The Krestfield EzSign suite enables applications to quickly and securely generate and verify digital signatures without the need for complex programming
Compliant Signature Generation and Verification
The server produces PKCS#7 compliant signatures and supports the SHA-1 and the SHA-2 suite of digest algorithms. Signatures are compliant with Bacs and Faster Payments digital signature requirements.
The server performs full signature validation including path building and revocation checking, supporting both CRL and OCSP revocation checking including OCSP request signing (as required by IdenTrust)
Multi Token Support
The server supports several mechanisms for secure key storage, including:
PKCS#11 based HSMs (such as the Thales nShield Connect and the SafeNet Luna range)
Thales PayShield HSMs
Software. For testing or applications that do not require hardware key protection, a software key store may be used. Keys and certificates are AES encrypted
The server is java based, built and tested under both Java 7 and Java 8
The client is also developed in java, but other client implementations can be produced including .NET and C++ versions. Krestfield can also supply assistance to integrate with other languages
Simple Client API
The client is a thin java application which has no external dependencies (i.e. other than the client jar no additional libraries will need to be included with the application build)
The design brief was to make application integration as fast and simple as possible to reduce development costs. It is extremely simple to integrate - just specify an IP address and port. You can start to generate signatures by writing only two lines of code!
The server provides key separation and the ability to support different configuration options per channel e.g. one channel can use a software key store whilst another makes use of an HSM, all from the same server.
For more information contact Krestfield Support (email@example.com)