close

Manufacturer´s declaration

The regulatory authority has not published yet the manufacturer´s declaration for SecSigner which was submitted on July 4, 2011.

You can find the manufacturer´s declaration as well as an amendment (also submitted to the regulatory authority) on:

SecSigner – Changelogs

Current Version SecSigner 7.47 – 2024-10-20

  • SecSigner 7.47 of 2024-10-20:

    • Adds scrollbars to SecSigner’s dialog to choose a position for the PDF signature annotation.
    • Respects the PDF annotation dimension given in secsigner.properties also if the user does not have PDF annotation settings from a previous run stored in their home directory.
    • Clean all used resources including fonts after a PDF page was rendered and indexed to avoid memory leaks.
    • PDF rendering: When the graphics state is pushed to the stack in case of a q command the stroking and non stroking color, alpha and colorspace values for the new state will be used from the current state.
    • Loads a PDF font file from SecSigner’s JAR instead of a mistaken file path.
    • Fixes a NullPointerException if a SecSigner having certificate chain validation switched off encounters a certificate issued by an unknown CA.
    • If the user clicks “sign” in SecSigner’s verification dialog for a XAdES signature the previous signature will not be replaced with the new one. Instead, both signatures will be in the output signed document.
    • Adds a property for the SecSigner to close the signature verification dialog automatically if the caller does not want to see it and only wants to get the verification result on API level.
    • Adds details to the signature validation report generated by the SecSigner.
  • SecSigner 7.46 of 2024-09-26:

    • Fixed the display of ZKS documents which were shown as empty before.
    • Helvetica replacement font embedded in PDF/A documents.
    • PDF display fix: Commands q and Q only push and pop the graphics state and leave the text state unchanged.
    • SecSigner’s drag-and-drop dialog uses the file name extension p7s for created signatures in the CAdES enveloping format.
    • TIFF parser fix for TIFF objects containing the count 1.
  • SecSigner 7.45 of 2024-08-27:

    • Fixes the calculation of horizontal scaling and character and word spacing when rendering PDF documents.
    • Workaround to allow preview of invalid characters in PDF documents.
    • Workaround for invalid PDF form field objects.
    • Avoids multiple smartcard PIN entries for the first TIFF document in a batch if using the non-standard embedded TIFF signature format.
  • SecSigner 7.44 of 2024-08-22:

    • Includes a Java runtime environment instead of a JDK with only selected moduls.
    • SecSigner 7.43 of 2024-08-08:

      • Fix missing character at slicing position when splitting strings to fit a PDF line.
      • Use slice character index if a PDF line was split by a space, hyphen or comma because those characters could be added back.
      • Fix parsing of comments in PDF stream content.
    • SecSigner 7.41 of 2024-06-17:

      • Check if a PDF string can use PDF Unicode encoding or whether UTF-16 must be used.
      • Increase the default font size for initials in PDF signature annotations to 20.
      • PDF text initials use as much space as users signature image and will be aligned vertically.
      • Do not assume that the PDF linearized object is within the first PDF document version and keep trailer order.
      • Rework rendering of PDF images with mask.
      • Check rendered PDF characters whether they overlaps other characters in the same line to create words using the line z index also.
      • Limited support for single page TIFF integrated signatures.
      • Avoids a NumberFormatException when looking for the PKCS#11 slot ID in the preferred smartcard reader name.
    • SecSigner 7.40 of 2024-05-01:

      • Supports ECDH authentication with D-Trust 5.1 multi and M100 cards.
      • Support for the DRV Mitarbeiterkarte 6 based on CardOS 6.
      • Adds a SOAPAction header to a signature request to a gematik konnektor, because the KoCo box seems to require it.
      • Avoids a ClassCastException when parsing an OCSP response containing a cert-hash extension with erroneous DER encoding.
      • The OCSP dialog displays an error if an OCSP request is not possible because no issuer certificate of the signer’s certificate is known.
      • Fixes some possible parsing errors of PDF objects.
      • PDF CID font width parsed correctly.
      • If a user signature image is bigger than the PDF signature annotation width the image will be scaled and vertically aligned.
      • PDF signature annotation option for a transparent frame removed as this can be achieved by setting the frame thickness to 0. The frame will be drawn even if the background is set transparent but the frame thickness is bigger than 0.
      • Installs the SecSigner plug-in for the 64 bit version of Adobe’s Acrobat (Reader). However, our recommendation remains to use the SecSigner directly for PDF signature without the Adobe Acrobat.
    • SecSigner 7.39 of 2023-12-23:

      • Secure PIN entry with Reiner-SCT cyberjack RFID readers having a recent firmware with D-Trust 5.x cards.
      • Support for obsolete smartcard types removed: D-Trust 3.x, dgnServiceCards before version 4 and Aerztekammer-SH-card.
      • Recognition of D-Trust 5.4 seal cards.
      • Transport PIN length check for health professional cards corrected.
      • Various improvements and fixes for the rendering of PDF documents.
    • SecSigner 7.38 of 2023-10-23:

      • When using a gematik Konnektor only select a SignatureService endpoint having version 7.4.x. RISE devices with for example firmware 5.1.7 also offer a SignatureService endpoint having version 7.5.5 but it expects requests with a different name space.
      • Fix bug calculating new text width if the user signature image floats left and is not as high as the annotation.
      • Add a frame to a PDF signature annotation even if a background image is provided but the background shall not be transparent.
      • When creating a darker color in a PDF signature annotation check that the color component values do not become less than zero.
      • The PDF signature annotation accepts new parameter for layout and size of the user signature image as well as new parameter for text. The procuration abbreviation is always shown even if the settings will hide all other text information.
      • Checking visible changes between two PDF document versions the resources dictionary of the page dictionary will be checked too.
      • Length check of ECDSA signatures using secp521r1 corrected.
      • If an OCSP responder rejects an OCSP request containing a nonce then send a another request without nonce. This is relevant for Windows OCSP responders.
    • SecSigner 7.37 of 2023-08-23:

      • Support for D-Trust 5.1 and 5.4 cards with secure messaging. Beware, this card type does not allow secure PIN entry at the card reader!
      • Support for the option registeredID in a GeneralName. Relevant for D-Trust certificate having an admission extension with authority DAkkS.
      • Support for pfx files exported from Windows 11 with “Enable certificate privacy”.
      • Uses UTF-8 for the password of a pfx file exported by Windows 11 with AES256-SHA256.
      • The password for PKCS#8 keys with DES and MD5 is in UTF-8.
      • Avoid a NullPointerException when matching an ECC key with an RSA certificate or vice versa in a loaded soft key (PKCS#12 file).
      • In the case of PDF signatures, the signature objects are not added to the resources of the PDF page in order not to invalidate signatures in earlier document versions
      • Use Java font name in PDF rendering if the PDF font name cannot be read
      • Images with IndexColorModel must be converted before creating masked images for transparency in PDF documments
      • Several fixes when reading PDF fonts regarding Unicode and Type1C fonts
      • PDF signature annotations no longer have a drop shadow
      • Object number and object can be separated by null bytes in PDF object streams. Whitespace and the zero byte (0x00) must therefore be taken into account when reading
    • SecSigner 7.36 of 2023-05-08:

      • Fix for whitespace in PDF object streams.
      • Support for transparency of PNG images in PDF documents.
      • The font size in PDF form fields will be scaled to fit height and width of the form fields when the default font size is 0f.
      • Fix to display unicode characters properly in PDF form fields.
      • SecSigners shows a warning about unsigned PDF document versions only in case the visible content of the PDF document was changed.
      • Check whether a PDF signature formfield has a P entry to avoid an NullPointerException.
      • PDF grayscale JPG images with a separation colorspace are inverted.
      • Avoid a NullPointerException at the SecSigner start if no installation path is set.
      • SecSigner displays the card name: “dgnserviceCard 4.0”. Clarified the distinction between other dgnservice and gematik card types.
      • The smartcard PIN is verified at the beginning of each document signature batch when using a BNotK UA card (remote signature) too.
    • SecSigner 7.34 of 2023-02-17:

