You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Introduction

The purpose of this document is to describe the installation, configuration and management procedures about the Virtual Appliance (VA) named SignEngineWeb (SWS). The VA SWS was created to be manageable and ready-to-use. You should import this virtual machine (".ovf") in her infrastucture and setup (for example set the proxy). With VA SWS is possible to sign, apply timestamp and verify the signature. SWS support different type of signature devices:

  • Automatic signature
  • Remote signature
  • Disposable 
  • Lean Disposable
  • eSeal (electronic seal)

The types of signature permits are:

  • CAdES
  • PAdES
  • XAdES
  • RAW signature (PKCS#1)

And is possible to set the different levels of signature like B, T, LT, LTV ecc... this details are described in the documentation about integration with SWS.

The timestamp applyed are in accordance with RFC 3161 and RFC 5544 standards.

During the verification of the signatures are used certificates issued by all accredited Certification Authority in the Countries of the European Community, is possible to verify signature CAdES, PAdES and XAdES

In this guide will be described how import SWS appliance into VirtualBox


Architectural Elements

SWS is the service machine which is supposed to be closed to the applications that need the signature and verification services. Applications requiring the signature connect and switch the entire file to SWS. SWS calculates the file track and asks for the RSA RAW type signature to the FRA signature system which is in the Namirial management boundaries. FRA is the system who drives HSM and uses RSA signature.


Assuming SWS is inside the LAN (the same LAN hosting the applications requiring the signature services) the documents are exchanged inside a private network. We have the confidentiality of the information contained in the hash that SWS has transmitted to FRA and a low impact on the Internet bandwidth. For each signature between SWS and FRA are used 7KB, regardless of the document size. In the case of submissions of merged requests, the bandwidth usage decreases thanks to TCP, HTTPS and SOAP lower impacts.


Inflows and Outflows

SWS exposes its services via SOAP.
On the other hand, it operates as a client in the following ways:

  1. For signing operations it needs to contact the RAW signature services (PKCS#1 format) at https://fra.firmacerta.it
  2. For timestamp operations it must be able to contact the Timestamping Authority (TSA) set in the call. In this case the protocols that can be used are HTTP and HTTPS. In the details, Namirial TSA can be reached at http://timestamp.firmacerta.it and at https://timestamp.firmacerta.it
  3. For signing verifications it must be able to contact the CA that issued the signer's certificate to prove its validity
  4. Update TLS (TrustedList) contacting periodically every EC national agencies that supervises the Certification Authority (in Italy is AgID).


Proper Operation Requirements



  • No labels