Cryptomathic Signer


Electronic signatures are driving digital transformation and enables a business to offer customers user-friendly, end-to-end digital services.

Cryptomathic Signer is a remote digital signature solution, incorporating Cryptomathic’s certified Qualified Signature Creation Device (QSCD), which abstracts all the complexity and helps banks, governments and trust centers provide a smooth digital signing experience to their clients. With Signer, organizations can offer a highly versatile, non-repudiable and legally binding signing service. Cryptomathic masters the legal and technical standards so that your signing service can provide Advanced Electronic Signatures (AdES) and Qualified Electronic Signatures (QES).‘This is what an organization needs to deliver its digitization strategy and give customers the freedom to sign transactions, documents or data online, anytime, anywhere.’

Research by MarketsandMarkets reports that “the major growth drivers of the digital signature market include reduced business operational costs, superior customer experience, and enhanced security and control.”

Cryptomathic Signer is designed to meet these exact benefits. Signer prioritizes security and user convenience while providing full eIDAS compliance for legally binding electronic signatures in Europe and beyond.

Cryptomathic Signer supports different customer requirements and can be deployed in three main business models:

1. Licensed technology: The entire solution is installed on premise.

2. Managed PKI service (hybrid service): The organization offering signatures to their end-users chooses to host some aspects of the solution while outsourcing other components.

3. Pure Trust Service Provider: A managed AdES or QES service.

Advantages of Cryptomathic Signer

  • Issue Advanced and Qualified Electronic Signatures with the same legal value as a handwritten one

  • Leverage existing 2-Factor Authentication deployment

  • Offer a unique signing experience for all channels incl. web, desktop applications, mobile devices

  • Conform to European ETSI standards and comply with the eIDAS regulation and Swiss ZertES law

  • Simplify PKI for the end-user

  • Offer non-repudiation with What You See Is What You Sign (WYSIWYS) technology

  • Reduce operational costs


As a remote signing solution, Signer offers: 

  • e-Signatures with the same legal value as a handwritten one
  • Remote generation of Advanced Electronic Signatures (AdES) and Qualified electronic Signatures (QES)
  • Zero footprint signing for web applications with What You See Is What You Sign (WYSIWYS) functionality
  • Low deployment costs; leverage 2-factor authentication to sign anywhere, anytime from any device including mobile devices and tablets
  • Email signing or signing from desktop apps such as Microsoft Outlook
  • Non Repudiation to ensure before court, in case of litigation, that a document was signed by the user
  • Virtual smart card (for signing and encryption/decrypting purposes)
  • Cloud signing (integrate a signing experience with web based technology)

Cryptomathic can deliver the complete solution or individual components for implementing large-scale e-signature services.

You can either strengthen your existing online processes with strong non repudiation or bring online what was previously off-line for security or compliance reasons, due to the lack of legally binding consent. With Signer, users can apply their signatures remotely to any document or transaction.


Cryptomathic Signer is typically operated in a 3-tier environment

  • Business: Application server with business logic to prepare the data to be signed
  • User: Typically in possession of laptop, tablet or mobile phone
  • Trust center: Operating the central signing service and often the certificate provisioning.

To commit to a document or a transaction, the user sends a signing request to Signer, authenticates himself (using strong authentication) to retain remote control over their signing key. The user´s signing key is stored centrally in the tamper resistant environment of the trust center. The signature value is then computed in the HSM and pushed to the client application, where it is embedded in the document using the appropriate signature profile.

Cryptomathic Signer offers a direct communication path from the browser to the Signature Activation Module inside the hardware security module (HSM).

Cryptomathic Signer - The complete signing solution

Cryptomathic guarantees the highest level of signing security by operating on a framework of audited processes and controls that protect your information from unauthorized access.

