The Krestfield EzSign suite enables applications to quickly and securely generate and verify digital signatures without the need for complex programming

Signature Generation and Verification

The server produces RAW (PKCS#1) and PKCS#7 compliant signatures and supports the the SHA-2 suite of digest algorithms. Signatures are compliant with Bacs, Faster Payments and Fast Cheque digital signature requirements

The server performs full signature validation including path building and revocation checking, supporting both CRL and OCSP revocation checking, including OCSP request signing (as required by IdenTrust)

Many configuration options are available including custom path checking (checking certificates based on specific requirements), performing additional checks on hash algorithms/certificate extensions etc.

AES Data Encryption

High performance, strong data encryption/decryption using AES keys stored in software or on HSMs. The ability to generate a number of AES keys, allowing the client to choose based on a name

Multi Token Support

The server supports several mechanisms for secure key storage, including:

  • AWS CloudHSM
  • PKCS#11 based HSMs (such as the Thales nShield Connect and the SafeNet Luna range)
  • Thales PayShield HSMs
  • Software. For testing or applications that do not require hardware key protection, a software key store may be used. Keys and certificates are AES encrypted

Java based

The server is java based, supporting all versions from 8 to 11

Java and .NET Simple Client APIs

Java and .NET clients are available which are easy to integrate into any application. The clients have no dependencies on any other external libraries and developers can start to sign/encrypt data via the API within minutes


The server provides key separation and the ability to support different configuration options per channel e.g. one channel can use a software key store whilst another makes use of an HSM, all from the same server.

For more information contact Krestfield Support (support@krestfield.com)

Download the Installation and Configuration Guide
Download the Client Integration Guide
EzSign Knowledge Base
Contact Us

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Call: 020 8938 3616

Krestfield Limited, 124 City Road, London, EC1V 2NX

Sales & Support

Should you need any help with any of Krestfield's products, or wish to make any suggestions, please contact us.

Sales: sales@krestfield.com

Support: support@krestfield.com

Latest News


Version 1.9.0 released


Version 4.1.2 released


Our Mission

To create secure, highly available, intuitive products that are affordably priced

Please publish modules in offcanvas position.