The simplest API for signing, certifying and verifying

Terminalfenster mit Eingabebefehl zum digitalen Signieren einer PDF-Datei mittels Certifact API und digitalem Zwilling, Ausgabe in output.pdf

By developers, for developers

Find the right integration solution for your architecture

Implement our local API in a VM or a Docker container in your infrastructure. Simply use our API to add document signing and verification to your software.

Get started now

Use our CLI client to sign and verify documents from the command line. Easily integrate Certifaction into your software and create signatures quickly and automatically - on any platform and in any scripting language

Get started now

How to sign and certify within your IT landscape

Overview of the full integration process

Choose the right integration solution for your architecture

The Certifaction CLI can be used in two modes:

  • Interactive to execute commands on the shell, as part of a script or from a third party application.
  • Server mode that exposes HTTP endpoints.

In both cases, the CLI sits between the third party application and Certifaction API and will handle document signing, verification and revocation without leaking the document content outside the controlled IT infrastructure of the client.

Diagramm zeigt die Interaktion zwischen Client Application, Certifaction CLI und Certifaction API, wobei der Client Application mit dem Certifaction CLI bidirektional kommuniziert, das CLI über eine Zertifizierungs-API-Schnittstelle mit der Certifaction API verbunden ist, getrennt durch eine gepunktete Linie zwischen Client Side und Certifaction API.

In this scenario, the standalone application will use the OS command execution available to their platform to run the Certifaction commands. The documents can either be saved and loaded on the file system, or they can be passed to the command using the standard input and output.

Diagramme showing the clients side on a grey box. On the left a white box saying standalone application with arrows to and from a second white box on the right side saying client CLI. On the arrows it says certifaction sign and certifaction verify (arrows from left to right). Both boxes have arrows pointing to and from a cylinder with the word Files written on it. A dotted line from top to bottom and on the right the Certifaction API is shown with a box stating Certifaction API.

In this scenario, the Certifaction CLI is started in server mode, either directly in a node or VM, or inside a Docker container. The client will use HTTP to sign and verify documents with the guarantee that documents do not leave the client IT system. This is the best option for centralized document signature where documents are signed during an automated document workflow.

Simple document signature

Here are the steps during a simple document signature:

  • The CLI Receives the PDF document to sign and process it (add security features including a unique secure URL and one or more signature pages).
  • The hash of the file is sent to Certifaction API for signature
  • Certifaction API uses one of its pluggable signature provider depending on the signature level and jurisdiction
  • Certifaction API returns the PKCS #7 CMS signature to the CLI
  • The CLI embeds the signature in the PDF document and returns to the Client

Additional signatures can be appended to an already signed document sequentially. Sending a signed document to an other signer is a simple and valid option.

Diagramm, das den Signiervorgang zwischen Certification CLI und Certification API zeigt, mit Schritt-folgen 1 bis 5, die Dokumente, Sign-Box, Zertifizierungs-API und Standard-PKI-Signaturen mit TSP für AES, QES und Zertifizierungssiegel für PES hervorheben.

Document Digital Twin

In addition to storing the secure URL inside the PDF as custom information. A Digital Twin QR code can be added to the document. This QR code contains the secure URL that can be used to retrieve the encrypted version of document stored in Certifaction servers.

When printing the document, the visible QR code can be scanned to retrieve the last version of the document. Certifaction Digital Twin bridges the world of printed and digital documents.

Here are the steps to store an encrypted version of the document and return a Digital Twin URL:

  • Before signature, a unique and secure URL created and added to the document with a QR code
  • The document is encrypted
  • The encrypted copy is stored in Certifaction Digital Archive (DA)
  • The Digital Twin URL is recorded in Certifaction document locator

Additional signatures can be appended to an already signed document sequentially. Sending a signed document to an other signer is a simple and valid option.

Diagramm zeigt den Prozess der Dokumentensignierung und -verschlüsselung mit Zertifikation CLI und API, inklusive Hinzufügen eines QR-Codes, Verschlüsseln des Dokuments, Registrierung einer Kurz-URL, Speicherung in einer Ende-zu-Ende-verschlüsselten Datenablage sowie Dokumentenortung.