Signing Automation Service
Cloud-based certificates for automated sealing
The Entrust Signing Automation Service issues and hosts your digital certificate’s private keys for document signing, allowing you to automate document sealing workflows without managing keys and secure hardware. eIDAS Qualified Certificates for Advanced Seals are available.
The service is designed for integrating into applications and platforms compatible with PKCS#11.
What is a digital seal?
While a digital signature represents a natural person (an individual), a digital seal represents a legal person (an organization). Digital seals ensure that a document is tamper-proof and carries your verified organization's name.
Entrust can provide trusted certificates for document sealing, as well as European eIDAS Qualified Certificates to generate eIDAS Advanced Seals via the Entrust Signing Automation Service.
Trusted digital seals on documents provide real guarantees of ownership and integrity, as well as non-repudiation when combined with timestamping.
The signing service is accessed via our Entrust Signing Automation Client, which is supported by major PDF tools and any PKCS#11-compatible environment.
We provide and maintain everything for you: the HSM, the sealing software, the publicly-trusted certificates, and public timestamping and OCSP services.
Entrust is a European Qualified Trust Service Provider and can deliver eIDAS Qualified Certificates for Advanced Seals via the Signing Automation Service. Find Entrust in the EU Trust List.
The Entrust Signing Automation Service can be called to generate a digital seal from a hash value that is sent by your document application. This seal is then embedded back into your document by your application.
A hash value is a fixed-length series of digits representing the content of your document. The Entrust Signing Automation Service never receives any sensitive information or intellectual property.
The following diagram illustrates a typical integration of the Signing Automation Service. It does not include the optional timestamping and OCSP flows.
Delegate all Organization-signing activities to a central service that is entirely integrated to your existing applications and workflows.
The Entrust Signing Automation Service was built for bulk signing, and will enable you to generate thousands of seals per year.
The service is deployed in the Cloud and accessible via a PKCS#11 client.
The service leverages FIPS 140-2 Level 3 HSMs from our own datacenter.
Every seal generated can also be timestamped with our RFC 3161-compliant timestamping service.
Leverage our TSA (Timestamping Authority) and OCSP (Online Certificate Status Protocol) services to create Long Term Validation (LTV) seals and extend your seals’ lifetime.
The Signing Automation Service is accessed by a PKCS#11 client that we provide and which must be installed on your application.
In order to set up the signing service, we will provide you with a license to access a signing service where you will be able to generate a CSR.
If you are a new customer, we will also enroll you for an Entrust Certificate Services account, and your Organization will be verified. Once this is done, you will be able to order your publicly-trusted Document Signing certificate and add its public key to the signing service.
And voilà! You can start integrating your signing service to your application.
The Entrust Signing Automation service is guaranteed to be compatible with the following services:
You are free to test the integration of our service to your custom environment, provided that it supports the PKCS#11 standard.