Khatim Sign Server = Add Integrity + Trust

ETSI, EIDAS compliant, digital and electronic sign server bringing integrity + trust in your enterprise
  • Supports basic and advanced digital signatures
  • Compatible with ETSI & eIDAS advanced digital signature standards
  • Seamless integration with existing systems & HSMs for streamlined workflows
  • Scalable and flexible document signing server for high volume transactions
  • User-friendly dashboards for logging, alerting, reporting, and insights
Download Datasheet

Robust Digital Signature Solution

Integrity - Trust - Security

Khatim’s powerful signing solution simplifies implementing the last mile in digitization electronic documents and transactions. Khatim Digital Signing Solution allows businesses to seamlessly integrate with existing corporate enterprise systems to produce robust PKI driven advanced digital signatures. Enterprises can now achieve true document authenticity, integrity and non-repudiation while allowing them to be archived and verifiable for years in future.

Khatim Digital Signature Solution allows multiple signing uses cases including server side and client side signing for multiple formats including PDF documents, XML, webforms, Files and more. Some of supported signature formats are: PAdES, XAdES, CAdES, ASiC, PKCS#1 and more.

"Khatim Sign Server: The digital signature solution for enterprises"

Khatim Sign Server - Supported Signature Formats

Why choose Khatim Sign Server?

Built for Enterprises

Khatim Signing server is built from ground up keeping in view enterprise scalability and resiliency expectations. Be it CRMs, ECM or ERPs, Khatim Signing Server provides market leading document signing performance suited for high volume digital signature generation.


Advanced PDF Signer

Khatim signing server allows enterprises to apply their own brand in visible PDF digital signatures. With built in signature appearances templates designer, companies can setup the right visible signature appearance for their to-be-signed PDF documents. Multiple templates can be configured each having different visible elements like signing reason, location, contact information or any images.

Secured processing & auditing

High trust and assurance is important in any business. In Khatim signing server, all functions like key creation, administration & transaction management are accomplished with military grade security. Complete transparency is possible by allowing administrators to view detailed transactional signing logs and reports.

Core Features

Features you get from Khatim Sign Server
Supported Signature Formats

Creates advanced digital signatures based on IETF and ETSI standards including:


– ASiC
– PKCS#1 (Hash signing) signatures formats.


The advanced digital signatures will have embedded revocation information and cryptographic timestamps.

Seamless integration with HSMs or Smart Cards

Quickly integrates with your existing HSMs over PKCS#11 such as:


– Entrust nShield
– Thales Luna & Protect Server
– Utimaco Cryptoserver
– Microsoft Azure Key Vault
– AWS HSM etc.


Likewise you may also plugin Smart Cards containing signing keys to create digital signatures.

Serve Multiple Policies

Setup multiple policies to cater different configurations like cryptographic algorithms, signature placement coordinates, pages, visible or invisible, certified or approval signature formats etc. This allows serving different business applications having different document signing needs.

Quick Developer Integrations

Khatim signing server provides developer friendly, restful interfaces allows them to integrate with their ECM, CRM and CMS in a matter of minutes. All end-points are secured and authorized over TLS Client Authentication.

Cross Platform, Diverse Deployments

Khatim signing server is built with platform independence in mind hence supports Windows and Linux alike. You can deploy in different environments be it on-premise, private or public cloud, VMs or physical machines.

Cryptographic Agility

Keeping in view businesses having different cryptographic needs, Khatim signing server supports both RSA and ECDSA cryptography with SHA-256, 384 and 512 hashing algorithms.

Military Grade Access Control

Ensures military grade security (AES 256) to your signing server instance during administration using TLS client authentication.

Admin Friendly GUI

Control your signing server administration with GUI based interfaces. From key generation, policy management to transaction log viewing all can be done from a single place.

Proactive Alerts & Troubleshooting

In situations where signing server is not working as it should, Khatim signing server proactively notifies administrators to take immediate action. For traceability, all issues are recorded which can be pushed securely to your central logging systems e.g. Splunk, Grafana, Greylog, LogRhythm etc.

Logging & Auditing

Khatim signing server records all incoming transactions & configuration for detailed analysis including the lower level cryptographic objects (CRL, OCSP, Timestamps) to construct long term digital signatures. Administrator can download and investigate request/responses on the fly, any time for troubleshooting or to check server status.

Unlimited Scalability

Get ready to experience blazing fast signing with Khatim Sign Server! With the ability to install it as a cluster of multiple signing servers, you can reduce latency and add signing servers at any time without stopping already running instances. This gives you the unparalleled throughput that you've been dreaming of, all while keeping your workflow running seamlessly. Say goodbye to sluggish performance and hello to lightning-fast signing with Khatim Sign Server!