      • PDF rendering of some true type fonts fixed.
      • Use a Java font for PDF default fonts if no embedded font can be found.
      • Fixed the rendering of PDF form fields and radio buttons.
      • Workaround to read PDF documents with a corrupt Prev entry in an xref section.
      • The PDF signature annotation contains the signer’s name and title also for the case where the title is not part of the common name but can be found in an attribute.
      • Do not accept characters in PDF annotation text fields in the SecSigner which are intended for digits only.
      • Skip virtual DATEV card readers.
      • Clarified SecSigner’s error message for a smartcard PIN which is still in the initial state.
      • BNotK UA card signature without secure PIN entry repaired.
      • The TLS server certificate chain check of a gematik Konnektor shall compare the pinned certificate again.
      • Improved the labels of the signature formats in the selection list in SecSigner.
      • Hide the previous button in SecSigner’s card reader init dialog when it has just been clicked and the card reader has been cleared and there is no previous dialog.
      • SecSigner uses the signature timestamp in the verified signature to get the signing time which will then be used during the OCSP validation.
      • Avoid a NullPointerException in SecSigner when validating a test certificate. The certificate chain is null here.
      • SecSigner looks for its JAR in the installation path if not found in the class path.
    • SecSigner 7.31 of 2022-12-19:

      • Display of PDF documents using ICC color spaces improved.
      • Rendering of PDF pages accelerated.
      • Fixed font scaling for PDF signature annotations.
      • Fixed TLS server hostname check.
    • SecSigner 7.30 of 2022-11-21:

      • If a user has several signature certificates at the BNotK remote signature service then the user can choose which certificate to use in the SecSigner.
      • When looking for BNotK remote signature certificates the SecSigners skips expired certificate.
      • If it is selected that the surname of the signer shall be included in the visual PDF signature annotation then also the title will be included if it can be detected in the certificate.
      • Corrected the display of masked images in PDF documents.
    • SecSigner 7.29 of 2022-11-02:

      • Encode elliptic curve signatures in X9.62 format as the Adobe Acrobat Reader apparently marks ECDSA signatures in plain format as corrupt.
      • When creating a signature then add the trust anchor to the certificate list too if it is no root certificate.
      • Improvements for the display of PDF images having certain masks.
      • Support for HTTP responses without Content-length header, for example from Koco connector’s.
      • When data is posted to an URL check accept response codes like 201 as success too.
      • Using own class to check the TLS server certficates when sending an HTTPS request.
      • PKCS#11 wrapper DLL updated for SecCardAdmin’s token initialization.
    • SecSigner 7.28 of 2022-09-23:

      • Send a single signature request to the BNotK remote signature service which contains all hashes of the complete document batch. (Only effects the BR edition.)
      • Improved the SecSigner error message for not yet activated BNotK remote signature accounts.
      • Handling of encrypted PDF documents improved.
      • Workaround for a “connection not yet open” error message when calling the finish-URL of a SecSigner webrun start.
    • SecSigner 7.27

    • SecSigner 7.26 of 2022-07-18:

      • Do not check the signature counter of a D-Trust M100 smartcards if an authentication signature is requested. The counter is only valid for QES.
      • Fixed bug sorting the PDF document versions if an xref offset had to be corrected.
      • Allow Template as a normal type of a PDFPage.
    • SecSigner 7.25 of 2022-06-14:

      • When validating a document with multiple signatures while seccommerce.secsigner.ocspmandatory=on then SecSigner will not break the OCSP check loop of if an OCSP status “unknown” occurs.
      • Fixed a bug parsing the signing date from the PDF signature annotation.
      • Avoid a NullPointerException when checking installed Java font as in some JDK versions the font configuration file is missing.
      • PDF: Fixed rendering issue caused by encoding glyphs wrong, fixed ZapfDingbats checkmark when not embedded and loaded by Java itself.
      • PDF: Fixed rendering issue for fonts with Identity encoding which only uses one byte instead of two.
      • Use CBC mode for PDF AES encryption and decryption even if the document requests Gallois Counter Mode (GCM).
      • Use the common name of the signer’s certificate as default value for PDF signature annotation contact info type in SecSigner.
      • SecSigners puts the overall verification result for multiply signed documents on top of the verification report.
      • A special edition of the SecSigner can use the BNotK remote signature service with TLS client authentication using a BNotK UA smartcard.
      • Use the ECC certificates of HBA G2.1 cards also if connected via a connector.
      • Do not falsely check the signature counter of a HBA smartcard if an authentication signature is requested as the counter is only valid for QES.
    • SecSigner 7.24

    • SecSigner 7.23 of 2022-04-11:

      • Fixed incorrectly shown PDF which uses CFF fonts.
      • ECC soft keys can be used for decryption too.
    • SecSigner 7.22 of 2022-03-16:

      • Signature with ECC software certificates supported.
      • Fixed different PDF line drawing behaviour for different Java versions.
      • Fixed a bug which displayed a PDF 1-bit image incorrectly as black
      • Removed Contents entry in PDF signature annotation as it was shown as a comment of the signature stamp.
      • Fixed not being able to resolve entries of PDF page tree node when a new page for a signature annotation should be used.
      • IP addresses in certificates will not be interpreted in order to avoid parse errors for incorrect IP address bytes.
      • Search for signatures in certain linearized PDF documents corrected.
      • If the property “seccommerce.secsigner.ocspmandatory” is “on” then all signatures will be checked for revocation automatically. This property used to work only for the first signature of a PDF containing several signatures.
      • The OCSP result headline in the verification report refers to the signature certificate, not to the CA certificate as in the previous SecSigner versions.
      • The SecSigner plug-in tells Adobe Acrobat to reserve 24 KB space instead of 4.2 KB in the PDF document when creating a signature because the signature also includes the CA certificate, possible a timestamp and OCSP responses.
    • SecSigner 7.21

    • SecSigner 7.20 of 2022-01-17:

      • The SecSign ID Server can pass PDF annotation settings to the SecSigner.
      • Fixed the insertion of a PDF signature annotation into a PDF form field.
      • Fixed PDF signature annotations containing an icon if the annotation is higher than wide.
    • SecSigner 7.19 of 2021-12-10:

      • When signing PDF documents SecSigner adds the text of the signature annotation also to the structure tree so that screen readers can read it.
      • When displaying PDF documents having a circular reference between forms and resources SecSigner avoids a stack overflow.
      • Fitting the signature annotation text into the annotation’s rectangle improved.
      • PDF bi level images will be filtered to smoothen their scaled display.
    • SecSigner 7.18 of 2021-11-11:

      • Fixed ToUnicode-CMap parsing when no linebreaks are used.
      • Improvement to PDF ToUnicode-CMap parsing: When a ligature is not available, use the first character of the ligature.
      • Added basic CFF (Compact Font Format) support for OpenType/TrueType fonts in PDF documents.
      • Added PDF text form field rendering.
      • Added PDFDocEncoding implementation. PDFDocEncoding is now the default charset for PDFHexString and PDFLiteralString.
      • Check the signature annotation position for conflicts check the signature annotation dictionary for the Rect rather than the signature dictionary itself as the signature usually does not have an entry Rect.
      • In case the PDF signature annotation signer icon is not a square center it rather than scale it.
      • Implemented scaling of signature annotation elements to fit width and height of the signature annotation.
      • PDF signature validation: A new OCSP response replaces older OCSP responses for the same certificate in the PDF document.
      • Bugfix for the signature verification report: Qualified signatures from countries other than Germany will not be falsely labeled as non-qualified.
      • SecSigner does not do a complete certificate chain validation for each created signature in a batch. This increases the signature speed on slow computers.
    • SecSigner 7.17 of 2021-10-15:

      • Allow several image data formats to be used as signer icon or background image in a PDF signature annotation. The image data is converted into a jpg.
      • When adding a PDF signature annotation on a new page, use the new page and page number as parent in signature annotation to prevent Adobe Acrobat and Foxit Reader showing the signature annotation at the wrong place on the wrong page.
      • Rendering PDFs check the stroking alpha when rendering text. Also check whether the masking image is a bilevel one or if the mask image can be drawn just as overlay of the rendered image.
      • Fix reading UTF-16 little endian and big endian encoding using byte order markers in PDF strings.
      • PDF: Added detection for installed fonts when the given font has no whitespaces in-between.
      • In case the PDF signature annotation signer icon is not a square center it rather than scale it.
      • Fixed SMask rendering in PDF documents
      • Use PDF hex string to encode the additional signature data in PDF document info object.
      • When checking PDF document versions whether the document was changed after signing ignore free objects.
      • The SecSigner plug-in for Adobe Acrobat reserves 24 KB space instead of 8 KB in the PDF document when creating a signature because the signature also includes the CA certificate, possibly a timestamp and OCSP responses.
    • SecSigner 7.16 of 2021-08-13:

      • The signature verification reports are generated in german or english depending on the language setting in the properties file.
      • Use UTF-8 charset to read the properties file.
      • Added a new option for contact information in PDF signatures which sets the certificate subject display string like it used to be in SecSigner 7.6.
      • When importing a gematik Konnektor configuration into SecSigner replace a HTTP URL with HTTPS.
      • The certificate chain validator only adds the trust anchor to the certificate chain if it is not already there. This avoids unnecessary and sometimes failing OCSP requests for root certificates.
      • A corrupt sign-me OCSP response found a PDF document will be ignored instead of breaking the whole signature validation.
      • Fixed parsing of rect in PDFFormField which resulted in the wrong width and height.
      • Encoding of PNG images in PDF documents improved.
      • Fixed missing linebreaks in the log file.
    • SecSigner 7.15 of 2021-07-13:

      • PDF font rendering improved.
      • Fixed display font size selection when signing plain text.
      • Added more PDF signature contact types so that a user can specify whether to show name and department or name and company or name and department and company.
      • Fixed minor issues creating a signature annotation when using formfields and outlines.
      • Fixed bug when a PDF page does not have any page content.
      • The OCSP dialog and the verification report generation will use the valid-not-before-date of the issued certificate as check date for the OCSP request of the CA certificates in the chain.
    • SecSigner 7.14 of 2021-07-01 (without Windows Installer or Setup packend and without MacOSX App bundle):

      • Bug fix handling PDF signature form fields with set flag NeedAppearances.
      • Bug fix changing font size in preview of text files or XML documents.
    • SecSigner 7.13 of 2021-06-25:

      • PDF fonts displaying bugs fixed.
      • PDF decryption fixed if several documents are encrypted.
      • The SecSigner dialog to edit the PDF annotation details during signature creation is on per default, not only during the first signature creation in the SecSigner instance.
      • SecSigner will automatically request OCSP responses for the signer’s certificate and the CA certificate after receiving a timestamp if the new property “seccommerce.secsigner.autoocsp.aftertimestamping” is “on”. This will augment the signature to the level B-LT, sometimes called “LTV enabled”.
      • An invalid timestamp found in a signature does not render the whole signature invalid.
      • Use the key PrK.HCI.OSIG.E256 when signing using a SMC-B smart card.
      • When importing a gematik Konnektor configuration from a CGM PVS cut the trailing “connector.sds” from the URL.
    • SecSigner 7.12 of 2021-05-25:

      • The WebRunCodeBase parameter of SecSigner is optional. If not set then the secsigner.properties from the local installation will be read.
      • The POST of the SecSigner sign-webrun call does not include a description which was null always. Instead it includes the signature filename if PostFileName is on.
      • SecSigner reads the file EF.SSEC on HBA G2 or G2.1 to find out how many signature creations the HBA allows after each PIN verification.
      • Acceptance deadlines of the cryptographic algorithms based on SOG-IS 1.2.
      • Added new PDF signature annotation contact types for fullname, firstname, lastname and company and department.
      • When creating XAdES signatures the SecSigner will encode the signing time in the timezone UTC.
    • SecSigner 7.11 of 2021-04-09:

      • Avoid a NullPointerException in SecSigner’s web run mode with the new property neverAskUserForProxyPassword.
      • Fixed bug reading unicode map for PDF font if the unicode character is encoded with a whitespace.
    • SecSigner 7.10 of 2021-04-01:

      • Corrected the canonicalization of XML nodes for XAdES signatures for the case that orphan nodes are part of the node set to include.
      • XML documents with multiple namespace prefixes pointing to the same namespace URI are supported.
      • Corrected the parsing of XML dates with Zulu timezone like: 2021-02-08T08:26:02Z.
      • Rendering of the signer icon and text fields in PDF documents improved.
      • New field to set a PDF signature annotation with empty content.
      • HBA G2.1 supported for qualified signature and authentication with the ECC keys.
      • The gematik connector configuration may be imported from an encrypted 7z file as specified with the KZV Bayerns and CGM.
      • The connector configuration dialog can be opened during the sign() call too, not only during the initSignUnits() call.
      • Use the OCSP responses found in the checked signature for the revocation check of the signer’s certificate. The same applies to the OCSP responses found in the possible embedded timestamps.
      • An invalid signature timestamp will not turn the check result for the whole signature invalid. The signature timestamp is simply ignored then.
      • New property “proxy.password.neveraskuser” to never ask the user for a proxy password although the proxy requests authentication.
      • secp384r1 supported with TLS 1.2 too.
    • SecSigner 7.9 of 2021-01-27:

      • Qualified signature requests for PDF documents can be sent to the gematik Connector.
      • SecSigner skips the PDF annotations dialog if a gematik Connector is used since the Connector cannot handle the PDF annotation parameters.
      • SecSigner sets the system property http.nonProxyHosts according to the respective host names from the Windows registry. Otherwise the Java URLConnection class would somitimes try to use the proxy, even to hosts where it should not use a proxy.
      • Fixed bug when getting an installed Java font if a font is not embedded in the PDF document.
      • The PDF parser supports AES-256 (AESV3) and AES-256 with Galois Counter Mode. Bug fixed in PDF decryption and encryption with ARC4.
    • SecSigner 7.8 of 2021-01-14:

      • PDF true type font rendering improved.
      • PDF signature annotation height corrected.
      • Fixed positioning the pdf signature annotation in the viewer in SecSigner for documents with pages in different orientation.
      • When building the contact info for the PDF signature annotation check if given name and surname could be found in certificate to avoid appending null.
      • Fixed error in PDF signature annotation contact info when common name in signing certificates uses inverse order of given name and surname.
      • Check if a PDF annotation data item was set when SecSigner is called via API. In this case do not use the values from properties.
      • SecSigner clears the proxy system properties if no proxy shall be used according to the registry.
      • Changed the height of the certificate limits text field from in SecSigner’s verify dialog so that it does not overlap the document file name label.
      • When creating a PAdES signature SecSigner leaves 2000 bytes more space in the PDF for a timestamp.
      • SecSigner checks a MAC when reading PKCS#12 keys.
    • SecSigner 7.5 of 2020-10-29:

      • Support for D-TRUST qualified signature cards 4.1 M100 ECC and 4.1 Multi ECC as well as D-TRUST qualified seal card 4.4 Multi ECC.
      • Removed the support for the obsolete smartcard types Suva, Kobil and Quo Vadis.
      • Simplified glyph handling when rendering a PDF document.
      • Fixed bug when inserting signature annotation in rotated PDF pages. Implemented support for the Mac OSX viewer annotations.
      • SecSigner may switch between 3 properties files (instead of 2).
    • SecSigner 7.4 of 2020-08-04:

      • Support for D-Trust V4.1 and V4.4 cards.
      • Removed support for obsolete card types ZKA (S-Trust), Swedish ID, Datev classic 2009, SwissSign, Swisscom and D-Trust CardOS M4.3b.
      • The signature of a document already signed works again.
      • Fixed bug in the PDF renderer if the PDF viewer shows two pages but the document has an odd number of pages.
      • The signature verification report also includes the following information about the signer if contained in his certificate: dateOfBirth, placeOfBirth, countryOfCitizenship, countryOfResidence, surName, givenName, localityName, countryName, postalCode, streetAddress and postalAddress.
      • SecSigner.getDecryptCert() and SecSigner.getAuthCert() return null if the card (for example Telesec) does not have the respective certificate instead of throwing an exception saying that the smartcard had been removed.
      • Avoid a NullPointerException and a blocked file-open-dialog in SecSigner.encryptDataOnly().
      • SecSigner in web-run mode does not call the finished URL twice after verification or decryption.
      • If the user closes the SecSigner’s dialog in encryptDataOnly() when the web-run cancel URL will be called instead of the error-URL.
      • Removed the buttons “sign” and “verify” from SecSigner’s dialog do check if a PDF conforms to PDF/A.
    • SecSigner 7.3 of 2020-07-08:

      • Bug fixed which sometimes prevented the file-open-dialog from showing.
      • Improved search for signature annotations in signed PDF documents.
    • SecSigner 7.2 of 2020-06-24:

      • Support for D-Trust PKCS#12 files encrypted with pbeWithSHA1And3KeyTripleDES.
      • PDF and XML parsers accelerated.
      • Usage of CA certificates found in multiply signed PDF documents improved for signature verification.
      • Fixed a bug when a PDF font is encoded with Unicode or Adobe name map because some characters are displayed falsely.
      • Use system default font in button factory rather standard font Tahoma deployed in standardFont.tff.
      • The file dialog to load a document to encrypt in the SecSigner respects the max-file-size property and will be run by the event processing thread.
      • Security restrictions to the SecSigner properties seccommerce.configdir and log.dir only apply in WebRun mode.
      • SecSigner web run properties evaluation corrected for the PostURL.
      • SecSigner’s PDF/A verification dialog does not complain about a missing certificate when the signature verification button is pressed.
      • Removed the property seccommerce.secsigner.report.overall.returninlastsigner which had been announced to be removed by the end of 2015 already.
    • SecSigner 7 of 2020-03-24:

      • Qualified signature on SecSigner.jar removed since the legal basis for it was dropped. The advanced code signature with timestamp remains.
      • New property seccommerce.secsigner.certstackdownload.acknowledge determines if the user shall be informed about a downloaded certificate stack.
      • TLS 1.3 support.
      • Includes Azul OpenJDK 14.
      • Color-inverted PDF display corrected.
      • JBIG2 parameters in an array considered when displaying a PDF document.

    Changelog SecSigner 6

    • SecSigner 6.21 of 2019-12-30:

      • Check for references in PDF image decoding parameters.
      • Improved the parsing of the PDF media box of a page with null values.
      • New function SecSigner_LoadSpecifiedJavaVM() in CallSecSignerDLL.dll. It allows to specify the path of the Java VM to use.
      • Corrected the size limit of the Windows path environment variable.
      • Support for IP addresses in GeneralName in a certificate.
    • SecSigner 6.20 of 2019-12-13:

      • Fixed a NullPointerException when reading the Windows proxy settings if the DLL for registry access is missing.
      • The SecSigner Windows installer always also installs the 32 bit OpenJDK.
    • SecSigner 6.19 of 2019-12-04:

      • Corrected the evaluation of the registry value ProxyEnable when reading the Windows proxy settings.
      • Extended logging for the proxy settings registry values.
    • SecSigner 6.18 of 2019-10-31:

      • Handling of the mixed use of local card readers and a gematik connector improved.
      • Changes of the gematik connector access properties become active immediately.
      • Increased tolerance for fonts name encoding when reading PDF documents.
    • SecSigner 6.17 of 2019-09-25:

      • PC/SC and CT-API libraries for MacOS compiled and codesigned on MacOS 10.14.6.
      • Workaround for old dngService Starcos 3.2 cards which do not understand the Gematik APDU to select the master file.
      • OCSP responses signed by a certificate published in the Trusted List itself are accepted.
      • SecSigner will display its own version number in verification reports instead of SecPKI’s version number.
      • Layout of SecSigner dialog for pdf signature annotations has been fixed. All elements are visible.
      • Fixed bugs parsing images and bilevel images in pdf documents and improved parsing of embedded fonts.
    • SecSigner 6.16 of 2019-08-20:

      • SecSigner can use locally attached card readers even if the connection to a gematik Konnektor is active.
      • The SMC-B in the gematik Konnektor needs different certificate and PIN handles than the HBA.
      • The path to the gematik Konnektor access properties file may be configured.
      • SecSigner parses the OCSP responses found in SignedData only after the certificates found in the SignedData to make sure that the certificates to which the OCSP responses refer are available already.
    • SecSigner 6.15 of 2019-08-09:

      • Support for signing the same XML document several times in the SecSigner’s drag-and-drop dialog.
    • SecSigner 6.14 of 2019-07-10:

      • SecSigner will ask the user for a password if the webserver requests it to download secsigner.properties.
      • SecSigner will display the type of the inserted gematic card HBA, SMC-B, gSMC-K and eGK.
      • SecSigner recognizes the D-Trust V3.7 1ca Bayern card.
      • SecSigner deletes its files in the temporary folder only after a week.
      • Parsing of XML CDATA fixed.
    • SecSigner 6.13 of 2019-07-10:

      • The gematik SMC-B card does not have a qualified signature certificate but it can sign using the organisation signature certificate in DF.ESIGN.
      • SecSigner webrun parameters may be put into quotes to allow parameters to contain spaces.
      • The SecSigner webrun call to only read the certificates from a smartcard and post them to a web server can be used with smartcards without a signature certificate too.
      • The warning that the verified PDF document was modified after the signature does not appear if the modifications are limited to a set of allowed modifications which do not alter the visible appearance of the document.
      • The CallSecSigner-DLL does not try to call setUseLegacyBmuXmlSigFormat() in the SecSigner any more. The field was removed from the SecSigner already.
      • SecSigner’s timestamp dialog is not blocked if the user’s clicks on the next button while SecSigner is still waiting for the timestamp and the timestamp request ends with an error.
    • SecSigner 6.12 of 2019-06-24:

      • XAdES format added to the signature format list in SecSigner’s drag-and-drop dialog.
      • SecSigner deletes locally stored certificate stacks if it cannot verify their signatures. Otherwise the download of a new certificate stack would not start.
      • Removed the obsolete SecSigner option “seccommerce.secsigner.signrightaway”.
      • Support for reading XAdES signatures over Polish financial reports containing a ClaimedRole with an XML tree.
      • Fixed: The OK dialog in the certificate stack download sometimes blocked the signature verification.
      • A signature verification is not started automatically if a file is dragged into SecSigner. A button for signature verification will be shown instead. If the document shall be signed after verification use the correct signature format type e.g. PAdES or XMLDSig or CAdES.
      • Fixed issues in PDF Viewer e.g. when JBIG2 encoded images or black and white images are embedded in the PDF document.
      • Fixed issues when PDF documents are parsed e.g. when the ref section does not start with zero object or when parsing Type1 fonts.
    • SecSigner 6.11 of 2019-04-14:

