easySIGN
The EasySIGN component is used to digitally sign PDF documents. The application is implemented in Java and runs in the background on the user’s PC. WebSocket technology is used to call up and communicate with the component. The component can only be called up with this technology on a local PC via localhost. After receiving the PDF document, the personal certificates are loaded from the Windows memory and a window for certificate selection opens. After selection, the PDF file is signed with the selected certificate and the signed file is sent back via the WebSocket communication channel.
easySIGN features:
- Create and attach an electronic signature to PDF documents according to the PAdES standard (PDF Advanced Electronic Signatures) in a variant with visible or invisible signature mark.
- Web browser-independent solution (no browser plug-in required)
- E-signature certificate stored in the certificate store of the operating system, smart card, USB token
- Observance of security restrictions during storage (PIN or password protection)
- Visualisation of the signed content for the user before signing
- Visualisation of the position of the electronic signature and its size (in case of a visible mark)
- Multiple signing
- Security of communication and transmitted data
- Log in
- Possibility of individualisation for the needs of the organisation
The advantages of our easySIGN solution:
- UBK has a long and successful cooperation with E.ON both in the Czech Republic and in Germany
- UBK is aware of E.ON ČR’s needs in the area of approval procedures, which must include an electronic signature in future
- The easySIGN solution meets all of E.ON ČR’s requirements and can be easily integrated into the process applications of the Axon.Ivy environment (no integration costs)
- The easySIGN solution was developed specifically for the needs of E.ON Czech Republic and allows individual adaptations and extensions for the needs of E.ON Czech Republic
- The easySIGN solution is web browser independent (no browser plugin required), which facilitates distribution and maintenance in the future.
- The easySIGN solution is universally applicable, both on the user workstation side and on the server applications side
Content of the transferred data: content of the JSON request + content of the JSON response
- Signed document (Base64 encoding)
- Checksum of the signed document (SHA-512 hash)
- Type of signed document (MIME type)
- Visualisation parameters for electronic signatures (TRUE/FALSE)
- Placement of a visible e-signature mark
- Document page – (Document page)
- X-coordinates on the page – (X-position)
- Y-coordinates on the page – (Y-position)
- Size of the visible e-signature mark
- Width of the mark – (width)
- Height of the mark – (height)
- Signed document (Base64 encoding)
- Checksum of the signed document (SHA-512 hash)
- Error and logging messages
- UNCAUGHT_ERROR (“Uncaught error, details in log file”)
- APP_P_KEY_NULL (“Private key from certificate is null”)
- APP_KEYSTORE_ALG_ERROR (“Algorithm cannot be found”)
- APP_KEYSTORE_UREC_KEY_ERROR (“The key cannot be restored”)
- APP_KEYSTORE_IO_ERROR (“I/O or format problem with the keystore data”)
- APP_LOAD_DOC_ERROR (“Error loading document”)
Security features:
- Visual inspection of the signed content and application of a visible signature mark
- Protecting the use of personal certificates – easySIGN uses standard interfaces and manufacturer-supplied drivers to communicate with the means of storing certificates (PIN or password protection).
- Communication restrictions Web browser – local component of easySIGN – easySIGN only accepts calls from the local computer via the localhost interface, the easySIGN interface cannot be accessed from the network outside the PC perimeter.
- Signed content security – checksum for signed content
- Communication security easySIGN – business application (web application) – communication between the web browser on the PC and the business application uses HTTPS connection
- Security of the component against modification – the easySIGN file is provided with an electronic certificate from the component supplier when it is distributed to the customer
Technologies:
- Java
- WebSocket
Libraries used:
- Undertow (WebSocket communication)
- Apache PDFBox (working with PDF files)
- Bouncy Castle (cryptography, certificate handling)
- JavaFX (user interface)
Uses:
It is possible to call the component via the standardised WebSocket technology (protocol), so that the call is possible from different programming languages. In practice, this means that it is possible to call the component from a web page (with JavaScript) as well as from another local application.
Take a look at our other products and services. For more information, please contact us at lukas.tomasek@ubk.cz or marta.tomaskova@ubk.cz.