Leverage existing technology

Certificate Generation – Signer relies on open standards and can easily integrate with legacy PKI solutions. Our registration workflow supports the generation of PKCS#10 certificate requests for a smooth integration with any certificate authority. Signer supports the CMC/CMP interface for communication with CAs. Different Certificate Policies / Certificate Practice Statements can be supported.

Strong authentication – Signer supports open standards for strong user authentication such as OATH based authentication mechanisms. This makes it easy to step up from strong authentication to central signing. Multiple authentication methods can also be used with Signer via Cryptomathic Authenticator – the de facto authentication server for Signer. Alternative authentication servers can also be used in which case the integration is based on SAML v2 authentication assertions.


Cryptomathic Signer offers a unique signing experience, integrated into the business workflow so that the data can be effortlessly signed by users wherever they are. The solution is versatile and can be applied in various use cases. The only prerequisite is that the user has a connected device and a strong authentication mean. Signer offers user-side integration with: 

Mobile Devices: app SDK for smart phone or tablet apps
Web browsers: offering a zero footprint javascript based signing experience
Client PC applications: plug-in, e.g. for email signing/decryption or local PDF signing

Transparent PKI

Users’ keys are generated and used centrally under the sole control of their signatory. With this central design, certificate lifecycle management operations can be made painless to the user. Signer renders the keys unusable when the certificate is no longer valid (revoked or suspended). This also solves a traditional headache on signature validation as it is typically impossible with smart cards or USB tokens to guaranty that the certificate was valid at time of signing.

In addition, Signer allows for different key and certificate policies to be set thereby offering some granularity on the proposed security assurance levels and their usability.


The Signer security design is, together with end-user convenience, of the utmost importance. The product is certified as a QSCD to deliver Qualified Electronic Signatures (QES).

The security design includes:

  • The Signature Activation Module: signature authorization is carried out inside the tamper-resistant environment of a Signature Activation Module, which ensures sole control of the signature key 
  • The Signature Activation Protocol: allowing data to be signed and authentication credentials to be communicated over a secure channel to protect sensitive information
  • Secure administration and logging: admin is privilege based and all logs are stored in a high capacity integrity protected database.

Availability and Monitoring

System uptime, performance and flexibility are of utmost importance for a centralized service offering, which is exactly what Signer delivers. HSMs and servers can be added and removed from the platform to meet any SLA or throughput requirements.


Cryptomathic Signer allows Signature Generation Service Providers (SGSPs) to define their own assurance level for generating electronic signatures. Signer comes with a flexible key and command policy manager which allows SGSPs to easily offer different assurance levels for their signature provisioning – from Advanced (AdES) to Qualified Electronic Signatures (QES).

The solution is designed in strict compliance against:

  • eIDAS: the EU regulation on electronic identification and trust services for electronic transactions (applicable for all EU member states and endorsed by many other countries)
  • Other national signature Law incl. ZertES for Switzerland , ELECTRONIC TRANSACTIONS ORDINANCE for Hong Kong, Electronic Transactions Act 2010 for Singapore etc.


Digitalizing business processes offers significant benefits to both the business and its customers, but providing and using sensitive online business services requires a strong level of confidence in the security of such services.

Market dynamics are changing and digital signatures are gaining momentum across industries. They are becoming an essential enabler in the digital strategy of public services, financial players and various other sectors including insurance, health, automotive, etc.

Signer is a strong enabler for your digital strategy, providing higher security, greater legal value, excellent user experience and full interoperability with eIDAS.

The use of simple electronic signatures for everyday e-commerce transactions is already commonplace. In order to apply digital signatures to more of the online customer journey, such as legally significant documents or high value transactions, the balance between security, usability and legal value needs to be addressed.

This is where Cryptomathic Signer comes in. Offering the most technologically advanced remote signing solution, Cryptomathic is paving the way for secure digitalization by providing the strongest assurance levels, internationally recognized legal value and full user mobility. With electronic signatures in the cloud, Signer also delivers the most flexible approach towards future changes to technology trends, user requirements and industry standards.