      • Workaround for a bug in the JDK which falsely throws an exception “connection not yet open” when asking for the server’s HTTPS certificates for example in the SecSigner’s finish-URL in web run mode.
      • The save-OCSP-response-file-chooser is not displayed twice.
    • SecSigner 6.10:

      • Shorten very long texts in BMU XML documents to avoid an OutOfMemoryException.
      • The drag-and-drop dialog of the SecSigner recognizes the file name extension “-signed.xml” as a signed XML document.
      • TLS cipher suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 supported.
    • SecSigner 6.9 of 2019-04-03:
      • SecSigner default maximum Java virtual memory size set to 100 GB in 64 bit mode.
      • The SecSigner web run classes read the proxy settings from the Windows registry so that they can use it to load secsigner.properties.
      • EnvelopedData decryption compatible with data encrypted by old SecSigner and BouncyCastle versions.
    • SecSigner 6.8:
      • gematik connector supported to read certificates from the smart card and send it via HTTP POST to a web application
      • HBA-G2 and SMC-B transport PIN status query corrected.
      • SecSigner encryption and decryption with ECC keys corrected. An additional update for compatibility with the old encryption format will follow, though.
      • Labels of the signature types selection list in the drag-and-drop-dialog adopted to recent standards like PAdES.
      • Shorter label for the smart card init dialog to improve its readability.
    • SecSigner 6.7:
      • SecSigner in webrun mode with parameter EncryptDataOnly and with the DocumentURL “fileopen:*.*” sends the name of the user selected file as HTTP POST parameter “FileName”.
    • SecSigner 6.6:
      • In case someone calls SecSigner.close() before the algorithm catalogue download thread has finished then wait until it is done. Otherwise NullPointerExceptions could occur in the thread if the options and the logging object are null already.
      • PDF rendering accelerated with a global PDF font cache.
    • SecSigner 6.5:
      • Removed the SecSigner Webrun (and Webstart) property “ShowUrlsInBrowser” because the value “on” was not useful. A random browser was started and the URL was displayed in a random tab. The value “off” is the only possible behaviour now.
      • Support for OCSP responses which do not include the OCSP signer certificate.
      • PDF rendering accelerated with a headless rendering mode.
    • SecSigner 6.4:
      • PDF font rendering improved.
      • JPEG imaged in PDF rendering improved.
    • SecSigner 6.3:
      • Avoid ClassCastException in IBM forumSTAR: weblogic.net.http.SOAPHttpsURLConnection cannot be cast to javax.net.ssl.HttpsURLConnection.
      • PDF rendering of recursive fonts improved.
      • PDF rendering of transperancy improved.
    • SecSigner 6.2 of 2019-01-14:
      • SecSigner for Windows 32 bit includes the 32 bit OpenJDK from Azul Systems Inc.
      • CallSecSignerDLL may use an OpenJDK installed in the SecSigner’s installation folder.
      • SecSigner for Windows 64 bit will be installed in the 64 bit program files folder.
      • SecSigner’s Windows Explorer context menu DLL always runs the 64 bit SecSigner in a 64 Bit Windows Explorer.
      • If SecSigner is called in webrun mode and the secsignerwr file was converted to a shortened path by Windows then it will be converted back to the original long file name first.
      • The file name passed to SecSigner as command line parameter will not be converted to lower case.
      • SecSigner webrun examples included in the SecSigner developer zip.
      • Support for all Brainpool curves.
      • Algorithm expiration dates taken from SOG-IS. In particular: PKCS#1v1.5 as legacy algorithm accepted until the end of 2022.
      • Support for applets and web start removed. Please use SecCommerce webrun to start the SecSigner within a web application instead.
    • SecSigner 6.1 of 2018-11-21:
      • SecSigner now supports the SecCommerce Webrun format as the successor of Java Webstart because there is no support for webstart any longer scince Java 9.
      • For the Webrun start of the SecSigner you will need a locally installed SecSigner version. The installed SecSigner will register .secsignerwr and .secverifierwr as known filenedings. Websites or webservices which have generated java webstart jnlp files can now generate the webrun files to start the SecSigner either for signing or signature creation
      • SecSigner registers pkcs7 as known fileending on MacOSX so the SecSigner will start with a double click on those pkcs7 files.

