Cryptomathic Signer is typically operated in a 3-tier environment

  • Business : Application server with business logic to prepare the data to be signed
  • User : Typically in possession of laptop, tablet or mobile phone
  • Trust center: Operating the central signing service and often the certificate provisioning.

To commit to a document or a transaction, the user sends a signing request to Signer, authenticates himself (using strong authentication) to retain remote control over their signing key. The user´s signing key is stored centrally in the tamper resistant environment of the trust center. The signature value is then computed in the HSM and pushed to the client application, where it is embedded in the document using the appropriate signature profile.

Cryptomathic Signer offers a direct communication path from the browser to the hardware security module (HSM), which securely stores the user's key, using an advanced security protocol.

New Call-to-action
New Call-to-action
New Call-to-action

Cryptomathic Signer
The complete signing solution

Cryptomathic guarantees the highest level of signing security by operating on a framework of audited processes and controls that protect your information from unauthorized access.

Leverage existing technology

Certificate Generation - Signer relies on open standards and can easily integrate with legacy PKI solutions. Our registration workflow supports the generation of PKCS#10 certificate requests for a smooth integration with any certificate authority. Signer supports the CMC/CMP interface for communication with CAs. Different Certificate Policies / Certificate Practice Statements can be supported.

Strong authentication - Signer supports open standards for strong user authentication such as OATH based authentication mechanisms. This makes it easy to step up from strong authentication to central signing. Multiple authentication methods can also be used with Signer via Cryptomathic Authenticator – the de facto authentication server for Signer. Alternative authentication servers can also be used in which case the integration is based on SAML v2 authentication assertions.


Cryptomathic Signer offers a unique signing experience, integrated into the business workflow so that the data can be effortlessly signed by users wherever they are. The solution is versatile and can be applied in various use cases. The only prerequisite is that the user has a connected device and a strong authentication mean. Signer offers user-side integration with: 

Mobile Devices: app SDK for smart phone or tablet apps
Web browsers: offering a zero footprint javascript based signing experience
Client PC applications: plug-in, e.g. for email signing/decryption or local PDF signing


Transparent PKI

Users’ keys are generated and used centrally under the sole control of their signatory. With this central design, certificate lifecycle management operations can be made painless to the user. Signer renders the keys unusable when the certificate is no longer valid (revoked or suspended). This also solves a traditional headache on signature validation as it is typically impossible with smart cards or USB tokens to guaranty that the certificate was valid at time of signing.

In addition, Signer allows for different key and certificate policies to be set thereby offering some granularity on the proposed security assurance levels and their usability.


The Signer security design is, together with end-user convenience, of the utmost importance. The product is designed to deliver qualified electronic signatures and our security design was reviewed by conformity assessor to meet and exceed the highest level of security requirements, including Sole Control Level 2 of CEN TS 419241:2014 and the upcoming protection profile to support future Common Criteria certification.

The security design is based on:

  • A strong security kernel, allowing firmware extensions to perform all the security sensitive operations inside the tamper evident environment of an HSM and
  • The signing protocol, that allows for data intended for signing to be sent over a secure communication channel so that all communication can be encrypted and integrity protected.
  • Administration is privilege based and all logs are stored in a high capacity integrity protected database.

Availability and Monitoring

System uptime, performance and flexibility are of utmost importance for a centralized service offering, which is exactly what Signer delivers. HSMs and servers can be added and removed from the platform to meet any SLA or throughput requirements.


Cryptomathic Signer allows Signature Generation Service Providers (SGSPs) to define their own assurance level for generating electronic signatures. Signer comes with a flexible key and command policy manager which allows SGSPs to easily offer different assurance levels for their signature provisioning - from Advanced (AdES) to Qualified Electronic Signatures (QES).

The solution is designed in strict compliance against:

  • The revised EU Directive on electronic Signature (applicable for all EU member states and endorsed by many other countries)
  • Other national signature Law incl. ZertES for Switzerland , ELECTRONIC TRANSACTIONS ORDINANCE for Hong Kong, Electronic Transactions Act 2010 for Singapore etc.

Try out our on-line interactive demo

This demo shows how Cryptomathic Signer utilizes strong authentication to deliver user-friendly and legally binding digitally signed documents and transactions over the web.




Case Study - Central Signing Services - LuxTrust

See why LuxTrust chose Signer as their strategic solution for nationwide deployment.

Read case study

White Paper - eIDAS Compliant Remote eSigning

Explore the key business advantages and the security requirements for remote e-signatures in accordance with eIDAS.

Read WhitePaper
E-Book - Digital Signatures for dummies

E-Book - Digital Signatures for

Understand the business, technical and regulatory implications and how to deploy and manage digital signatures for your business.

Read E-Book


At the leading edge of security provision within its key markets, Cryptomathic closely supports its global customer base with many multinationals as longstanding clients.