Skip to main content

Swisscom All-in Signing Service

The Swisscom cryptographic provider enables access to the Swisscom Signing Service. The service can then perform cryptographic functions such as signing a document.

Supported signature standards

The Swisscom cryptographic provider offers options to configure various digital signature types:

  • PADES-B-T: Digital signature with a timestamp token.
  • PADES-B-LT/LTA: Digital signature with a timestamp token and signature validation data.
  • On-Demand: Documents signed with a Qualified Electronic Signature (QES) benefit from the highest level of security and legal certainty.
Prerequisite

This cryptographic provider implements the Swisscom Signing Service methods and requires a Swisscom account for cryptographic signatures. Accounts with static and dynamic identities are supported.

Swisscom Signing Service provides signing certificates using CMS (PKCS#7) signatures.

Configure Swisscom All-In Signing Service

The following sections introduce Configuration example and provide detailed descriptions of each configuration option in the Provider settings, Identity settings, and On-demand settings sections.

Configuration examples

This section includes screenshots from the Conversion Service Configurator with configuration details of each signature type provided by the PKCS#11 cryptographic provider.

  • PaDES-B-T: Digital signature with a timestamp token.

    Swisscom signature configuration of PaDES-B-T
  • PaDES-B-LT/LTA: Digital signature with a timestamp token and signature validation data.

    Swisscom signature configuration of PADES-B-LT/LTA
  • On-Demand: Documents signed with a Qualified Electronic Signature (QES) benefit from the highest level of security and legal certainty.

    Swisscom signature configuration

Provider settings

When using Swisscom cryptographic provider, you require the SSL client certificate, private key, and password from your Swisscom account for cryptographic signatures.

SSL Client Certificate

Use the SSL client certificate in PKCS#12 format (.p12 or .pfx). To generate the PKCS#12 format, combine the client certificate with its private key.

caution

It's highly advisable to protect the private key with a password.

Password

Recommended with SSL client certificate: Enter the password to decrypt the private key of the SSL client certificate.

Trust store

Trust store is a general settings among online signature providers.

Address

Provide the service endpoint URL.


Identity settings

Common Name

The name of the signing certificate. This is the common name of the certificate subject.

Identity

Varies depending on the specific signature type:

  • Document Time-Stamp: The customer identity string provided by Swisscom, usually in the form of "<customer name>".
  • Long Term Document Signature: The Claimed Identity string provided by Swisscom, typically follows the format of "<customer name>:<key identity>".

The key identity must support the creation of static CMS Signatures.

Signature-level

The signature level is a general setting for every signature provider. Review Signature level for more information.

Add revocation information

Whether to add recovation information (OCSP, CRL) to the document time-stamp signature. For example, to make a signature with enabled Long Term Validation (LTV).


On-Demand settings

Distinguished Name

The subject name of a certificate is a distinguished name (DN) that contains identifying information about the entity to which the certificate is issued.

  • CommonName (CN) and CountryName (C) are mandatory fields.

Phone Number

The mobile phone number of the user signing the documents.

Message

The text displayed to the user signing the documents.

Message Language

The language of the message content.


tip

Read more in the in-app documentation by clicking the information button in the configuration section header.

Swisscom signature configuration help text from the Configurator