    Changelog SecSigner 5

    • SecSigner 5 of 2018-04-04:
      • Added methods to query information about signature form fields from pdf document.
      • When image mask created check transparent pixel in index color model to define whether the mask needs to be inverted or not.
      • Check whether encoding was correct when pdf hex strings are decoded.
      • Always log stacktrace if a document cannot be shown in SecSigner.
    • SecSigner 5 of 2018-03-13:
      • Bugfix for CT-API card reader access at port 0.
    • SecSigner 5 of 2018-01-05:
      • Extended support for different Java versions.
    • SecSigner 5 of 2017-12-14:
      • When signing a pdf document ensure that each signature has a unique name.
      • When checking XMLDSig signatures don’t encode the signature to speed up the signature verification.
    • SecSigner 5 of 2017-12-27:
      • Support of current QuoVadis smart cards for advanced signatures.
      • Workaround for invalid responses of smartcard readers when checking whether secure pin entry is supported.
    • SecSigner 5 of 2017-12-06:
      • If SecSigner’s license file property does not contain an absolute path then SecSigner uses its installation folder as base directory to search the license file.
      • In signature creation mode the SecSigner only warns about an unknown trustcenter instead of a test signature certificate if it does not know the CA.
      • When validating signed PDF files the SecSigner checks byte order marks in certain string values for character encoding specification.
      • Support for QuoVadis’ OCSP URL without a path for Swiss regulated certificates.
      • SecSigner avoids a NullPointerException if SecSigner.close() is called twice.
      • Bug fix when parsing a tiff document with no default bits per sample value.
    • SecSigner 5 of 2017-10-17:
      • SecSigner’s Windows installer and DLLs adapted for Java 9: Java 9 has a different registry key name to find the jvm.dll. There is no 32 bit version of the Java runtime environment with Java 9 any more.
    • SecSigner 5 of 2017-10-06:
      • SHA-3 accelerated.
      • For XAdES signatures the reserved XML namespace “xml” is understood without declaration.
      • When rendering a ccitt encoded bilevel image, do not set the graphics xor mode in SecSigner viewer.
      • Try to extract the character set from the document itself when no character set was specified while html or xml document shall be shown.
      • Added custom tag html document, reader and tag action objects to handle special HTML5 tags in SecSigner viewer which are unsupported by java.
      • Bug fixed when checking ID entries in file trailer for PDF/A compliance check.
      • Check whether unsigned pdf document versions exist or if the byterange does not refer to the complete document which means the pdf document was modified after signing.
    • SecSigner 5 of 2017-09-25:
      • SecSigner’s start via Java Web Start changed for Java 9.
      • Certain corrupt PDF documents are not mistakenly found to be unsigned by the SecSigner. Instead, the SecSigner evaluates the signature and notes that it is invalid.
      • The default font size is just to set the default font size in viewing component and is not a secure property.
      • New SecSigner property seccommerce.secsigner.pdfannotationformfieldname to specify the PDF signature annotation position.
      • Bug fixed in pdf viewer when jpg images using CS_PYCC colorspance. Bug fixed when inserting pdf documents when pdf pages are organized in complex trees. Bug fixed parsing local and global subroutines in Type1C fonts.
      • Check whether string encoding in pdf documents utf-16 is little endian or big endian to be Android SDK compliant.
    • SecSigner 5 of 2017-09-08:
      • Timestamp requests can be send via a Java URLConnection just like OCSP responses. This may be useful if the SecCommerce TLS classes cannot evaluate the proxy configuration.
      • Support for timestamps from DGN Service without a non-repudiation flag in the timestamp signer’s certificate.
      • New version 5.0.0.5 of CallSecSignerDLL with the changes in the PDF annotation struct to keep the order of the elements intact.
      • Secure PIN entry for A-Trust ECC CardOS 5.3 cards repaired to support their minimum PIN length of 4 digits.
    • SecSigner 5 of 2017-08-08:
      • New version to avoid IllegalAccessError when calling getAccessibleContext.
      • 3072 bit RSA CA certificates from DRV trustcenter.
    • SecSigner 5 of 2017-07-19:
      • New D-Trust qualified seal cards with a 3072 bit signature key need extended length coding for the signature APDU.
      • New eweIDAS CA certificates from DGN.
      • New D-Trust CA certificates for advanced certificates in use by Deutsches Patent- und Markenamt.
      • Pin dialog is now undecorated and has no close button.
      • Bug fixed in PDF viewer for some fonts.
      • XML-DSig signature can contain html entities in base64 encoded certificate and signature data.
    • SecSigner 5 of 2017-07-05:
      • Via soap you can specify the look and feel of SecSigners dialog. Modal and alwaysOnTop can be sent as parameter in sign request.
      • New option seccommerce.secsigner.showsaveocspbutton
      • The revocation of a CA certificate is checked for the valid-not-before-date of the certificate it has issued in the certificate chain being validated.
      • Allow to cancel the sign process when a user hasn’t chosen the certificate of a tcos card yet.
      • T-Systems CA certificate for health profession cards (HBA).
      • Corrected order of new parameter in DOCUMENT struct of SecSigner calling library.
    • SecSigner 5 of 2017-06-27:
      • Certificates and OCSP responses signed using an ECC key can be read.
      • Elliptic curve secp521r1 supported for new Telesec root certificate.
      • New Telesec CA and root certificate added.
      • XAdES UnsignedProperties nodes will only be added if it has a content.
      • Signatures for waste management will be created in the new XAdES format per default.
      • Use the current version of the document struct and corrected PDF annotation parameters in SecSigner’ C# example.
      • SecSigner C# example calls either the 32 bit or 64 bit version of SecSigner’s DLL.
    • SecSigner 5 of 2017-06-01:
      • Added Type and Id attribute to the Reference node in XAdES signatures.
      • Bug fixed in refreshing image and PDF viewer in SecSigner.
      • beA card allows 12 digit long PINs.
      • A new smart card search after clicking on “back” does not falsely create a second InitSignUnitPanel.
      • DATEV advanced CA certificates of 2014 added.
      • When verifying a timestamp use its generation time from its signed content to check the algorithm suitability.
      • The SecSigner sub menu in the Windows Explorer context menu is not displayed twice for link files.
      • Added setUseLegacyBmuXmlSigFormat as parameter in the DLL to call SecSigner. Removed obsolete fields in the PDF annotation struct in the same DLL.
    • SecSigner 5 of 2017-05-23:
      • Check the appearance state of form field annotations to show initial values correctly.
      • SecSigner web start parameter UseLegacyBmuXmlSigFormat is also available in the applet.
    • SecSigner 5 of 2017-05-04:
      • Validation of certificates using RSA PSS padding corrected.
      • SecSigner SOAP returns a specific fault code (602) if the user has canceled the signature.
      • When calling SecSigner the DLL checks which code is returned: No signature in PDF or that the data is unsigned.
      • D-Trust eIDAS CA certificates.
    • SecSigner 5 of 2017-04-28:
      • When the verification report is generated assume ISO-8859-1 encoding in PDF location, contact info and other fields in signature dictionary.
      • Evaluate monetary limits in certificates specified with the new ETSI OID too.
      • Prefer RIPEMD-160 again for old A-Trust ACOS cards again since they do not seem to accept a 32 bytes long SHA-256 hash.
    • SecSigner 5 of 2017-04-18:
      • ECC plain format signatures with SHA-3 supported.
      • Optional web start parameter UseLegacyBmuXmlSigFormat added for ZKS XML signatures.
      • Timestamp example URL is from BaltStamp of Vilnius.
      • Use of pattern %FILENAME% in reason for PDF Signature annotation which is replaced by documents name.
      • Tolerance when parsing pdf objects with wrong object type to allow pdf documents being verified and displayed.
    • SecSigner 5 of 2017-04-10:
      • German Telematics GT900 supported on Mac OS using CT-API.
      • Private signature keys can be loaded from PKCS#8 files using PBES2. A SecretBag in a PKCS#12 file does not prevent the private signature key from being loaded.
      • Volksverschluesselung CA of Fraunhofer SIT added.
    • SecSigner 5 of 2017-03-30:
      • SHA-3 support for signature creation and verification, for timestamps, OCSP responses and CRLs. For the time being SHA-3 signature creation only works using soft tokens since there are no smart cards with SHA-3 support yet.
      • Signatures can be created using new A-Trust ECC cards based on Atos CardOS 5.3.
      • Drag and drop of files to be signed into SecSigner’s window repaired for Mac OS.
      • Removed the SecSigner property “seccommerce.secsigner.percentageofdocstoviewbeforesign”.
      • New property seccommerce.secsigner.editpdfannotationdimension to adjust whether the user can edit the PDF signature annotation.
    • SecSigner 5 of 2017-03-10:
      • The PDF parser supports a name object which has an empty name.
      • The XML parser supports XML tags in comments.
    • SecSigner 5 of 2017-02-21:
      • Option “seccommerce.secsigner.percentageofdocstoviewbeforesign” no longer causes that all documents have to be displayed.
      • Fixed decryption of PKCS#12 soft keys for very rare cases where the password was not recognized as correct.
      • Removed option “seccommerce.secsigner.maxbatchsize”.
    • SecSigner 5 of 2017-02-10:
      • The certificate chain validation is not limited to root certificates as trust anchors.
      • ETSI’s QCStatement claiming that the certificate is a EU qualified certificate is evaluated.
      • SecSigner Webstart always uses the Java URLConnection class to make sure the configured proxy will be used.
