Khatim Sign Server v3.0 Released

Khatim Sign Server Blog banner

Team at Codegic is excited to launch the next version of Khatim product line. This version showcases the signing engine supporting basic and long term digital signatures for PDF documents following ETSI EN 319 142-1 V1.1.1 standard. PDF, or Portable Document Format, is a widely used file format that provides several benefits to businesses. One of the key advantages is the ability to ensure document integrity. This means that the document remains in its original form regardless of the software, operating system, or device used to view it. This makes them an ideal format for businesses to use when sharing important documents such as contracts, financial reports, and legal agreements, as it helps to maintain the authenticity and accuracy of the information contained in the document.

Some of the salient features of Khatim Sign Server is:

  • Signing Policies
  • Signing Engines Management
  • Signing Statistics
  • Signing transaction log management
  • Signing events logs management
  • Developer friendly API
  • Daily Summary Reports

Signing Engines Management

In a load balanced environment managing your deployments can be complex. Khatim Sign Server allows admins to manage their signing engines from a single portal. This is also true for other engine types as well such as timestamping.

Administrators can now:

  • View list of all the Khatim Sign engines
  • Check their current health
  • Start, Stop them
  • View in listing or card view mode

Khatim Signing Engines

Signing Statistics

The Khatim Sign Server dashboard offers a user-friendly way to view graphical statistics generated from charts, providing an effective way to gauge the well-being of your system. Whether the server operates as a standalone instance or in a cluster, admins can easily filter the displayed statistics by selecting from a range of options, such as Today, 7 days, 30 days, 365 days, This year, All, or a custom date range.

Khatim Signing Server Stats

Create Signing Policies

Khatim Sign Server allows administrators to create multiple signing policies for PAdES-BES, PAdES-T, PAdES-LT, PAdES-LTA signature formats configuring aspects like:

  • Policy ID
  • Description
  • Signature Format
  • Signing Certificate Alias: The signing certificate used to sign the PDF
  • Hash Algo: Hash algorithm used for signing
  • Signature Type: Approval or Certified PDF signatures
  • Visibility: Visible or Invisible signatures
  • Coordinates: In case of visible the X, Y coordinates where the signature is produced
  • Signature Page: In case of visible the page number or LAST_PAGE to sign the PDF
  • Reason, Location, Contact: Meta information which goes with the PDF signature
  • Status: Mark policy as active or inactive

In case of PAdES-T, Khatim Sign Server asks for the timestamp server address. The timestamp server can be a locally (Khatim Timestamp Server) or external. For PAdES-LT or PAdES-LTA, Khatim Sign Server dynamically pulls the revocation using the OCSP or CRL addresses configured in the signing certificate.

Khatim Signing Add Policy

Configurable Signature Appearances

For visible PDF signatures, Khatim Sign Server, allows administrator to configure following aspects:

  • Configurable logo: Shown in the signatures matching your company’s brand
  • Signing Reason: If not provided then will be removed from the PDF signature appearance
  • Signing Location: If not provided then will be removed from the PDF signature appearance

Khatim Signing Server PDF signature appearance

Developer friendly API

Khatim Sign Server’s Restful interface has simplified the way business application can access the server to sign documents. This feature provides an intuitive and straightforward way to connect with the Khatim Sign Server, allowing users to quickly and easily sign their documents.

Accept: application/json
Content Type: application/json  
Verb: POST
Body: multipart/form-data

File: "dataToSign":"file",

Optional parameters are:
signingPolicyId, documentName, pdfSignatureReason, pdfSignatureLocation, pdfSignatureContact
pdfSignatureApTemplate, pdfSignatureCoord, pdfSignaturePage

Signing Transaction Log Management

To help admins identify the root cause of signing issues, Khatim Sign Server shows full list of transactions as they are produced. Admin can see information like:

  • Time when request is processed
  • Policy used to generate the response
  • Success or failure details
  • IP address of requestor and host server
  • Signer information
  • Signature Format i.e. PAdES-BES etc.

To ensure privacy, Khatim Sign Server does not store the input document nor the signed document.

Khatim Signing Server Transaction Logs


Admin can further drill down to see more information about the request processing:

Khatim Signing Server Transaction Logs Details

System Logs

These notification/event logs are generated when ever there is any issue found during signing to ensure critical components are performing as expected. An email is sent to the user when found. These are also included in the daily summary report. Some of these types of events are:

  • UNACCEPTED_POLICY: policy is not available
  • PDF_NOT_VALID: Sent data is not a valid PDF object
  • PDF_IS_CERTIFIED: Sent PDF is certified already hence can’t be signed
  • PDF_PG_NOT_FOUND: Sent PDF doesn’t contain the mentioned page
  • PDF_XY_NOT_FOUND: Provided X,Y coordinates is not found in the PDF
  • PDF_IS_ENC: Sent PDF is password protected
  • PDF_SIG_OVERLAPPED: Signature can’t be created on top of an already created signature
  • KEY_NOT_FOUND_HSM: Failed to create signature as signing key was not accessible from the HSM

Daily Summary Reports

Khatim Sign Server generates daily summary report for all the registered engines configurable via Global Configurations. Admin can see a detailed break down for the currently day’s statistics and also all time statistics. Statistics includes:

  • Request Status
  • Failure breakdown
  • Policy breakdown
  • Client IP breakdown
  • Host IP breakdown
  • Signature Format breakdown
  • Signing Algo breakdown

Khatim Signing Server Daily Summary Report

Wrapping it up

This sneak peek of Khatim Signing Server is just the tip of the iceberg! Codegic has an array of fantastic usability and functionality upgrades planned for the next release, making it the most secure, affordable, and efficient Sign server out there.