SigningHub allows its users to sign documents in XML format and supports ETSI XAdES signature in Enveloped mode. XAdES stands for “XML Advanced Electronic Signatures” and is a set of standards published by ETSI to support European requirements for qualified electronic signatures. SigningHub supports these ETSI XAdES signatures formats:
XAdES-B-LTA (Signature providing Long Term Availability and Integrity of Validation Data): In case of XAdES-B-LTA; XAdES-B-B, XAdES-B-T and XAdES-B-LT are being created first. XAdES-B-LTA is created by adding ArchiveTimeStamp in above mentioned signatures.
Enveloped: The XML signature is embedded within the original XML file.
To perform XAdES Extended signature for XML document, following key needs to be added in web.config of Web and API: <add key="XADES_SIGNATURE_TYPE" value="" /> For the tag with "XADES_SIGNATURE_TYPE" key, set the value "ES-X-L", SigningHub will perform a XAdES Extended signature for backward compatibility with ADSS Server version 6.9 or lesser. If it's not present, then SigningHub will work as of today and perform the "XAdES-Baseline-LTA" ETSI compliant signatures.
Configure a signing profile as a prerequisite, in ADSS.
Configure a verification profile, in ADSS.
To perform XML signing, you must configure a connector, in SigningHub Admin.
Configure a signing profile, in SigningHub Admin.
Configure a verification profile, in SigningHub Admin.
Add the signing profile and verification profile to the service plan
Create a workflow with an XML document, upload an XSLT style sheet, and share the workflow
Once you've shared the workflow, log in to your SigningHub Web account and sign the document.
For XML signing a signing profile is configured in ADSS Signing Service.
To configure the signing profile for XML signature follow these steps:
In the "Select Signature Type" section, check "PKCS#1" and copy the Profile ID because it would be used in SigningHub Admin. Then click the "Next" button.
In the "Advanced Settings" tab, keep all check boxes unselected and click the "Save" button.
For XML signature verification, a verification profile is configured in ADSS Verification Service.
To configure verification profile for XML signature follow these steps:
Copy the Profile ID because it would be used in SigningHub Admin.
SigningHub creates the PKCS#1 signature for using signing service and further XAdES Signature enhancement is done via verification service.
By default, SigningHub produces XAdES-B-LTA signature. For XAdES Baseline Signatures, in the "Signature Settings" tab, make the following changes:
SigningHub will perform a XAdES Extended signature for backward compatibility with ADSS Server version 6.9 or lesser. For XAdES Extended Signatures, in the "Signature Settings" tab, make the following changes:
To see in detail, how to create an ADSS Server Connector in SigningHub, click here.
Make the following configurations to a connector in SigningHub Admin:
In the "Basic Information" section, choose "ADSS Server" as the "Provider".
In the "Details" section, fill in the required fields.
Make the following configurations to a signing profile in SigningHub Admin:
Paste the earlier copied Profile ID, while creating a Signing Profile in the ADSS, in the highlighted field below:
Make the following configurations to a verification profile in SigningHub Admin:
Paste the earlier copied Profile ID, while creating a Verification Profile in the ADSS, in the highlighted field below:
Make the following configurations to a service plan in SigningHub Admin:
Select and add the earlier configured Signing Profile and Verification Profile, in a service plan in SigningHub Admin, as shown below:
Make the following configurations to SigningHub API:
Get the authentication token of a user using SigningHub API.
Add a document package from SigningHub API.
Upload the document via stream/base with document extension .xml. Set the "x-convert-document" to false. To upload an XSLT Style sheet to transform an XML document into an HTML formatted PDF document on SigningHub viewer, the following API will be executed against the same document ID and name, as uploaded in the above step.
Add Collaborator(s) as per requirement.
Add Digital Signature Field. For XML Signing only one (Digital Signature) can be added for a collaborator per document. A field would be added on the last page on the bottom right corner.
Share the workflow.
Where an XSLT Style sheet has been applied to an XML document, upon opening the document on SigningHub Web, by default, the document will appear in the HTML-formatted view.
To switch between the plain XML view and the HTML-formatted view, the user can click the "Toggle" button available in the kebab menu in the document viewer screen.
The "Toggle" button will only appear when a XSLT Style sheet has been applied to the XML document.
To sign the document, follow the below-mentioned steps:
Open SigningHub Web and open the XML document through the document listing. click on the signature field and then click "SIGN".
In case of signing an XML document, optionally you may also specify "Commitment Type Indication". SigningHub populates the pre-defined value of this field from your Personal Signing Details. When specified they will become a permanent part of your XML signature.
When signing an XML file, the different Commitment Type Indications that can be selected are:
Proof of origin: indicates that the signer recognizes to have created, approved, and sent the signed data object.
Proof of receipt: indicates that the signer recognizes to have received the content of the signed data object.
Proof of delivery: indicates that the TSP providing that indication has delivered a signed data object in a local store accessible to the recipient of the signed data object.
Proof of sender: indicates that the entity providing that indication has sent the signed data object (but not necessarily created it).
Proof of approval: indicates that the signer has approved the content of the signed data object.
Proof of creation: indicates that the signer has created the signed data object (but not necessarily approved, nor sent it).
After signing the document, you can view "Signature Verification" for details.
Only one signature can be performed per document in XML format.
XML signing can be performed via single or bulk sign API.
XML signing is supported via all signing servers except for CSC Server.
Native Apps and Mobile Web do not support XML signing through the document viewer.
An XSLT Style sheet can not be applied to an already signed XML document.