      • The SecSigner installer for Windows does not accidentally hide context menu items of other applications.
      • A missing property for PDF signature creation in the SecSigner Webstart call does not lead to a NullPointerException.
    • SecSigner 5 of 2017-01-30:
      • CallSecSignerDLL.dll adapted for new PDF annotation options.
      • SecSigner installer runs on 32 bit Windows too again.
      • Umlauts in SecSigner’s context menu in the Windows Explorer will be displayed correctly again.
      • Consider the height of the title bar when dialog is resized.
      • Bug fixed when serializing rtf document.
    • SecSigner 5 of 2017-01-20:
      • SecSigner’s context menu entries in Windows Explorer regarding encryption can be removed by installing SecSigner using the command line: “SecSigner-5-Setup.exe $ExplorerContextMenuEncryptItems=3”.
      • SecSigner may read and create XML signatures in the XAdES format of ETSI EN 319 132-1 V1.1.1 (2016-04).
      • XAdES signature time parser understands more formats.
      • The XAdES signature validation treats signatures containing references which cannot be evaluated as invalid.
      • Bug fixes parsing PDF documents.
      • Bug fixes calculating maximum height of a dialog showing the verification report.
    • SecSigner 5 of 2017-01-10:
      • Localized SecSigner messages in the decrypt dialog and the card reader dialog.
      • Use ETSI’s SigningCertificateV2 to find the signer’s certificate in a XAdES signature.
    • SecSigner 5 of 2017-01-05:
      • When saving documents in SecSigner consider datatype for correct file extension.
      • The IP address to bind SecSigner’s SOAP server port to may be given at the command line.
      • SecSigner won’t complain about a SigG null PIN not replaced with a user’s PIN yet on a Telesec card, if the user only wants to sign using his advanced certificate.
    • SecSigner 5 of 2016-12-30:
      • Signatures containing a signaturePolicyImplied are accepted. However, such signatures shall not exist according to ETSI.
      • Dialog for verification report is now resizable.
      • New DOI and OSCI CA certificates included.
    • SecSigner 5 of 2016/12/19: More specific recommendations for the user in SecSigner’s out-of-memory error messages.
    • SecSigner 5 of 2016-12-13:
      • Verification report dialog is now resizable and cannot be higher than the screen height.
      • Bug fixed when showing TIFF documents containing more than 10 pages.
      • The signature using the German identity card works again (An error had been introduced when the D-Trust V3.1 card was integrated).
    • SecSigner 5 of 2016-12-09:
      • D-Trust V3.1 and V3.4 (seal) smart cards supported.
      • Bugfix for the work-around for DRV- or D-Trust-V3.0 cards that sometimes produce corrupt PSS signatures. The repeated signatures do not appear as duplicates then.
      • The SecSigner user may choose whether to use the qualified or the advanced certificate for signature creation using his Telesec ECC card.
      • Telesec PKS (i.e. RSA) cards no longer supported. The last ones expired at 2015-12-31.
      • Invisible PDF signatures do not harm the PDF/A compliance.
      • SecSigner buttons use tooltips to make their text available to assistive technology like Jaws.
      • Removed print button in all SecSigner dialogs.
      • Improved thumbnail display for PDF documents.
    • SecSigner 5 of 2016/11/29: Padding RSA PKCS#1v1.5 is allowed for qualified German signatures until the end of 2017 according to the draft algorithm list of 2016-11-15.
    • SecSigner 5 of 2016/11/25:
      • Support for Bayern-PKI smart cards produced with a new software.
      • RSA with PKCS#1v1.5 padding will not be allowed for new qualified German signatures as of January 2018.
      • Redundant XML nodes required by BMU ZKS for waste management added again.
    • SecSigner 5 of 2016/11/04:
      • Support of CAdES signatures with empty lists of unauthenticated attributes.
      • Bug fix in drag&drop dialog of SecSigner that no dropped in files will be accepted which occur after java update 8u111.
    • SecSigner 5 of 2016/10/07:
      • New trustcenters and CA certificates from the EU trusted services lists.
      • Support of BNotK beA Card CA for merely advanced certificates
      • Fixed an error when the result of a failed OCSP request was tried to be integrated into a signature object.
      • Support for version 5 of the EU trusted services list according to ETSI TS 119 612 V2.2.1 (2016-04).
      • Support of Schencker’s I.CA root certficate.
      • Fixed bugs rendering masked images and bilevel jpg images in PDF documents.
      • Fixed bugs when pdf annotation is positioned in SecSigner preview window.
      • Fixed bugs when inserting a pdf document into another. Bug fixed when signing a pdf document. Check the type of the producer in info object.
      • SecSigner web start calls the cancel URL in the init-only-mode too. In this mode only the certificates are posted but no signature is created.
      • Signatures erroneously containing an ASN sequence around the signing time attribute’s value can be read.
    • SecSigner 5 of 2016/08/25:
      • Corrected the selection of the most recent Java VM when SecSigner is started via its exe or dll.
      • Support for a new version of BNotK 3.5 100 cards which initially do not have a signature certificate.
      • BNotK CA certificates for special lawyer mailbox added.
      • The pdf signature annotation background image is scaled to annotation size hence use annotation size for pdf annotation positioner.
    • SecSigner 5 of 2016/08/09:
      • Fixed bug in position calculation of pdf signature annotation if the position is chosen by viewer. The padding is considered in preview image in viewer.
      • Removed deprecated methods from SecSigner’s WSDL.
      • Removed dependency of Java JRE 7 in setup package for Windows.
    • SecSigner 5 of 2016/07/15: Bug fix when SecSigner is started in Adobe Acrobat and Adobe Acrobat DC and the document shall be shown.
    • SecSigner 5 of 2016/07/01:
      • Support of new format of Telesec timestamps scince 2016/07/01.
      • Bug fixes when scaling images or pdf documents in viewer
    • SecSigner 5 of 2016/06/15: SecSigner developer Zip contains a C# example how to call SecSigner via SOAP.
    • SecSigner 5 of 2016/06/07:
      • If there is only one signer in a verified signature then SecSigner will return the verification report of that signer as overall verification report too.
      • SignatureRecord.getVerificationReport() only returned the verification report of the last signer. For more clarity the method was replaced by getVerificationReport(int signerIndex), getVerificationReports() or getOverallVerificationReport().
      • If run via Java Web Start SecSigner loads its licence file from the code base.
      • XAdES signatures may be limited to a certain XML node instead of the whole document (reference URI).
      • SecSigner.exe as well as the DLLs have a code signature.
      • SecSigner call example code in C and C# updated.
      • Bug fixed in PDF rendering
    • SecSigner 5 of 2016/05/18:
      • RSA PSS signature validation fixed for the case where the result of the RSA decryption is shorter than the modulus (in bytes).
      • Bug fixed in PDF viewer, dont reset text rendering mode when ET command occurs.
      • SecSigner timestamp dialog changed for PAdES.
      • Acrobat Reader DC plug-in using Visual Studio 2015. Upgraded/converted from the old Acrobat Reader 8 SDK project which used Visual Studio 2005.
      • Acrobat Reader DC plug-in added to the new SecSigner installer (Tarma InstallMate 9).
      • The default value for SecSigner web start’s parameter ShowUrlsInBrowser is on.
      • SecSigner will not display an error message if a test certificate is about to be used for signature creation. The red line saying “test signature” in the main dialog is sufficient.
      • The pdf signature annotation can be specified by new properties to show or hide signers icon and signed image. Bug fix in calculating the height of the signature annotation.
    • SecSigner 5 of 2016/05/04:
      • New CA certificates from Deutsche Bundesbank, E.ON, SwissSign, BSI-Verwaltung, Unify (ECBA), Deutsche Bank, Secardeo (ECBA).
      • SecSigner now can be called via SOAP.
      • PDF-Signatures in ETSI-CAdES compliant format in the Adobe Acrobat Plug-In.
      • Bug fixed handling grayscale images in PDF documents.
      • OCSP-URLs will also be read from attribute certificates.
    • SecSigner 5 of 2016/04/14: Changes to gain downward compatibility for PDF signatures
    • SecSigner 5 of 2016/04/07:
      • Signature formats CAdES and PAdES according to ETSI EN 319 122-1 and ETSI EN 319 142-1.
      • Verification of CAdES and PAdES signatures with levels B-B, B-T, B-LT and B-LTA.
      • Generation of CAdES und PAdES signatures of levels B-B and B-T. If B-T is desired, a trust center timestamp will be added into the signatures as attribute SignatureTimeStamp.
      • During the generation of signature attribute certificates are entered into the attribute SignerAttributeV2.
      • CA certificates are also verified with OCSP.
      • CA certificates and OCSP responses coming from verified signatutres, time stamps and OCSP responses are also used for the verification of the certificates.
      • OCSP responses for attribute certificates originating from signatures are mentioned in the audit report as well as attributes of the signature attributes SignerAttributes and SignerAttributesV2 mentioned by the signatory .
      • The signature attributes ContentTimeStamp, SignatureTimeStamp, Countersignature, SignerLocation, and CommitmentTypeIndication are read.
      • BNetzA catalog of 9.12.2015 is considered.
      • Support of OCSP responses with other hash algorithms than SHA-1.
      • Layout of the PDF signature annotation re-designed with a new logo.
      • For PDF signature: Removal of authentication stamp as alternative for signature annotation.
      • Improvement of the PDF signature annotation for invisible signatures.
      • PDF objects can be also decompressed with gzip instead of zlib.
      • New property for defining the PDF/A version and the compliance level for the PDF/A conformity check.
      • SecSigner with Java Web Start and SecSigner applet use per default RSA-PSS-Padding.

