Welcome to the SignServer Project 3.0
Search signserver.org for:

Home

Latest News

Note
After a lot of redesign work and new features is the version 3.0 of the SignServer released. It have migrated into EJB3, and have new types of services available. See below for a list of changes in the new version.

What's the SignServer?

The SignServer is an application framework performing cryptographic operations for other applications. It's intended to be used in environments where keys are supposed to be protected in hardware but there isn't possible to connect such hardware to existing enterprise applications or where the operations are considered extra sensitive so the hardware have to protected more carefully. Another usage is to provide a simplified method to provide signatures in different application managed from one location in the company.

From version 3.0 there also exists a mail signer framework that can be used to perform cryptographic operation on emails.

The SignServer have a ready to use:

  • TimeStamp Authority (RFC 3161 complaint)
  • PDF Signer
  • MRTD Signer
  • Validation Service Framework
  • Group Key Service Framework
  • Simple Mail Signer

The SignServer have been designed for high-availability and can be clustered for maximum reliability.

Different kinds of sign tokens exist:

  • Soft token using PKCS12 files.
  • PKCS#11 HSM tokens, such as the Utimaco CryptoServer or nCipher nShield.
  • PrimeCardHSM using smart cards.

What's new for SignServer 3.0?

Some of the new features for version 3.0 are:

  • Complete refactorisation of J2EE from EJB2 to EJB3 to simplify further development.
  • Renamed component Service to TimedService since 3.0 supports other services.
  • A TimedService can now be configured with a 'cron-like' settings to have services executed in other than just periodical intervals.
  • A Validation Service API used to validate certificate from different issuers. The Validation Service API have it's own easy to use Web Service used to integrate with other platforms.
  • A Group Key Service API used to generate and manage group keys, symmetric or asymmetric.
  • Possibility to have customized authorization of requests, not just the built in client certificate authorization list.
  • The name SignToken is changed to CryptoToken and introduced a new concept of ExtendedCryptoToken that supports symmetric operations.
  • The RMI-SSL interface have been removed and replaced with a JAX-WS interface with a simple client framework supporting different load-balance or high availability policies.
  • All request data have changed from serialization to externalization to be easier to translate to other platforms.
  • A completely new MailSigner API based upon the JAMES SMTP server to perform automated cryptographic operations on e-mails very similar to the plug-ins for the SignServer.
  • Java 1.4 is no longer supported.
  • A lot of new JUnit tests in the test suite.
  • A PDF Signer that can add a signature to a PDF document through a simple HTML interface.
  • PKCS11 Crypto Token to connect to different PKCS11 implementations.

More information can be found in the manual

Open Source

This software is OSI Certified Open Source Software. OSI Certified is a certification mark of the Open Source Initiative.

The source code of the SignServer is hosted on Sourceforge.net and all downloads include the complete source code.

Copyright © 2007 SignServer team. All rights reserved.