SignServer Introduction

SignServer is a server-side application capable of creating digital signatures.

Multiple different types and formats of digital signatures are supported through an extendable architecture where different 'worker' implementations implements support for different formats.

The cryptography operations are typically carried out in an Hardware Security Module (HSM) or using software key stores.

Audit logging of administrator operations as well as client transactions are supported both to file and to database. This allows organizations to keep track of all usages of the signing keys.

images/download/attachments/3053772/signserver-technical-design-deployment-uml6.png
SignServer Deployment Diagram

A typical work flow goes like this:

  1. Client submits the document or file to be signed.

  2. SignServer receives the request and signs the file using its keys.

  3. The signed file is returned to client.

Client requests can be submitted through any of the supported interfaces such as HTTP POST form uploads, Web Services or the command line interface.

Administration can be done locally using the command line interface, or remotely using the standalone Administration GUI application, using the Administration Web interface or using Web Services.

SignServer can be set up for high availability to be putting a load balancer in front of multiple server instances.

In addition to document signing, SignServer also supports ePassport (ICAO eMRTD) signing, code signing such as Microsoft Authenticode and JAR signing as well as be operated as a Time-stamping Authority (TSA).