Robust Digital Signature Solution

Khatim Digital Signing Solution allows businesses to seamlessly integrate with existing corporate enterprise systems to produce robust PKI driven advanced digital signatures. Enterprises can now achieve true document authenticity, integrity and non-repudiation while allowing them to be archived and verifiable for years in future.

  • Support multiple signing uses
  • Integrates with existing systems & HSMs for streamlined workflows
  • Supports PAdES, XAdES, JAdES, CAdES, ASiC, PKCS#1 & more

Why choose Khatim Sign Server?

Built for Enterprises

Khatim Signing server is built from ground up keeping in view enterprise scalability and resiliency expectations. Be it CRMs, ECM or ERPs, Khatim Signing Server provides market leading document signing performance suited for high volume digital signature generation.

Advanced PDF Signer

Khatim signing server allows enterprises to apply their own brand while creating approval or certified digital signature. Multiple policies can be setup each having different visible elements like signing reason, location, contact information or any images.

Secured processing

High trust and assurance is important in any business. In Khatim signing server, all functions like key creation, administration & transaction management are accomplished with military grade security.

Live Reporting

Khatim Sign Server is unique signing solution providing realtime and historical performance stats for all signing clusters from a single pane of glass.

How Khatim Sign Server works?

Khatim Sign Server consist of 4 core components:

  • Khatim Sign Admin Portal: Access signing configs, transactions & statistics
  • Khatim Sign Engine: Provides signing service to business apps
  • Khatim Sign Diagnostic: Performs background housekeeping and health checks
  • Storage: Stores configurations and transactional data

The overall processing logic is quite simple:

  • Business application sends data/document signing request
  • Signing Engine verifies the incoming request
  • Signing Engine creates a digitally signature on the incoming data
  • If timestamping is required then adds timestamp
  • If long term digital signature is required then also adds revocation information
  • Returns the final signed data/document

Core Features

Features you get from Khatim Sign Server

  • Supported Signature Formats

    Creates advanced digital signatures based on IETF and ETSI standards including:

    XAdES
    CAdES
    PAdES
    ASiC
    PKCS#1 (Hash signing) signatures formats.

    The advanced digital signatures will have embedded revocation information and cryptographic timestamps.

  • Seamless integration with HSMs or Smart Cards

    Quickly integrates with your existing HSMs over PKCS#11 such as:

    Entrust nShield
    Thales Luna & Protect Server
    Utimaco Cryptoserver
    Microsoft Azure Key Vault
    AWS HSM etc.

    Likewise you may also plugin Smart Cards containing signing keys to create digital signatures.

  • Serve Multiple Policies

    Setup multiple policies to cater different configurations like cryptographic algorithms, signature placement coordinates, pages, visible or invisible, certified or approval signature formats etc. This allows serving different business applications having different document signing needs.

  • Quick Developer Integrations

    Khatim signing server provides developer friendly, restful interfaces allows them to integrate with their ECM, CRM and CMS in a matter of minutes. All end-points are secured and authorized over TLS Client Authentication.

Deployment

  • Supported OS

    All flavors of Windows Server & Linux (Centos, Ubuntu, RedHat, Fedora)

  • Languages

    50+ Languages (English, Chinese, French, Italian Spanish, Arabic, German, Portuguese etc.)

  • Minimum H/W Requirement

    8 GB RAM, 2 vCPU (2.3 GHz), 10 GB disk space.

Words from Client

Leading companies rely on us for their PKI and digital signature needs

We recently had the pleasure of working with the talented team at Codegic to develop an e-signing platform. From the initial consultation to the final delivery, Codegic’s team was attentive to our needs and consistently went above and beyond to ensure the success of the project. Their knowledge of the latest technologies and industry best practices was evident in every aspect of their work, and they were able to deliver a high-quality product that met all of our requirements.”

Calvin Tan,Director, Hiend Software Pte Ltd.

Pricing

  • Khatim Sign Server is charged per bundle
  • Each bundle allows you to deploy 2 instance of signing server in high availability mode
  • To add more servers in your existing pool; Add more bundles OR Buy a single server instance at 50% of the bundle price
  • Test environments or Staging environments are charged 20% of the price

Maintenance Plan

With active annual software maintenance plan:

  • Keep your installation safe and secure with the latest security updates
  • Get free access to the newest features, enhancements, and bug fixes
  • Get premium support from our technical engineers (within 24 hours on business days)

Has your maintenance expired?

Want to renew your maintenance plan? The price for 12 months is 25% of your license’s (current) list price.

Save more with extended supported

  • Extend for 24 months and save 10%
  • Extend for 36 months and save 15% best value

FAQs

What is the list the ETSI standards supported by Khatim Sign Server

Khatim Verification Server suppors the following ETSI standards

  • Digital Signature Formats
    • ETSI EN 319 132 parts 1-2 – XAdES digital signatures
    • ETSI EN 319 122 parts 1-2 – CAdES digital signatures
    • ETSI EN 319 142 parts 1-2 – PAdES digital signatures
    • ETSI EN 319 162 parts 1-2 – Associated Signature Containers (ASiC)
    • ETSI TS 119 182 part 1 – JAdES digital signatures
  • Signature Creation and Validation
    • ETSI EN 319 102-1 – Procedures for Creation and Validation of AdES Digital Signatures
    • ETSI TS 119 102-2 – Extended Procedures for AdES Digital Signatures
  • Signature Policies
    • ETSI TS 119 172-1 – Building blocks and human-readable signature policy documents
    • ETSI TS 119 172-2 – XML format for signature policies
    • ETSI TS 119 172-3 – ASN.1 format for signature policies
    • ETSI TS 119 172-4 – Signature validation policy using trusted lists
  • Trust Lists
    • ETSI TS 119 612 – Trusted Lists specification
    • ETSI TS 119 615 – Use and interpretation of national Trusted Lists (LOTL/TSL)
  • Cryptographic Requirements
    • ETSI TS 119 312 – Cryptographic Suites
  • Certificate & QC Profiles
    • ETSI EN 319 412-5 – Certificate Profiles; QCStatements

What is needed to deploy a digital signing solution?

A signing signing solution requires three core components;

  • Cryptographic hardware: The cryptographic hardware could be an HSM (Cloud or On-premise) or a Smart Card/Cryptographic USB token
  • Digital signing software
  • Timestamping software (if you need advanced digital signature)

Can alerts to be pushed to a central logging system?

For the purpose of traceability, secure alerts can be sent to your central logging systems, such as Splunk, Grafana, Greylog, LogRhythm, and more.

How can we increase the throughput of Khatim signing server?

There are many factor which can boost the performance. This includes:

  • Opting for ECDSA over RSA keys
  • 2048 bit RSA keys over 4096 bit
  • 384 bit ECDSA key over 521 bit
  • Deploying multiple load balanced servers instead of a single instance
  • Deploying timestamp server near your client with low network latency
  • Using HSM for keys storage instead of software
  • Using a PCI based HSM over network/cloud based HSM

Which technology stack is used for time stamping?

Khatim timestamp server uses Java (Open JDK) with Apache tomcat to ensure deployment can be done on any platform (Linux, Windows, Mac).

Which HSM Khatim Sign Server can integrate with?

Khatim Sign Server can integrate with any HSM (over PKCS#11)