RemoteSignature provider
Bulksign supports a generic provider for implementing remote signatures (for the scenarios in which the signing certificate is kept on HSM/remote CA). This provider has the following design goals :
-
allows the implementation of any type of signatures (including automatic signatures) where the certificate is stored on a different server/HSM.
-
it allows integrators to extend Bulksign with their own types of signatures.
-
this provider should be used when all signers are signing with same certificate. For issuing individual signing certificates, please see the IDisposableSignProvider
The provider definition from Bulksign Extensibility looks like this :
public interface IRemoteSignProvider : ISignProvider { byte[] SignHash(byte[] hash, SignerDetails signerInformation, Dictionary<string, string> options); bool UseableForAutomaticSigning { get; } //higher than 100 int SignatureIdentifier { get; } string SignatureName { get; set; } string PublicKeyBase64 { get; } }
Here is the meaning of each property :
-
UseableForAutomaticSigning : flag which determines if the signature can be used for automatic signing.
-
SignatureIdentifier : the internal signature identifier. If multiple remote signature providers are implemented just assign each one a different number starting from 100.
-
SignatureName : the name of the signature provider which will be shown in the UI.
-
PublicKeyBase64 : the public key of the signing certificate in base64 format. For disposable certificate, just use the public key of the root certificate.
The SignHash method has the following definition :
byte[] SignHash(byte[] hash, SignerDetails signerInformation, Dictionary<string, string> options);
Parameters :
-
hash : the hash that will be signed.
-
signerInformation : information about the signer.
-
options : the provider options configured per recipient.
FAQ
How do I use this provider from Bulksign UI ?
If the provider is registered, the new signature type will appear in Bulksign along with the rest of the signature types.
Can batch signing be used with remote signature providers
No, not at the moment.
How can apply a signature imprint for a remote signature ?
Define a imprint with the same name as the provider's SignatureName. If a imprint like this is defined, it will be used for all remote signatures.
How can I set the remote signature providers options for each recipient when sending the envelope?
Please see this sample code on Github
Can the remote signature providers options be set for automatic signers ?
Yes
Is there a sample which demonstrates implementing a remote signing provider ?
Please see this sample code on Github