SIGNIUS SEAL
SIGNIUS SEAL CLIENT
Last updated
SIGNIUS SEAL CLIENT
Last updated
The purpose of this guide is to provide a comprehensive understanding of the functionality and management processes of SIGNIUS Seal Client, which will enable effective and safe use of the product in your daily work. By detailing the user interface, configuration, and best practices, this guide is an essential resource for anyone who wants to fully leverage the potential of SIGNIUS Seal Client in their organization.
The 'Administrator's Guide' documentation is a comprehensive source of knowledge on procedures related to Administrator activities (SIGNIUS Seal Client Configuration) of the SIGNIUS Seal Client product. This guide describes in detail the installation, configuration and comprehensive system management processes. Particular attention was paid to adapting the settings to the user's individual needs, which allows for optimization of work with SIGNIUS Seal.
In addition, the documentation contains practical examples of process configurations that have been specially developed for various electronic seal use scenarios.
The system, presented in the diagram, consists of two main domains: the Client Domain and the SIGNIUS Domain. The diagram illustrates the process by which a customer uses a business application to generate a digital seal using services provided by SIGNIUS.
Components:
Driving/Business Application - a business application used by the client to initiate the process of sealing documents.
SIGNIUS Seal Client - a client of the SIGNIUS system responsible for communication with the SIGNIUS server and processing data necessary for sealing documents.
Network folder - a network folder where documents to be sealed are stored.
Flow:
The client's business application transmits data to the SIGNIUS Seal Client. SIGNIUS Seal Client generates a document hash (DocHash), which is sent to the SIGNIUS server via REST API secured with the HTTPS protocol.
Components:
GlobalSign API Server - GlobalSign's API server that receives the document hash and initiates the sealing process.
Remote QTSP (Qualified Trust Service Provider) - a remote trust service provider service that provides a qualified timestamp and validation.
QSCD (Qualified Signature Creation Device) - a qualified signature creation device that ensures process security.
Process:
GlobalSign API Server receives the document hash via the REST API and forwards it to the remote QTSP. QTSP generates a qualified timestamp which is then used to validate the seal on the document. QSCD provides a qualified seal, completing the process.
Communication between the client and the SIGNIUS server and between the SIGNIUS server and the remote QTSP is secured using HTTPS, which ensures the confidentiality and integrity of transmitted data. The use of the HTTPS protocol and trusted components such as QTSP and QSCD guarantees a high level of security in the process of document verification and sealing.
The system is a comprehensive solution for generating and verifying digital seals, integrating the client's business applications with advanced cryptographic services provided by SIGNIUS and external partners such as GlobalSign.
Windows Server 2012 or newer
CentOS 7 or newer
Debian 9 or newer
Fedora 32 or newer
Red Hat Enterprise Linux 7
SUSE Enterprise Linux (SLES) 12 SP2 or newer
server:
MS-SQL,
Oracle,
PostgreSQL,
DB2
filesystem:
SQLite
4 GB RAM
3 GHz 4 Core CPU
5 GB HDD
Although the SIGNIUS SEAL server performance is super-fast, the overall results might be dependend on other factors:
Network latency
File size
QSCD Performance
RSA/ECC key length
.NET runtime version 8.0.0 or another 8.x series
ASP.NET 8.0.0 Core - Shared Framework or other 8.x series
Microsoft Windows Desktop Runtime – 8.0.0 or other 8.x series
Make sure the required versions of .NET are installed on your computer:
.NET runtime version 8.0.0 or another 8.x series
ASP.NET 8.0.0 Core - Shared Framework or other 8.x series
Microsoft Windows Desktop Runtime – 8.0.0 or other 8.x series
Download the SIGNIUS Seal Client installer from the official website or using the link provided by the manufacturer.
Run the downloaded installer and follow the steps displayed. Ensure that all required components are installed and configured according to the instructions.
After installation is complete, open the SIGNIUS Seal Configuration application.
Then go to the "License" tab.
In the "License" tab, find and copy the Hardware ID using the option available by left-clicking the mouse.
Go to the "License" tab in the SIGNIUS Seal Configuration application and send the copied Hardware ID to the software supplier (Vendor) to generate a license
Once you have received your license, please follow the provider's instructions to activate SIGNIUS Seal Client.
