Click the PKI-by-PrimeKey-SignServer-logo to visit
Search on Google:


PKI features

  • Supports RSA key algorithm up to 8192 bits.
  • Supports ECDSA key algorithm with named curves.
  • Support multiple hash algorithms for signatures, MD5, SHA-1, SHA-2.
  • Compliant with NSA SUITE B algorithms and certificates.
  • Support for Hardware Security Modules (HSMs). Built in support for Thales/nCipher, SafeNet Luna, SafeNet ProtectServer, Utimaco CryptoServer, AEP Keyper, ARX CoSign and other HSMs with a good PKCS#11 library.
  • Support for software based keys for lower security requirements or development.
  • Multiple Signers and Validators, serve all your digital signature needs within one instance of SignServer.
  • Get your document signer certificate, such as PDF signing certificates, signed by public recognized CAs.
  • Built in modules for signing PDF, XML, XAdES-BES, XAdES-T, ODF, OOXML, CMS and MRTD.
  • Generic CMS (PKCS#7) signer signs any document or file with support for detached signatures and client-side hashing.
  • Simple plug-in API for creating new document signers.
  • Built in RFC 3161, 5816 compliant Time Stamp Authority (TSA) module:
    • Configurable time sources.
  • Built in Authenticode timestamp signer module
  • Electronic ePassport document signing (MRTD) compliant with ICAO requirements:
    • LDS version 1.8 support.
    • Support for limiting the number of signings.
    • Support for key usage period.
    • Multiple active logical signers with fail-over when the sign limit is exceeded or key usage period expires.
    • Signer suitable of signing ICAO Deviation/Defect Lists.
  • PDF document processing, including support for:
    • Visible signatures.
    • Different certification levels.
    • Requesting and embedding timestamp responses.
    • Requesting and embedding CRLs.
    • Requesting and embedding OCSP responses.
    • PDF permissions.
  • Validators for signed documents, built in support for XML validation, XAdES-BES, XAdES-T, or make your own validator plug-in.
  • Configurable access control using HTTP basic authentication, https client certificates, IP address restrictions etc.
  • Optional archival of signed documents.

Integration features

  • Built on the JEE 6 (EJB 3.1) specification.
  • Flexible, component based architecture.
  • Java API, Web server (HTTP), Web Services (WS) and command line (CLI) interfaces for integration.
  • Web service (WS) interface for remote administration and integration.
  • Automatic signer certificate renewal when used together with EJBCA.
  • Plug-in functionality allowing you to enhance with your own functionality and work flows.

Administration features

  • Simple installation and configuration.
  • Command line administration for scripts etc.
  • Administration GUI desktop application for management with support for remote management with strong authentication.
  • Administration Web interface for management with support for remote management with strong authentication. (Enterprise Edition only).
  • Transaction logging suitable for statistics and billing.
  • Audit logging for events related to keys, certificates and time-sources
  • Easy upgrade paths when new versions are released.

System features

  • Supports multiple application servers: JBoss AS, WildFly and GlassFish/Payara.
  • Using standard, high performance RDBMS for storage.
  • Supports multiple databases: MySQL, MariaDB, Oracle, PostgreSQL, etc.
  • Support for running without database.
  • Possible to integrate into large Java applications for optimal integration into business process.
  • Health check monitoring service to support efficient clustering and monitoring.
    • Status of workers
    • Down for maintenance support

Enterprise Edition features

  • Support and maintenance from PrimeKey, world renowned PKI experts.
  • Maintenance and security releases.
  • Administration Web interface.
  • Integrity protected audit log (log signing), with digital signature or HMAC protection.
  • Command line tool for verification of audit and database integrity protection.
  • Large file support.
  • qcStatements extension support for Qualified Electronic time-stamps according to the EU Regulation No 910/2014 (eIDAS).
  • SignServer TimeMonitor application and modules for monitoring time synchronization in TSA set-ups.
  • Authenticode signer for signing Windows executable files and Windows Installers (MSI).
  • JAR signer for signing Java archives (and Android apps).
  • ePassport CSCA master list signer compliant with ICAO requirements.
  • Automatic renewal service.
  • Signer certificate renewal with outgoing connection from EJBCA to SignServer.
  • Client-side hashing and construction for Authenticode signatures in SignClient.
  • Client-side hashing and construction for JAR signatures in SignClient.