Robust Digital Signature Solution
Khatim Digital Signing Solution allows businesses to seamlessly integrate with existing corporate enterprise systems to produce robust PKI driven advanced digital signatures. Enterprises can now achieve true document authenticity, integrity and non-repudiation while allowing them to be archived and verifiable for years in future.
- Support multiple signing uses
- Integrates with existing systems & HSMs for streamlined workflows
- Supports PAdES, XAdES, JAdES, CAdES, ASiC, PKCS#1 & more
Why choose Khatim Sign Server?
Built for Enterprises
Khatim Signing server is built from ground up keeping in view enterprise scalability and resiliency expectations. Be it CRMs, ECM or ERPs, Khatim Signing Server provides market leading document signing performance suited for high volume digital signature generation.
Advanced PDF Signer
Khatim signing server allows enterprises to apply their own brand while creating approval or certified digital signature. Multiple policies can be setup each having different visible elements like signing reason, location, contact information or any images.
Secured processing
High trust and assurance is important in any business. In Khatim signing server, all functions like key creation, administration & transaction management are accomplished with military grade security.
Live Reporting
Khatim Sign Server is unique signing solution providing realtime and historical performance stats for all signing clusters from a single pane of glass.
Core Features
Features you get from Khatim Sign Server
-
Supported Signature Formats
Creates advanced digital signatures based on IETF and ETSI standards including:
XAdESCAdESPAdESASiCPKCS#1 (Hash signing) signatures formats.The advanced digital signatures will have embedded revocation information and cryptographic timestamps.
For more details, see PDF Sign Server for Enterprise Digital Signatures.
-
Seamless integration with HSMs or Smart Cards
Quickly integrates with your existing HSMs over PKCS#11 such as:
Entrust nShieldThales Luna & Protect ServerUtimaco CryptoserverAzure, AWS KMS etc.Likewise you may also plugin Smart Cards containing signing keys to create digital signatures.
For more details, see HSM-Backed Sign Server Architecture.
-
Admin Friendly UI with Live Reports
Control your sign server administration allowing:
Install new signing serversConfigure keys, certificates, policiesView transactions, events logsLive performance stats & Historical trendsFor more details, see Enterprise Digital Signature Solutions with Live Reporting.
-
Cryptographic Agility & PQC
Keeping in view businesses having different cryptographic needs, Khatim signing server supports both RSA, ECDSA & ML-DSA cryptography with SHA-256, 384 and 512 hashing algorithms.
For more details, see Post-Quantum-Ready Signing (CMS & PKCS#1).
-
Logging & Auditing
Khatim signing server records all incoming transactions & configuration for detailed analysis including the lower level cryptographic objects (CRL, OCSP, Timestamps) to construct long term digital signatures. Administrator can download and investigate request/responses on the fly, any time for troubleshooting or to check server status.
For more details, see Detailed Logging & Auditing for Digital Signatures.
-
Configure Policies, Appearances & API
Setup multiple policies to cater different configurations like cryptographic algorithms, signature placement coordinates, pages, visible or invisible, certified or approval signature formats etc. This allows serving different business applications having different document signing needs.
Also Khatim signing server provides developer friendly, restful interfaces allows them to integrate with their ECM, CRM and CMS in a matter of minutes. All end-points are secured and authorized over TLS Client Authentication.
For more details, see Setup Signing Policies, Appreances & API.
-
Cross Platform, Diverse Deployments
Khatim signing server is built with platform independence in mind hence supports Windows and Linux alike. You can deploy in different environments be it on-premise, private or public cloud, VMs or physical machines. -
Military Grade Access Control
Ensures military grade security (AES 256) to your signing server instance during administration using TLS client authentication.
-
Proactive Alerts & Troubleshooting
In situations where signing server is not working as it should, Khatim signing server proactively notifies administrators to take immediate action. For traceability, all issues are recorded which can be pushed securely to your central logging systems e.g. Splunk, Grafana, Greylog, LogRhythm etc. -
Unlimited Scalability
Get ready to experience blazing fast signing with Khatim Sign Server! With the ability to install it as a cluster of multiple signing servers, you can reduce latency and add signing servers at any time without stopping already running instances. This gives you the unparalleled throughput that you’ve been dreaming of, all while keeping your workflow running seamlessly. Say goodbye to sluggish performance and hello to lightning-fast signing with Khatim Sign Server!
How Khatim Sign Server works?
