DL Signer Cards

DL Signer cards provide digital signing of data and documents in the cards themselves using RSA or ECDSA asymmetric cryptographic algorithms. PKI infrastructure is supported and in the DL Signer cards it is possible to store X.509 certificates that are related to pairs of cryptographic keys generated in the cards itself. It is supported to store all X.509 certificates that make up the chain of trust from the root certificate to the end-entity certificate.

The public key which is generated in the DL Signer cards is placed in the body of the request while creating the certificate signing requirement (hereinafter CSR). The request is signed in the card itself with an appropriate private key that never leaves the card itself and in no way it can be read after generating key pairs. Further, the CSR is sent to the certification body in order to create and sign the X.509 certificate based on it. This end-entity certificate is placed in the DL Signer card with other certificates from the chain of trust and is ready to digitally sign data and documents. The user can send CSR to any certification body whose services he wishes to use. Digital Logic has provided a mechanism for issuing end-entity certificates for the purpose of testing the system. One of the basic characteristics of the end-entity certificate is that the private key, which is paired with the public key that such certificates contain, must not be used to sign other certificates.

The Windows software tools that initiate the generation of cryptographic keys pairs, generates CSRs, manages the PIN and PUK codes of the DL Signer cards, manipulates the contents of the X.509 certificates and signs the data and files, is distributed as “ufr-signer”.

“Signature-verifier” is a Windows application validating RSA and ECDSA digital signatures.

Digital signing and validation of signatures can also be done from Adobe Acrobat Reader DC application using ufr-pkcs11 module that we developed for this purpose. Our PKCS#11 module can also be used with popular Mozilla’s e-mail client and web browser, as well as with other software tools that are compatible with the PKCS#11 specification.

We also provided web services for online checking of X.509 certificates and signed pdf files.

Digital Signing software SDK

Visit our Digital Signing software SDK page for more information.