Signature

The Signature features allow to you sign documents and files, according to the standards PaDES, CaDES, JaDES or XaDES using your secrets keys and a certificate.

You can as well verify signatures from 3rd parties.

Supported types

The standard supported (PaDES/CaDES/JaDES/XaDES) are compliant with the eIDAS regulation and are the ones most widely accepted in the industry.

Signature flow

The signature occurs in the Webapp, specifically in the browser: this implies that your secret keys are only store and used in the browser and never communicated to anyone, according to the privacy-by-design and end-to-encryption principles.

The signature produced in the Webapp is packed into a JSON object and communicated to a service we run in backend using the open source Digital Signing Service software, the official software implemented and maintained by the European Commission, for digital signatures. The software is open source, you can find the source code on https://github.com/esig/dss/.

Important!

The secret key to sign documents is stored and used only in the browser (thus the signature works offline!), are never communicated to anyone and from the signature it's mathematically impossible to recreate the secret key.

Import a secret key and certificate

You probably want to start by importing a secret key and and an X.509 certificate. To do that press on the Certificates button on the sidebar:

Signature1

Then press the button Add a Key-Certificate Pair in top right of the page, a modal window will pop-up, fill it with the info about your key

Signature1

As a result you should see your key/certificate appearing in the list. Under Algorithm you see the type of signature that can be performed with each given pair of key/certificate. Currently we support:

Elliptic curve signatures
- ECDSA on secp256r1 (also known as P-256 or NIST-256)
- EdDSA on Ed25519
RSA
- RSASSA-PKCS1-v1_5
- RSA-PSS

In the example below, we added an RSA key/certificate:

Signature1

Create a certificate (for test purposes)

if you want to test the software, you could create a secret key, along with a self-signed X.509 certificate.

Create a secret key, in this case this will allow you to produce an ECDSA signature on the secp256r1 curve, with the following line

bash

openssl ecparam -out ec_key.pem -name secp256r1 -genkey

The output should look like:

Then create a self-signed X.509 certificate with the link:

bash

openssl req -new -key ec_key.pem -x509 -nodes -days 365 -out cert.pem

The output (X.509 certificate) should look like:

Sign document

After you have added a key/certificate, you're ready to sign your first document, so click on My Signatures on the sidebar, you should see:

Signature1

Click on the New Signature button on the top right and select:

Fill the Title, the Description
Click on Choose File load document in the application.
Under Type select the format of the signature you want to receive, between PaDES, CaDES, JaDES or XaDES. The type of file that you can sign will typically be a PDF, but depending on the signature format you are able sign also other file formats.
Then select the Certificate you want to use (the correspondent secret key will be selected

Signature1

If all went well, you will see your signature:

Signature1

From there, if you click on Preview, you can open the signed file:

Signature1

And can as well Verify the signature from there:

Signature1

👩‍⚖️ DIDroom Control Room

🆔 Wallet App

✔️ Verifier App

🛠️ System Administrator

🖊️ Signatures

📑 Concepts/Components

🗎 Terms and conditions

Signature

Supported types

Signature flow

Import a secret key and certificate

Create a certificate (for test purposes)

Sign document

Signature ​

Supported types ​

Signature flow ​

Import a secret key and certificate ​

Create a certificate (for test purposes) ​

Sign document ​

Signature

Supported types

Signature flow

Import a secret key and certificate

Create a certificate (for test purposes)

Sign document