ADSS Verification Service provides OASIS DSS and DSS-X compliant data and document signature verification services for client applications. In addition, certification validation is supported. All common signature formats can be verified including PDF, XML DSig, PKCS#7, CMS, S/MIME, ETSI PAdES, XAdES and CAdES signatures. Simple and complex path building and path validation methods are supported. Commercially it is sold as ADSS Verification Server, ADSS PDF Server, ADSS XML Server and ADSS PKCS#7 Server.

The verification service interface is compliant with OASIS DSS and DSS-X and a high-speed HTTP/S option. The basic architecture of verification service is explained in the Concepts and Architecture, Verification Service. Requests for verification are sent to ADSS Server by:

  • Web Services - Create OASIS DSS web-services using the WSDL definitions supplied with ADSS Server.
  • High Level JAVA or .NET APIs - ADSS Client SDK, a sophisticated client library that handles multiple scenarios, data formats and signature types, and makes integration with various applications very easy, typically adding between 5 and 20 lines of code.


The request and response schema is fully explained in ADSS Server Developers Guide. Business applications can use either approach to request ADSS Server to verify/validate signature/certificate. ADSS Server checks that:

  • The signature can be cryptographically verified, i.e. the data covered by the signature has not been changed.
  • The signer’s certificate is trusted, i.e. it is issued by a trusted CA, it is not expired, it is not revoked, contains valid fields and extensions, etc.
  • Optionally, the signature and the certificate meet the minimum quality levels that are acceptable to the client application.

A key part of signature verification is validating the signature(s) and trusting the digital certificate(s). Client application can specify either it wants signature verification or only certificate validation by setting the relevant flags in the API call through ADSS Client SDK. For more information, see ADSS Server Developer Guide available in the ADSS Client SDK package.

Verification of signatures can also be performed using configured European Trusted List in TSL Monitor. 

If the signatures are verified via TSL, then it will only run on the HTTP interface.

The following image shows the verification service sub-modules, details of which are given in the next sections:


The following sections describe how to configure  ADSS Verification Service:



See also

ADSS Server Knowledge Base

Welcome

Getting Started
Concepts & Architecture
ADSS RA Service
ADSS Certification Service
ADSS Signing Service
ADSS Go>Sign Service
ADSS RAS Service
ADSS SAM Service
ADSS CSP Service
ADSS TSA Service
ADSS Verification Service
ADSS OCSP Monitor
ADSS OCSP Service
ADSS SCVP Service
ADSS XKMS Service
ADSS LTANS Service
ADSS HMAC Service
ADSS Decryption Service
ADSS OCSP Repeater Service
ADSS NPKD Service
ADSS SPOC Service
Manage CAs
Key Manager
Trust Manager

TSL Monitor
ADSS CRL Monitor
Global Settings
Access Control
Client Manager
System Log Viewer
Server Manager
Approval Manager
Operational Management
Advanced Configuration