After receiving the license file, return to the SIGNIUS Seal Configuration application.
In the "License" tab, paste the received license and save the changes.
After successful installation of the SIGNIUS Seal Client application, an important step is to properly set the application operating parameters in the appsettings.json configuration file. This file contains all necessary information regarding connections, communication protocols and details about certificates and API keys. Below is detailed information about the configuration of this file and tips that will allow for a smooth transition from the installation process to launching and using the application.
The appsettings.json file contains key configurations for the SIGNIUS Seal Client application, including settings for ports and protocols used to communicate with external services.
The configuration file consists of various sections that describe both local and remote processes, as well as logging and debugging details.
localRest: Enables REST API support on the local server.
localHost: The localhost address, usually 127.0.0.1.
localPort: The port on which the local REST API server listens, default is 8089. This is the port to use when querying from external tools and application servers
localUseHttps: Specifies whether the connection to the local server should use HTTPS.
localCertificate and localCertificatePassword: Path and password for the certificate (P12/PFX) used for the HTTPS connection.
FullDebug: Enables full logging for debugging purposes.
Serilog: Serilog logging configuration, including logging levels and targets to which logs are written.
The localPort settings should match your firewall configuration and port forwarding to enable proper communication.
Changes to the appsettings.json file require an application restart for the new configuration to take effect.
If you have problems with installation, please contact technical support.
Carefully follow Vendor's instructions for activating and configuring your license.
This documentation describes the process of configuring a connection to the SIGNIUS Seal Client digital signing service. Depending on the software version, the user can choose between many service providers. Below are the detailed configuration steps for the GlobalSign provider.
After pasting the license, the user goes to the Connection settings tab to enter the necessary information to connect to the selected digital signature service provider.
From the Provider Type drop-down list, the user selects providers.
In the Provider URL field, the user enters the URL address that will be used for communication and sending queries to the provider.
In the following fields, the user enters the API key (API-Key) and API secret, which are required for authentication and communication with the service
The user must also specify the path to the client certificate file with the extension .pfx in the Client certificate filename field and enter the certificate password in the Client certificate password field, if required.
Po wprowadzeniu wszystkich wymaganych informacji, użytkownik finalizuje proces klikając przycisk "Connect".
Przykładowa konfiguracja:
After completing the above steps, the user will be configured to connect to the selected digital signature service provider. This is necessary to use the signing functions offered by SIGNIUS Seal Client within the application.
This documentation is intended to describe the configuration of the digital signature process using the SIGNIUS Seal Client application. Below is an example of process configuration for a REST-based XAdES signature.
After connecting to the service, the user is automatically transferred to the Processes tab. To create a new process, click the green plus button.
In the process name field, enter XAdES, which will mean the process for signing .XML files.
From the drop-down list in the form API field, we select REST, which means that communication with the signature service will take place via REST API.
In the Signature format section, we select XAdES_BES from the drop-down menu, which is the signature format intended for .XML files.
The signature is not built directly into the document, but is stored separately.
After entering all the data, the process is saved using the floppy disk-shaped button.
Go to the "Service Status" tab and run the service, which will allow you to sign documents.
Below is an example configuration for the XAdES process with the above data:
This documentation is intended to describe the configuration of the digital signature process using the SIGNIUS Seal Client application. Below is an example of process configuration for the PAdES signature based on FILESYSTEM (file system).
Similarly to the XAdES configuration, we start from the Processes tab and create a new process by clicking the green plus button.
In the process name field, enter XAdES, which will mean the process for signing .PDF files.
From the drop-down list in the form API field, select FILESYSTEM, which means that communication with the signature service will take place through the local file system (exchange directory)
In the Signature format section, we select PAdES_BES from the drop-down menu, which is the signature format intended for .PDF files.
We create a directory C:/tmp/PAdES on the system drive, which will serve as a shared folder for the signing process. (any location, for example such a folder was created)
The process is saved using a diskette-shaped button.
Go to the "Service Status" tab and start the process.
Below is an example configuration for the PADES process with the above data:
After starting the website, we go to a previously defined location, e.g. C:\tmp\PAdES
Select the document with the .pdf extension to sign.
The .pdf document is placed in the in folder. After a short time, the document disappears from the in folder and appears signed in the out folder. In case of errors during the signing process, the document will appear in the "err" folder