SIGNIUS SEAL
SIGNIUS SEAL CLIENT
Introduction
The purpose of this guide is to provide a comprehensive understanding of the functionality and management processes of SIGNIUS Seal Client, which will enable effective and safe use of the product in your daily work. By detailing the user interface, configuration, and best practices, this guide is an essential resource for anyone who wants to fully leverage the potential of SIGNIUS Seal Client in their organization.
Scope
The 'Administrator's Guide' documentation is a comprehensive source of knowledge on procedures related to Administrator activities (SIGNIUS Seal Client Configuration) of the SIGNIUS Seal Client product. This guide describes in detail the installation, configuration and comprehensive system management processes. Particular attention was paid to adapting the settings to the user's individual needs, which allows for optimization of work with SIGNIUS Seal.
In addition, the documentation contains practical examples of process configurations that have been specially developed for various electronic seal use scenarios.
Architecture
description
The system, presented in the diagram, consists of two main domains: the Client Domain and the SIGNIUS Domain. The diagram illustrates the process by which a customer uses a business application to generate a digital seal using services provided by SIGNIUS.
Client Domain
Components:
Driving/Business Application - a business application used by the client to initiate the process of sealing documents.
SIGNIUS Seal Client - a client of the SIGNIUS system responsible for communication with the SIGNIUS server and processing data necessary for sealing documents.
Network folder - a network folder where documents to be sealed are stored.
Flow:
The client's business application transmits data to the SIGNIUS Seal Client. SIGNIUS Seal Client generates a document hash (DocHash), which is sent to the SIGNIUS server via REST API secured with the HTTPS protocol.
SIGNIUS domain
Components:
GlobalSign API Server - GlobalSign's API server that receives the document hash and initiates the sealing process.
Remote QTSP (Qualified Trust Service Provider) - a remote trust service provider service that provides a qualified timestamp and validation.
QSCD (Qualified Signature Creation Device) - a qualified signature creation device that ensures process security.
Process:
GlobalSign API Server receives the document hash via the REST API and forwards it to the remote QTSP. QTSP generates a qualified timestamp which is then used to validate the seal on the document. QSCD provides a qualified seal, completing the process.
Security and communication
Communication between the client and the SIGNIUS server and between the SIGNIUS server and the remote QTSP is secured using HTTPS, which ensures the confidentiality and integrity of transmitted data. The use of the HTTPS protocol and trusted components such as QTSP and QSCD guarantees a high level of security in the process of document verification and sealing.
The system is a comprehensive solution for generating and verifying digital seals, integrating the client's business applications with advanced cryptographic services provided by SIGNIUS and external partners such as GlobalSign.
System requirements
Operating system
Windows Server 2012 or newer
CentOS 7 or newer
Debian 9 or newer
Fedora 32 or newer
Red Hat Enterprise Linux 7
SUSE Enterprise Linux (SLES) 12 SP2 or newer
Database
MS-SQL, Oracle, PostgreSQL, DB2
Host
4 GB RAM
3 GHz 4 Core CPU
5 GB HDD
Performance
Although the SIGNIUS SEAL server performance is super-fast, the overall results might be dependend on other factors:
Network latency
File size
QSCD Performance
RSA/ECC key length
Software
.NET runtime version 8.0.0 or another 8.x series
ASP.NET 8.0.0 Core - Shared Framework or other 8.x series
Microsoft Windows Desktop Runtime – 8.0.0 or other 8.x series
SIGNIUS Seal Client installation
Preparing the Environment
Make sure the required versions of .NET are installed on your computer:
.NET runtime version 8.0.0 or another 8.x series
ASP.NET 8.0.0 Core - Shared Framework or other 8.x series
Microsoft Windows Desktop Runtime – 8.0.0 or other 8.x series
SIGNIUS Seal Client installation
Download the SIGNIUS Seal Client installer from the official website or using the link provided by the manufacturer.
Run the downloaded installer and follow the steps displayed. Ensure that all required components are installed and configured according to the instructions.
License activation
After installation is complete, open the SIGNIUS Seal Configuration application.
Then go to the "License" tab.
In the "License" tab, find and copy the Hardware ID using the option available by left-clicking the mouse.
License generation
Go to the "License" tab in the SIGNIUS Seal Configuration application and send the copied Hardware ID to the software supplier (Vendor) to generate a license
Once you have received your license, please follow the provider's instructions to activate SIGNIUS Seal Client.
License installation
After receiving the license file, return to the SIGNIUS Seal Configuration application.
In the "License" tab, paste the received license and save the changes.
appsettings.json configuration
After successful installation of the SIGNIUS Seal Client application, an important step is to properly set the application operating parameters in the appsettings.json configuration file. This file contains all necessary information regarding connections, communication protocols and details about certificates and API keys. Below is detailed information about the configuration of this file and tips that will allow for a smooth transition from the installation process to launching and using the application.
