Introduction

SignServer is a flexible, server-side framework for performing a wide range of digital signature operations across multiple applications. It automates and secures the signing process, whatever the use case, ensuring that teams can sign code and documents quickly and easily, with full auditability and protection of signing keys, including support for quantum-resilient signing. By leveraging client-side hashing, organizations can maximize performance and control, supporting even the most complex and large-scale environments.

Key Features

• Centralized Signing: Replace scattered signing solutions with one secure, managed service.

• Enhanced Security: Signature keys are stored securely on the server-side, preferably in a Hardware Security Module (HSM).

• Scalable Architecture: A single SignServer instance can host multiple signers, validators, organizations, and users.

• Auditability: Comprehensive logging ensures accountability and compliance.

Enable Fast and Secure Signing

One instance of SignServer can host multiple use cases, signers, organizations, and users. The platform covers all your signing use cases, including:

• Code Signing

• Document Signing

• Time-stamping

• ePassports

Integrate with Your Tools and Workflows

SignServer integrates with your document workflow engines, CI/CD pipeline tools, identity and authorization platforms, or any other business applications through Admin and Client interfaces and plugins. SignServer also offers built-in support for various HSMs to generate and protect signing keys.

Protect Sensitive Signing Keys

With SignServer, private signing keys never leave secure, encrypted storage, even during signing. Different project members or systems can authenticate and share the same protected signing key, while providing a record of who signed what. Meanwhile, signature keys are generated and used for signing within an HSM, and all audit logs can be signed for complete traceability.

SignServer Deployment Methods​

This reference only covers the interfaces, workers, and configurations that comprise a SignServer deployment.

For deployment guides, see the Keyfactor Solution Areas and also deployment-specific SignServer references, including:

• SignServer Cloud Deployment

• SignServer Container Deployment (Kubernetes with Helm charts)

• SignServer Software Appliance

SignServer Enterprise vs Community Options

Deployment types are provided for both the SignServer Enterprise and SignServer Community editions:

• SignServer Enterprise Edition offers the security hardening, automation, scalability, and professional support required in production. Some advanced features described in this reference are only available in the Enterprise Edition, as indicated by an ENTERPRISE label.

• SignServer Community Edition is open-source and provides a core set of capabilities for evaluation and testing.