Architecture

SignServer

SignServer is a framework designed to perform different kind of digital signatures for different applications.

There are three kind of processable services.

• Signers (used to sign or in other way process requested data).
• Validation Services used to verify the validity of a certificate against a set of backed issuers. The validation service can be used to simply the integration of PKIs into existing applications.
• Group key service framework used to manage and to distribute group keys for different applications, these keys can be both symmetric and asymmetric.

In addition to processable services there also exists another concept called Timed Service (called just 'service' version 2.0) which are plug-ins run at defined intervals performing maintenance or reporting routines.

Out-of-the-box are there several signers ready to be used. They can easily be configured after installation of SignServer.

The main way of communicating with the SignServer is through a WebService interface (previous versions had a RMI-SSL interface, but that have been replaced by the WS for platform independence). Signers are also available through HTTP communication and some signers (PDF, ODF, OOXML, XML, MRTD) have simple HTML pages that allows users to upload documents to be signed.

Administration is done through a command-line interface, where properties and access controls can be configured.

One instance of SignServer can have multiple signers for different purposes.

MailSigner

The MailSigner is a different build of SignServer, targeted to perform automated cryptographic operations on e-mails. The MailSigner is an add-on to the James SMTP project and the James SMTP binaries is shipped along with the SignServer package for simplified set-up.

The MailSigner's main component is the MailProcessor which is the base for all MailSigner plug-ins. There exists one ready to use MailSigner called the SimpleMailSigner. It generates a signed SMIME message for all e-mails sent through the server.