The appsettings.json file contains key configurations for the SIGNIUS Seal Client application, including settings for ports and protocols used to communicate with external services.
appsettings.json structure
The configuration file consists of various sections that describe both local and remote processes, as well as logging and debugging details.
localRest: Enables REST API support on the local server.
localHost: The localhost address, usually 127.0.0.1.
localPort: The port on which the local REST API server listens, default is 8089. This is the port to use when querying from external tools and application servers
localUseHttps: Specifies whether the connection to the local server should use HTTPS.
localCertificate and localCertificatePassword: Path and password for the certificate (P12/PFX) used for the HTTPS connection.
Login and Debug Settings
FullDebug: Enables full logging for debugging purposes.
Serilog: Serilog logging configuration, including logging levels and targets to which logs are written.
Notes
The localPort settings should match your firewall configuration and port forwarding to enable proper communication.
Changes to the appsettings.json file require an application restart for the new configuration to take effect.
If you have problems with installation, please contact technical support.
Carefully follow Vendor's instructions for activating and configuring your license.
Configuring the SIGNIUS Seal Client Connection
This documentation describes the process of configuring a connection to the SIGNIUS Seal Client digital signing service. Depending on the software version, the user can choose between many service providers. Below are the detailed configuration steps for the GlobalSign provider.
Go to the "Connection settings" tab
After pasting the license, the user goes to the Connection settings tab to enter the necessary information to connect to the selected digital signature service provider.
Choosing a service provider
From the Provider Type drop-down list, the user selects providers.
Enter the supplier's URL
In the Provider URL field, the user enters the URL address that will be used for communication and sending queries to the provider.
Entering the API key and API secret
In the following fields, the user enters the API key (API-Key) and API secret, which are required for authentication and communication with the service
Loading the client certificate
The user must also specify the path to the client certificate file with the extension .pfx in the Client certificate filename field and enter the certificate password in the Client certificate password field, if required.
Establishing a connection
Po wprowadzeniu wszystkich wymaganych informacji, użytkownik finalizuje proces klikając przycisk "Connect".
Przykładowa konfiguracja:
After completing the above steps, the user will be configured to connect to the selected digital signature service provider. This is necessary to use the signing functions offered by SIGNIUS Seal Client within the application.
Configuration of the REST-based XAdES process
This documentation is intended to describe the configuration of the digital signature process using the SIGNIUS Seal Client application. Below is an example of process configuration for a REST-based XAdES signature.
Creation of a New Process
After connecting to the service, the user is automatically transferred to the Processes tab. To create a new process, click the green plus button.
Assigning a Process Name
In the process name field, enter XAdES, which will mean the process for signing .XML files.
Choosing a Communication Method
From the drop-down list in the form API field, we select REST, which means that communication with the signature service will take place via REST API.
Selecting the Signature Format
In the Signature format section, we select XAdES_BES from the drop-down menu, which is the signature format intended for .XML files.
Signature Detached selection
The signature is not built directly into the document, but is stored separately.
Saving the Process
After entering all the data, the process is saved using the floppy disk-shaped button.
Starting the Process
Go to the "Service Status" tab and run the service, which will allow you to sign documents.
Below is an example configuration for the XAdES process with the above data:
Configuration of the PAdES process based on FILESYSTEM
This documentation is intended to describe the configuration of the digital signature process using the SIGNIUS Seal Client application. Below is an example of process configuration for the PAdES signature based on FILESYSTEM (file system).
Creating a new process
Similarly to the XAdES configuration, we start from the Processes tab and create a new process by clicking the green plus button.
Assigning a Process Name
In the process name field, enter XAdES, which will mean the process for signing .PDF files.
Choosing a Communication Method
From the drop-down list in the form API field, select FILESYSTEM, which means that communication with the signature service will take place through the local file system (exchange directory)
Selecting the Signature Format
In the Signature format section, we select PAdES_BES from the drop-down menu, which is the signature format intended for .PDF files.
Specifying the Location for the Share Folder
We create a directory C:/tmp/PAdES on the system drive, which will serve as a shared folder for the signing process. (any location, for example such a folder was created)
Saving the Process
The process is saved using a diskette-shaped button.
Starting the Process
Go to the "Service Status" tab and start the process.
Below is an example configuration for the PADES process with the above data:
Testing the PAdES Process
Launch of the Website
After starting the website, we go to a previously defined location, e.g. C:\tmp\PAdES
Preparation of the Document
Select the document with the .pdf extension to sign.
Using Signature Folders
The .pdf document is placed in the in folder. After a short time, the document disappears from the in folder and appears signed in the out folder. In case of errors during the signing process, the document will appear in the "err" folder
Last updated