SDX is a Cryptography Platform (available both as fat/thin client and server/cloud solution) which provides electronic signature creation and verification functionality, supports encryption and decryption. The supported operations and implemented verification rules are based on eIDAS (EU) Regulation No 910/2014 which is the successor of Directive 1999/93/EC about electronic signatures.
SDX supports both recently used cryptographic algorithms (such as RSA for electronic signatures and AES for encryption), but also some post-quantum cryptographic implementations exist (such as LDWM structure of hash-based signature algorithms). The operations can be performed either with SW (e.g. pfx/p12 files) or on HW tokens (e.g. smart cards, HSMs).
SDX can manage the whole lifecycle of signatures from creating the encoded hash, to retrieving timestamps, revocation data (CRL or OCSP responses) and archiving the structures.
SDX – Digital signature integration and management
Up until recently the widespread use of digital signature was prevented by the lack of technologically mature applications conforming to the law. During the design and development of the SDX product line we focused on the following requirements:
- SDX should be fully conform with existing and emerging standards, and legislation.
- User functions should be very simple, integrated and should follow the business logic of the application with supporting automated processes.
- Application development using SDX should be as simple as possible. Standard interface and high level workflow support should be available.
The SDX products can support any application scenarios where handling or exchanging authentic electronic documents is required.
SDX - The product suite
Most applications using digital signatures have client-server architecture. The SDX product suite components support application integration in a very flexible way on both client and server sides.
Client side components:
- SDX Verify - thick client application for signature verification
- SDX Encrypt - thick client application for document encryption
- SDX Professional - thick client application for signature creation and verification
- SDX Enterprise - thick client application for signature creation, verification and encryption
- SDX Browser - browser extension (plugin) for signature creation
Server side components:
- SDX VerifyAll Server - verification of high volume of digitally signed documents, easy integration with any applications
- SDX MultiSign Server - creation of high volume of signatures
- SDX Mediator Server - digital signature proxy functions in an enterprise network environment
- SDX C-HSM Engine - dynamic key store management for high volume of server side signature keys
- SDX Builder - integration SDK to be used by developers of applications handling digital signatures
SDX - Features
SDX supports the following container types:
- XML: IETF RFC 3275, W3C XML Signature Syntax and Processing
- XAdES: ETSI TS 101 903, W3C XML Advanced Electronic Signatures
- CMS: IETF RFC 5652
- PDF, PAdES: ETSI TS 102 778
- OpenOffice, LibreOffice, ASiC: ETSI TS 102 918
SDX supports applying standardized configurations and rules:
- Signature Policy: ETSI TR 102 038
- Trust Service List: ETSI TS 102 231
Key stores supported by SDX:
Both SW (PKCS#12 files imported into Microsoft Windows Certificate Store), and HW (PKI smart cards, HSM devices) key stores are supported for creating electronic signatures. The server-sided key store model (either static or dynamic key loading) is supported by SDX C-HSM Engine. This module can generate keys, maintain and enforce access rights, perform operations with keys via standard communication interfaces.