PKCS#11 Signer
Java Client
Pkcs11 para registro público de Panamá cortesía de Industrias de Firmas Electronicas sa copyright 2020 a 2021. Enter the wu tang!
Using com.xdv.client.wallet
com.xdv.client.wallet
is a websocket based Spring boot application. It has a signing API and verification API.
Signing
To run the websocket, start the spring boot application and in PKCS11Service
call the initialize
method which will detect OS and load SafeSign drivers for Linux, Mac or Windows.
getSlots
Gets a list of hardware modules with PKCS#11 support
signWithToken
Signs a binary data
Arguments
tokenIndex: A number with 0 index representing the slot
pin: Pin for the hardware module
data: Binary to sign
Returns a SignResponse object
publicKey: The corresponding public key for the key pair
signature: The signed binary data
digest: Hash for the binary data
type: Signature type
error: Error message
Sample code
Verification
Verification with spring boot uses European Union ESIG DSS java toolkit and is found in VerificationController
.
XDV uses a detached verification
approach, you need to call verifySignature
methods
verifySignature
Verifies a PKCS#11 in detached signature mode. It uses the 3 root certificates to match certificate chain of trust.
Note: XDV uses detached signature because it allows for scalability in server side scenarios, where you need to validate documents in batch mode, useful for government entities. Right now, the most common use case used in the Republic of Panama is visual, attached signatures inside PDF documents. Automated tools required to parse the complete PDF file to access the signature, with detached signatures no parsing is required.
Arguments
name: Filename
contentType: File content type aka mime type
data: Signature (aka detached signatured)
cert: Certificate
contents: File Content
detached: True if detached, else false
Returns a string with verification summary
Sample code
MIT licensed
Last updated