    Changelog SecSigner 4

    • 2016/01/26: SecSigner can now run using Java Web Start. Bug fix for inverted drawn grayscale JPG images in PDF documents.
    • 2016/01/20: Support for smartcards HBA-G2 (health professional card), eGK (Electronic Health card) and SMC-B. New CA certificates of Bayrische V-PKI: Bayerische VPKI Class3 Issuing CA-2016,  Bayerische VPKI Smartcard Issuing CA-2016.
    • 2016/01/12: Support for PSS padding in attribute certificates. Correction creating PDF signatures to fulfill PDF/A-1a compliance. Bug fix during signature verification if friendly document name is not embedded into signature. Improvement of memory requirements dealing with XML documents. Added shell script for linux. New Telesec CA certificates. New CA certificates from GlobalTrust and e-commerce monitoring GmbH, Austria. New CA certificates of dgn Service. New dutch root certificates from Staat-Root.
    • 2015/12/02: Corrected an error in PDF signatures because of the improvement of memory requirements of embedded PDF signatures
    • 2015/11/22: Decreased the memory requirements of embedded PDF signatures
    • 2015/10/15: Option to switch between two properties files. Improved display of the button to withdraw a certificate selection. Check whether PINs are blocked at D-Trust-V3.0-cards. Fix of the processing of JBIG2 data in PDF documents. Fix of the PDF/A check with unused fonts.
    • 2015/09/29: New CA certificate of Suva (Switzerland). RSA-PSS padding supported with XMLDSig too. SecSigner’s drag and drop window has a symbol in Windows’s task bar. SecSigner’s drag-and-drop dialog resizing issues fixed. Workaround for drag-and-drop problem which prevented another signature verification on Mac OS X.
    • 2015/09/10: New root certificate of IT-Dienstleistungszentrum Bayern, new CA certificate of SUVA (Switzerland), access verification report via library CallSecSigner.dll, bug fix when printing text, increased length of signature bytes in PDF signature.
    • 2015/08/18: Corrected the distinction between dgnService cards and Ärztekammer Schleswig-Holstein cards. Install the SecSigner plug-in in Adobe Acrobat Reader DC.
    • 2015/08/11: Corrected the algorithm IDs for signature with the Ärztekammer Schleswig-Holstein card. RSA-PSS padding supported with this card too. Corrected PDF/A check for Type3 fonts.
    • 2015/06/25: Added CA certificates of “D-TRUST Personal ID”. Improved PDF/A validation of fonts between PDF/A-1 and PDF/A-2.
    • 2015/06/18: Retry the signature if the verification failed because it happens sometimes with D-Trust cards and RSA-PSS padding.
    • 2015/06/11: Display a star for each entered PIN digit at an Omnikey 3621 reader using PC/SC too.
    • 2015/05/22: Manufacturer’s declaration for SecSigner 4 submitted at the Bundesnetzagentur on 2015-04-20. Support for PDF signature filter ETSI.RFC3161. Comments in PDF can now contain umlauts. Bug fixes in viewer component. Bug fixed when initalising data for PDF signature creation. Medium secure settings do not lead to display that qualified signature is not possible. During evidence record validation the hash for PDF files is computed over the whole file. Size changes of fields in the ZKS panel (waste industry). New CA certificates of SUVA (Switzerland).

    Changelog of SecSigner 3.6

    • 2015/04/20: Support of pdf signature filter ETSI.CAdES.detached.
    • 2015/04/02: Fix of an error which prevented the signature creation using software keys. The algorithm catalogue download may be switched off.
    • 2015/03/20: Complies with BNetzA algorithm catalogue of 2014-12-15. Use RSA-PSS padding per default if allowed by the card. Added padding algorithms to the verification report. Support expired D-Trust card types again.
    • 2015/03/16: Work around to support erroneous CA certificates of Kassenärzte Schleswig-Holstein. Ended the support of expired signature card types.
    • 2015/03/02: Added european trustcenter. Support of RSA-PSS padding for D-Trust 3.0 smartcards. PDF certification value is put into a pdf signature field. Values of pdf signature fields are put into verification report.
    • 2015/02/13: Support for smartcard QuoVadis Card OS 4.4. Automatic update of validity of cryptografic algorithms according Bundesnetzagentur. Bug fixed in GUI when smartcard is initialized. Bug fixed for PDF signature annotation coordinates if PDF pages are rotated. Added API method for decryption of multiple documents.
    • 2015/01/27: Added API method for older applications which will get a complete verification report with all signatures when a document was signed multiple times
    • 2015/01/13: PDF signature annotation width is now adjustable. PDF signature cannot be put outside the page.
    • 2015/01/12: New ca certificates of DGN service and A-Trust. Bug fixed some PDF signature annotations display errors. Complete verification report about all signatures are now in SecSign API.
    • 2014/12/22: Bug fixed when signing pdf documents with form fields. Added namespace for XML Schema Instance to XMLDSig signatures.
    • 2014/12/15: Asked for PIN again for older D-Trust 3.0 smartcards, the so called BGS-Number can be overwritten by layers in SecSigners ZKS view.
    • 2014/12/03: Bug fixed when reading the document from an url. When rendering PDF documents check the appearance streams to display user made values in PDF forms. Bug fixed when scaling the image in PDF signature annotation.
    • 2014/11/23: New ca certificates from S-Trust and D-Trust. Corrections for XML-DSig signatures for certificates with xml special characters in the subject. Corrections at pdf display: apply the decode-array except for jbig2 encoded image data.
    • 2014/11/03: New ca certificates from DATEV. If an incorrect pin was entered, the user will be asked again rather than that the process is canceled.
    • 2014/10/17: Optional SecSignerSelfcheckSig.jar for an easier access in webstart applications. Support for RSA-PSS and SHA384 and SHA-512 for S-Trust cards. Multiple encryption runs with one PIN entry for D-Trust-V3.0 card. Bugfix while encoding of JBIG2 bilevel image data. Bugfix in PDF renderer when a masked image is null.
    • 2014/10/08: New CA certificate of German Pension Fund (Deutsche Rentenversicherung – DRV)
    • 2014/10/07: Adaptation in viewer for xml advide notes used by waste management industry
    • 2014/09/17: Several bug in PDF rendering component
    • 2014/09/11: Bug fixed for PDF documents using formfield names with dots in it.
    • 2014/09/08: Bug fixed for XML-DSig signature for field ‘SigningTime’. Bug fixed for PDF documents using object-streams and xref-streams.
    • 2014/09/03: Show a pop-up dialog if a soft key file could not be read. Bug fix for AES encrypted PDF documents. Use of existing signature fields in PDF documents.
    • 2014/08/21: Added new QuoVadis CA certificate. Bug fixes for PDF viewer while parsing colorspace objects and unicode character table objects.
    • 2014/07/28: Using new code signing certificate. The included libraries are now digitally signed. Bug fixes for PDF viewer when showing encrypted pdf documents or documents with special unicode character mappings.
    • 2014/07/10: Added messages in verification report for xml signature with wrong digest hash
    • 2014/07/07: New CA certificates of SignTrust
    • 2014/07/01: Bug fixed in ca-configuration for Comodo CA certificates. more properties and options for pdf signatures.
    • 2014/05/26: Bug fix in xml documents display
    • 2014/03/26: New CA certificates of Bundesnotarkammer.
    • 2014/02/19: New CA certificates of S-Trust (S-Trust-eVergabe CA certificates) were integrated into SecSigner.
    • 2014/01/24: New CA certificates of dgnService were integrated into SecSigner and support for Type3 fonts in pdf documents.
    • 2013/12/11: SecSigner now supports smartcards with STARCOS 3.5 and CardOS 5.0
    • 2012/11/28: SecSigner now supports smartcards like the german electonical ID card and smartcards with D-Trust-Card 3.0 and TCOS 3.0 Signature Card 2.0.

We will gladly help with the introduction of SecSigner to your company

More informationQuestions about SecSigner?