Reporting & Statistics

Get real time statistics of how your signing servers are behaving. Administrators can drilled down information based on different data points like signature formats, signing policies, success/failure, alerts, signing algorithm and more. Khatim signing server also creates daily summary reports along similar data points providing administrator a snapshot of what types of signatures were generated during the day, any failures and alerts.

How Khatim Sign Server works?

Khatim Sign Server consist of 4 core components:

  • Khatim Sign Admin Portal: Access signing configs, transactions & statistics
  • Khatim Sign Engine: Provides signing service to business apps
  • Khatim Sign Diagnostic: Performs background housekeeping and health checks
  • PKI Insights Storage: Stores configurations and transactional data

The overall processing logic is quite simple:

  • Business application sends data/document signing request
  • Signing Engine verifies the incoming request
  • Signing Engine creates a digitally signature on the incoming data
  • If timestamping is required then adds timestamp
  • If long term digital signature is required then also adds revocation information
  • Returns the final signed data/document
How Khatim Sign Server Works


Supported OS

All flavors of Windows Server & Linux (Centos, Ubuntu, RedHat, Fedora)


English - Other languages can be supported on demand

Minimum H/W Requirement

8 GB RAM, 2 vCPU (2.3 GHz), 10 GB disk space.

Pricing & Maintenance


  • Khatim Sign Server is charged per bundle
  • Each bundle allows you to deploy 2 instance of signing server in high availability mode
  • To add more servers in your existing pool:
    • Add more bundles
    • Buy a single server instance at 50% of the bundle price
  • Test environments or Staging environments are charged 20% of the price
  • Price inclusive of first 12 months of maintenance plan

Maintenance Plan

With active annual software maintenance plan you:

  • Keep your installation safe and secure with the latest security updates
  • Get free access to the newest features, enhancements, and bug fixes
  • Get premium support from our technical engineers (within 24 hours on business days)

Has your maintenance expired?

When you buy a license, you automatically get free 12 months of maintenance. Want to renew your maintenance plan? The price for 12 months is 25% of your license’s (current) list price.

Save more with extended supported:

  • Extend for 24 months and save 10%

  • Extend for 36 months and save 15% best value

Success Story


“We recently had the pleasure of working with the talented team at Codegic to develop an e-signing platform. From the initial consultation to the final delivery, Codegic’s team was attentive to our needs and consistently went above and beyond to ensure the success of the project. Their knowledge of the latest technologies and industry best practices was evident in every aspect of their work, and they were able to deliver a high-quality product that met all of our requirements.”


Calvin Tan, Director, Hiend Software Pte Ltd


What is needed to deploy a digital signing solution?

A signing signing solution requires three core components;

  • Cryptographic hardware: The cryptographic hardware could be an HSM (Cloud or On-premise) or a Smart Card/Cryptographic USB token
  • Digital signing software
  • Timestamping software (if you need advanced digital signature)

Which integration options are supported?

Khatim signing server comes with HTTP based Restful interfaces allowing developers to quickly integrate business applications by sending unsigned documents and getting signed ones.

Can alerts to be pushed to a central logging system?

For the purpose of traceability, secure alerts can be sent to your central logging systems, such as Splunk, Grafana, Greylog, LogRhythm, and more.

How can we increase the throughput of Khatim signing server?

There are many factor which can boost the performance. This includes:

  • Opting for ECDSA over RSA keys
  • 2048 bit RSA keys over 4096 bit
  • 384 bit ECDSA key over 521 bit
  • Deploying multiple load balanced servers instead of a single instance
  • Deploying timestamp server near your client with low network latency
  • Using HSM for keys storage instead of software
  • Using a PCI based HSM over network/cloud based HSM

Which technology stack is used for time stamping?

Khatim timestamp server uses Java (Open JDK) with Apache tomcat to ensure deployment can be done on any platform (Linux, Windows, Mac).

Which HSM Khatim Sign Server can integrate with?

Khatim Sign Server can integrate with any HSM (over PKCS#11)


Test drive Khatim Sign Server and explore its powerful features.

Still not convinced?

All it takes few minutes to see signing in action!
Super Simple Installation

Admins love Khatim Sign Server because it quick to install and configure


When configured correctly in a load-balanced environment, it offers lightning-fast signing speed.

Try for free

Want to see Khatim Sign Server in action? Start now with your 30-day trial