Robust Digital Signature Verification Solution with EU Trusted Lists

Khatim Digital Signature Verification Solution enables organizations to validate digital signatures against Custom or EU Trusted Lists  or LOTL, ensuring long-term trust and regulatory compliance. It empowers enterprises to verify the authenticity, integrity, and non-repudiation of digitally signed documents across diverse formats—both today and years into the future.

  • Ensures compliance with eIDAS & ETSI standards
  • Validates timestamps, revocation status, and certificate chains
  • Supports long-term validation (LTV) for archived documents
  • Supports PAdES, XAdES, JAdES, CAdES, ASiC, PKCS#7, PKCS#1 & more

Why Khatim Verification Server?

Enterprise Focused

Whether integrated with CRMs, ECMs, or ERPs, it delivers rapid and reliable digital signature verification—ideal for high-volume, trust-critical environments.

Fine Grained Control

Get full control over acceptable cryptographic algorithms, giving enterprises precise control over digital signature verification.

Secure Trust Validation

Enforces strict security for certificate chain validation, revocation checking, and trust list management following ETSI & eIDAS standards.

Unified Monitoring

Gain full visibility with real-time & historical signature verification insights across your infrastructure from a centralized dashboard.

How Khatim Verification Server works?

Core Components:

  • Khatim Verification Admin Portal: Access signing configs, transactions & statistics
  • Khatim Verification Engine: Provides Restful digital signature verification services to business apps
  • Khatim Verification Diagnostic: Performs background housekeeping and health checks
  • Storage: Stores configurations and transactional data

Processing Steps:

  • Business application sends data/document verification request
  • Verification Engine verifies the incoming request
  • Verification Engine verifies digital signatures
  • Performs revocation checking & PKI trust building
  • Returns the verification response with detailed report

Core Features

Features you get from Khatim Verification Server

  • Supported Signature Formats

    Verifies advanced digital signatures based on IETF and ETSI standards including:

    XAdES
    CAdES
    JAdES
    PAdES
    ASiC
    PKCS#1 (Hash signing) signatures formats.

    Performs detailed revocation & PKI trust building checks for all of the certificates found against signer, timestamp, OCSP etc.

  • Verify EU Trust List & LOTL

    Define multiple verification policies to handle diverse trust and compliance requirements—such as accepted cryptographic algorithms, signature formats, and trust sources including the EU Trust List and List of Trusted Lists (LOTL). This flexibility enables tailored validation for different business applications, document types, and regulatory environments.

  • Quick Developer Integrations

    Provides developer friendly, restful interfaces allows them to integrate with their ECM, CRM and CMS in a matter of minutes. All end-points are secured and authorized over TLS Client Authentication.

Deployment

  • Supported OS

    All flavors of Windows Server & Linux (Centos, Ubuntu, RedHat, Fedora)

  • Languages

    50+ Languages (English, Chinese, French, Italian Spanish, Arabic, German, Portuguese etc.)

  • Minimum H/W Requirement

    8 GB RAM, 2 vCPU (2.3 GHz), 10 GB disk space.

Words from Client

Leading companies rely on us for their PKI and digital signature needs

We recently had the pleasure of working with the talented team at Codegic to develop an e-signing platform. From the initial consultation to the final delivery, Codegic’s team was attentive to our needs and consistently went above and beyond to ensure the success of the project. Their knowledge of the latest technologies and industry best practices was evident in every aspect of their work, and they were able to deliver a high-quality product that met all of our requirements.”

Calvin Tan,Director, Hiend Software Pte Ltd.

Pricing

  • Khatim Verification Server is charged per bundle
  • Each bundle allows you to deploy 2 instance of verification server in high availability mode
  • To add more servers in your existing pool; Add more bundles OR Buy a single server instance at 50% of the bundle price
  • Test environments or Staging environments are charged 20% of the price

Maintenance Plan

With active annual software maintenance plan:

  • Keep your installation safe and secure with the latest security updates
  • Get free access to the newest features, enhancements, and bug fixes
  • Get premium support from our technical engineers (within 24 hours on business days)

Has your maintenance expired?

Want to renew your maintenance plan? The price for 12 months is 25% of your license’s (current) list price.

Save more with extended supported

  • Extend for 24 months and save 10%
  • Extend for 36 months and save 15% best value

FAQs

Can you list the ETSI standards supported by Khatim Verification Server

Khatim Verification Server suppors the following ETSI standards

  • Digital Signature Formats
    • ETSI EN 319 132 parts 1-2 – XAdES digital signatures
    • ETSI EN 319 122 parts 1-2 – CAdES digital signatures
    • ETSI EN 319 142 parts 1-2 – PAdES digital signatures
    • ETSI EN 319 162 parts 1-2 – Associated Signature Containers (ASiC)
    • ETSI TS 119 182 part 1 – JAdES digital signatures
  • Signature Creation and Validation
    • ETSI EN 319 102-1 – Procedures for Creation and Validation of AdES Digital Signatures
    • ETSI TS 119 102-2 – Extended Procedures for AdES Digital Signatures
  • Signature Policies
    • ETSI TS 119 172-1 – Building blocks and human-readable signature policy documents
    • ETSI TS 119 172-2 – XML format for signature policies
    • ETSI TS 119 172-3 – ASN.1 format for signature policies
    • ETSI TS 119 172-4 – Signature validation policy using trusted lists
  • Trust Lists
    • ETSI TS 119 612 – Trusted Lists specification
    • ETSI TS 119 615 – Use and interpretation of national Trusted Lists (LOTL/TSL)
  • Cryptographic Requirements
    • ETSI TS 119 312 – Cryptographic Suites
  • Certificate & QC Profiles
    • ETSI EN 319 412-5 – Certificate Profiles; QCStatements

Can alerts to be pushed to a central logging system?

For the purpose of traceability, secure alerts can be sent to your central logging systems, such as Splunk, Grafana, Greylog, LogRhythm, and more.

How can we increase the throughput of Khatim verification server?

There are many factor which can boost the performance. This includes:

  • Only allow signature formats which are supported
  • Allow only the acceptable list of encryption & hashing algorithms
  • Deploying multiple load balanced servers instead of a single instance
  • Better internet connection as this improve download of Trusted Lists & revocation checking

How to diagnose why digital signature verification is failing?

Check the verification response and check the reason. You may get multiple errors such as:

    • Signature being tampered
    • Certificates are expired
    • Failing to get revocation information
    • X.509 Certificates are marked as revoked
    • Trust building failing due to missing certificates