Khatim Sign Server consist of 4 core components:
- Khatim Sign Admin Portal: Access signing configs, transactions & statistics
- Khatim Sign Engine: Provides signing service to business apps
- Khatim Sign Diagnostic: Performs background housekeeping and health checks
- Storage: Stores configurations and transactional data
The overall processing logic is quite simple:
- Business application sends data/document signing request
- Signing Engine verifies the incoming request
- Signing Engine creates a digitally signature on the incoming data
- If timestamping is required then adds timestamp
- If long term digital signature is required then also adds revocation information
- Returns the final signed data/document
Deployment
-
Supported OS
All flavors of Windows Server & Linux (Centos, Ubuntu, RedHat, Fedora)
-
Languages
50+ Languages (English, Chinese, French, Italian Spanish, Arabic, German, Portuguese etc.)
-
Minimum H/W Requirement
8 GB RAM, 2 vCPU (2.3 GHz), 10 GB disk space.
Words from Client
Leading companies rely on us for their PKI and digital signature needs
We recently had the pleasure of working with the talented team at Codegic to develop an e-signing platform. From the initial consultation to the final delivery, Codegic’s team was attentive to our needs and consistently went above and beyond to ensure the success of the project. Their knowledge of the latest technologies and industry best practices was evident in every aspect of their work, and they were able to deliver a high-quality product that met all of our requirements.”
Calvin Tan,Director, Hiend Software Pte Ltd.
Pricing
- Khatim Sign Server is charged per bundle
- Each bundle allows you to deploy 2 instance of signing server in high availability mode
- To add more servers in your existing pool; Add more bundles OR Buy a single server instance at 50% of the bundle price
- Test environments or Staging environments are charged 20% of the price
Maintenance Plan
With active annual software maintenance plan:
- Keep your installation safe and secure with the latest security updates
- Get free access to the newest features, enhancements, and bug fixes
- Get premium support from our technical engineers (within 24 hours on business days)
Has your maintenance expired?
Want to renew your maintenance plan? The price for 12 months is 25% of your license’s (current) list price.
Save more with extended supported
- Extend for 24 months and save 10%
- Extend for 36 months and save 15% best value
FAQs
What is the list the ETSI standards supported by Khatim Sign Server
Khatim Verification Server suppors the following ETSI standards
- Digital Signature Formats
- ETSI EN 319 132 parts 1-2 – XAdES digital signatures
- ETSI EN 319 122 parts 1-2 – CAdES digital signatures
- ETSI EN 319 142 parts 1-2 – PAdES digital signatures
- ETSI EN 319 162 parts 1-2 – Associated Signature Containers (ASiC)
- ETSI TS 119 182 part 1 – JAdES digital signatures
- Signature Creation and Validation
- ETSI EN 319 102-1 – Procedures for Creation and Validation of AdES Digital Signatures
- ETSI TS 119 102-2 – Extended Procedures for AdES Digital Signatures
- Signature Policies
- ETSI TS 119 172-1 – Building blocks and human-readable signature policy documents
- ETSI TS 119 172-2 – XML format for signature policies
- ETSI TS 119 172-3 – ASN.1 format for signature policies
- ETSI TS 119 172-4 – Signature validation policy using trusted lists
- Trust Lists
- ETSI TS 119 612 – Trusted Lists specification
- ETSI TS 119 615 – Use and interpretation of national Trusted Lists (LOTL/TSL)
- Cryptographic Requirements
- ETSI TS 119 312 – Cryptographic Suites
- Certificate & QC Profiles
- ETSI EN 319 412-5 – Certificate Profiles; QCStatements
What is needed to deploy a digital signing solution?
A signing signing solution requires three core components;
- Cryptographic hardware: The cryptographic hardware could be an HSM (Cloud or On-premise) or a Smart Card/Cryptographic USB token
- Digital signing software
- Timestamping software (if you need advanced digital signature)
Can alerts to be pushed to a central logging system?
For the purpose of traceability, secure alerts can be sent to your central logging systems, such as Splunk, Grafana, Greylog, LogRhythm, and more.
How can we increase the throughput of Khatim signing server?
There are many factor which can boost the performance. This includes:
- Opting for ECDSA over RSA keys
- 2048 bit RSA keys over 4096 bit
- 384 bit ECDSA key over 521 bit
- Deploying multiple load balanced servers instead of a single instance
- Deploying timestamp server near your client with low network latency
- Using HSM for keys storage instead of software
- Using a PCI based HSM over network/cloud based HSM
Which technology stack is used for time stamping?
Khatim timestamp server uses Java (Open JDK) with Apache tomcat to ensure deployment can be done on any platform (Linux, Windows, Mac).
Which HSM Khatim Sign Server can integrate with?
Khatim Sign Server can integrate with any HSM (over PKCS#11)
