Solution – Document Signing
When a document is shared (via email or via other means) but is not first signed, there is no way for the recipient to authenticate the sender nor verify the contents of the document has not been tampered with.
End-to-end document signing security overcomes these challenges by signing the contents of your document before it is shared with others. Use digital certificates with your document authoring software to secure your document against tampering.
How it works
The sender proves his/her identity to the recipient and shows that the document came from the sender. The electronic signature on the message proves that the contents of the document has not been tampered with after the signature has been applied.
Benefits
- Electronic signature support on most popular software including Microsoft Office, Libre Office and Adobe Acrobat
- Ability to encrypt and/or electronically sign the contents and attachments to the email
- Each electronic signature provides a high degree of assurance because:
– It is uniquely linked to the signer
– It is capable of identifying the signer (authentication)
– Only the signer has control over the key used for the signature creation (non-repudiation)
– It can be identified if the contents of the signed document has been tampered with or changed after the signature has been applied (integrity) - Support for multiple signatures in a document allow for each individual to sign their signature block in the document
Process
| Step 1 | Choose your document signing product option |
| Step 2 | Login/register into your account |
| Step 3 | Complete your order and make payment online |
| Step 4 | In case of physical token, await shipping of token to you |
| Step 5 * | Generate your keys and certificate signing request (CSR) on your security token (physical/cloud) and upload your CSR |
| Step 6 | Prove that you own the email mailbox (through email validation) |
| Step 7 | Additionally upload your supporting documents (certified or notarized copies); for PersonalPass Premium, arrange your face-to-face meeting with TrustFactory to sign the subscriber agreement in their presence |
| Step 8 * | Your certificate will be issued; download and install it on your PC/device and use together with your token (physical/cloud) |
* This step varies per operating system; refer to online support resources for assistance
Options
- Online self-service portal for order processing and full certificate life-cycle management (issuing, reissues, rekeys, revocation and renewals)
- Free and unlimited certificate re-issues
- Free and unlimited rekeys
- Certificates valid for up to 2 years before renewal is required; up to 5 years for organization certificates
- Private keys may be stored on a physical security token or securely in a cloud key storage service (such as CumuloKey)
Technical Specification
- RSA public-key support for key length 2048-bit and above
- Support for SHA-2 hash algorithm (256 bit)
- Digital certificate is fully compliant to X.509v3 specification
- Fully compatible with modern electronic signature standards:
– XML Advanced Electronic Signature (XAdES), including support for the following profiles:XAdES-BES (basic) Basic electronic signature XAdES-T (timestamp) Includes timestamp XAdES-C (complete) Includes all references to validation data XAdES-X (extended) XAdES-C with included timestamp XAdES-X-L (extended, long-term) Includes all certificates and revocation lists for future verification even after expiration XAdES-A (archival) Suitable for long term archival with periodic timestamping – PAdES – PDF advanced electronic signature
– CAdES – CMS advanced electronic signature
– ASiC – associated signature containers - Client Root Certificate embedded in Microsoft Root Certificate Store
- Client Root Certificate listed on Adobe Approved Trust List (AATL)
Difference between TrustFactory Physical and CumuloKey Token
| TrustFactory Physical Token |
CumuloKey Token |
|
|---|---|---|
| Security Standard compliance | NIST FIPS 140-2 Level 2 | |
| Keypair Storage | Multiple (up to 64KB) | 1, 5 or 10 bundle unlimited bundles |
| Cryptographic API Support | MS CAPI MS Minidriver PKCS#11 PC/SC |
REST API |
| Supported Operating Systems (OS) | Windows 7/8/8.1/10 Linux macOS X |
Any |
| Delivery Method | Requires shipping | Online (no shipping required) |
| Microsoft Office Document Signing | ico | * ico |
| Libre Office Document Signing | ico | * ico |
| Adobe PDF Signing | ico | * ico |
| Signatures | Unlimited | Fair use |
* Using the CumuloKey online signing service
Product Options – Certificate
| PersonalPass | PersonalPass Premium |
OrganizationPass | |
|---|---|---|---|
| Security protocol | XAdES PAdES CAdES |
||
| Validation level | Person | In-Person (Face-to-face) |
Organization |
| Assurance level | Strong person validation |
Strong in-person validation |
Organization validation |
| Required documents | Government-issued ID document Proof of address (individual) |
Company registration Proof of address (company) |
|
| Certificate contents | First name Surname Email Address City Country |
Organization name Organizational Unit (optional, one or more) City Country |
|
| Timeframe for issuance | Within 1 day from submission of supporting documents | Within 1 day from completion of face-to-face meeting | Within 1 day from submission of supporting documents |
| Document authoring compatibility | MS Office Libre Office Adobe Acrobat |
||
| Required token for private key (NIST FIPS 140-2 Level 2 compliant) | TrustFactory Physical CloudSign Use your own hardware security module (HSM) |
||
| Valid for 1 year | ico Available | ico Available | ico Available |
| Valid for 2 years | ico Available | ico Available | ico Available |
| Valid for 3 years | ico Available | ||
| Valid for 5 years | ico Available | ||
