Swisscom All-in Signing Service
The Swisscom cryptographic provider enables access to the Swisscom Signing Service. The service can then perform cryptographic functions such as signing a document.
The Swisscom cryptographic provider offers options to configure various digital signature types:
- PADES-B-T: Digital signature with a timestamp token.
- PADES-B-LT/LTA: Digital signature with a timestamp token and signature validation data.
- On-Demand: Documents signed with a Qualified Electronic Signature (QES) benefit from the highest level of security and legal certainty.
This cryptographic provider implements the Swisscom Signing Service methods and requires a Swisscom account for cryptographic signatures. Accounts with static and dynamic identities are supported.
Swisscom Signing Service provides signing certificates using CMS (PKCS#7) signatures.
Configure Swisscom All-In Signing Service
The following sections introduce Configuration example and provide detailed descriptions of each configuration option in the Provider settings, Identity settings, and On-demand settings sections.
Configuration examples
This section includes screenshots from the Conversion Service Configurator with configuration details of each signature type provided by the PKCS#11 cryptographic provider.
PaDES-B-T: Digital signature with a timestamp token.
PaDES-B-LT/LTA: Digital signature with a timestamp token and signature validation data.
On-Demand: Documents signed with a Qualified Electronic Signature (QES) benefit from the highest level of security and legal certainty.
Provider settings
When using Swisscom cryptographic provider, you require the SSL client certificate, private key, and password from your Swisscom account for cryptographic signatures.
SSL Client Certificate
Use the SSL client certificate in PKCS#12 format (.p12 or .pfx). To generate the PKCS#12 format, combine the client certificate with its private key.
It's highly advisable to protect the private key with a password.
Password
Recommended with SSL client certificate: Enter the password to decrypt the private key of the SSL client certificate.
Trust store
Trust store is a general settings among online signature providers.
Address
Provide the service endpoint URL.
Identity settings
Common Name
The name of the signing certificate. This is the common name of the certificate subject.
Identity
Varies depending on the specific signature type:
- Document Time-Stamp: The customer identity string provided by Swisscom, usually in the form of
"<customer name>". - Long Term Document Signature: The Claimed Identity string provided by Swisscom, typically follows the format of
"<customer name>:<key identity>".
The key identity must support the creation of static CMS Signatures.
Signature-level
The signature level is a general setting for every signature provider. Review Signature level for more information.
Add revocation information
Whether to add recovation information (OCSP, CRL) to the document time-stamp signature. For example, to make a signature with enabled Long Term Validation (LTV).
On-Demand settings
Distinguished Name
The subject name of a certificate is a distinguished name (DN) that contains identifying information about the entity to which the certificate is issued.
- CommonName (CN) and CountryName (C) are mandatory fields.
Phone Number
The mobile phone number of the user signing the documents.
Message
The text displayed to the user signing the documents.
Message Language
The language of the message content.
Read more in the in-app documentation by clicking the information button in the configuration section header.
