentation

Document (MRTD SOD) signing with Logical Data Structure (LDS) version 1.7 and 1.8 support

MRTD SOD Signer

ICAO CSCA Master list signing Enterprise

Master List Signer

Additional algorithm support

warning Subject to SoW/support agreement including for instance:

  • Java patch with HSM support for ePassport required algorithms such as

    • SHA256withRSAandMGF1 (RSASSA-PSS)

    • SHA224withECDSA

    • Brainpool ECC curves

    • ...


Time-stamping

SignServer can be used as the time stamp unit within a Time Stamp Authority (TSA) to generate digitally signed time stamps and includes monitoring of time synchronization, offering both RFC 3161 and MS Authenticode time-stamps.

Format

External References

Documentation

Basic Time-stamping

RFC 3161, RFC 5816

Time Stamp Signer

Professional Time-stamping Enterprise

Including:

  • Time synchronization monitoring

  • eIDAS Qualified Electronic Time-stamping extension

RFC 3161, RFC 5816

ETSI EN 319 422

Extended Time Stamp Signer

Integration Interfaces

SignServer provides multiple integration interfaces. For more information, see Interfaces.

Native Signing Tools

SignServer supports several native signing tools, such as:

  • codesign

  • productsign

  • rpm-sign

Supported HSMs, Databases, and Algorithms