EzSign can be setup, deployed and integrated extremely rapidly, enabling .NET and Java applications to start generating and verifying signatures accurately and securely, with complete control over the signature structure and validation process
Typically, a deployment will involve the following steps:
Server Setup
The server can be installed in minutes and supports Windows Server based operating systems as well as Solaris and Linux (Note: AIX is not yet supported for use with PKCS#11 based HSMs but HSM9000 and Software key stores are supported)
The simplest approach is to unzip the package, update the reference to your java installation and update the provided server.properties file to your requirements
Next, run the management utility to set your passwords and generate a CSR. Once your certificate has been issued, import via the management utility
You can then start the server using the provided scripts or via the Windows Service
Client Integration
If using java, add a reference to KEzSignClient.jar
If using .NET, add a reference to EzSignClient.dll
In your code the following will generate a signature:
EzSignClient client = new EzSignClient(serverIpAddress, serverPort);
byte[] signature = client.signData(channel, dataToSign, false);
Note: EzSign separates key stores into channels, enabling an application to select different keys for different purposes. Any channel name can be configured in the server properties and it is this name which must be passed to the signData method
The false parameter represents that the provided data is not a digest (already hashed). If the data to sign is already hashed, this parameter will be true
And that's it!!
To verify the signature:
client.verifySignature(channel, signature, dataToSign, false);
If there any validation problems an exception will be thrown containing all of the error details
All details of the signature generation and validation process will be logged to a location of your choice (by default this is a text file)
The client and server are stateless - meaning multiple clients can call the same server and client instances can be created and destroyed at will
Extras
With each EzSign Server license users get the Signature Toolkit for free. Enabling the checking and graphical viewing of signature contents
Other tools (such as verifying HSM setup) are also available if required
Options around monitoring and alerting as well as test scripts can also be supplied upon request
Support
Having been involved in the PKI market for 15 years, Krestfield have the knowledge and ability to assist with any queries and questions that may arise from using the EzSign server. We can provide onsite support and walk through all setup steps and provide high quality ongoing support
For more information email us at This email address is being protected from spambots. You need JavaScript enabled to view it. or call 020 8938 3616