PKI

Strong security for your e-signatures

Built-in PKI

SigningHub is unique in being the only global digital signature platform which comes with a complete built-in advanced PKI system. The SigningHub engine can include the following optional PKI components:

Certificate Authority (CA)

The SigningHub built-in CA automatically creates and certifies user signing keys to prove ownership. This the cornerstone of trust in a digital signature system.

The SigningHub CA meets industry standards such as: X.509 certificates/CRLs, RFC 5280, PKCS#11, Certificate Transparency & CAB Forum Requirements

OCSP Validation Authority (VA)

The SigningHub built-in VA provides real-time certificate status information about the signer. This validation information is embedded into the user’s signature as evidence to prove the signer’s key and certificate were valid at the time of signing.

The SigningHub VA meets industry standards such as: RFC 6960, RFC 5019, FIPS 201, PKCS#11 & CAB Forum Requirements

Time Stamp Authority (TSA)

The SigningHub built-in TSA is responsible for issuing secure timestamps to prove the time of signing. This is essential evidential information embedded in the signature in order for it to have Long-Term Validation (LTV) capability.

The SigningHub TSA meets industry standards such as: RFC 3161, PKCS#11 & NTP trusted time source monitoring and alerting

Long-term Archive & Notary Service (LTANS)

The SigningHub built-in LTANS Service acts as an Evidence Authority allowing documents to be protected over the very long-term, i.e. beyond the lifetime of trust authority certificates or today’s cryptography. It achieves this by using timestamped cryptographic hash values arranged in a chain to ensure trust. Each block chain can be protected using the best hash algorithms, signing algorithms and key lengths available at the time of creating the evidence.

The SigningHub LTAN Service meets industry standards such as: SHA256 to SHA512, IETF XMLERS & PKCS#11

Certified for high-trust use

The SigningHub built-in PKI is independently evaluated and certified for high-trust use, including for the issuance and management of Qualified Certificates (CWA 14167-1 certified). The above PKI components are available individually for on-premise use. Our PKI systems are used by various global PKI service providers.
The SigningHub built-in PKI is independently evaluated and certified for high-trust use, including for the issuance and management of Qualified Certificates (CWA 14167-1 certified). The above PKI components are available individually for on-premise use. Our PKI systems are used by various global PKI service providers.

Global PKI Partners

To achieve global, cross-border trust for your signed documents, SigningHub can work with any standards-based PKI provider when using local signing mode (i.e. certificates held locally by the signer on smartcard, token or software file).

 

For remote signing, we have teamed with our select PKI partners to deliver both Adobe AATL and EU Qualified Signatures. With remote signing, the user’s signing keys are created centrally by SigningHub within an HSM and then certified by one of these partner CAs (note this solution is available for both on-premise and cloud instance of SigningHub):
Digital Sign
QuoVadis
Quote Icon

Great product that completes Worry-Free Signing processes. SigningHub makes signing a breeze, the ability to automatically create a signing process to route signature to the correct user without intervention enables the user to quickly and easily get documents signed.

Eugene Lam
Business Development Manager at Netrust Pte Ltd

Great product that completes Worry-Free Signing processes. SigningHub makes signing a breeze, the ability to automatically create a signing process to route signature to the correct user without intervention enables the user to quickly and easily get documents signed.

Eugene Lam
Business Development Manager at Netrust Pte Ltd