close

Manufacturer´s declaration

The regulatory authority has not published yet the manufacturer´s declaration for SecSigner which was submitted on July 4, 2011.

You can find the manufacturer´s declaration as well as an amendment (also submitted to the regulatory authority) on:

SecSigner – Changelogs

Current Version SecSigner 6.16 – 2019/08/20

  • SecSigner 6.16 of 2019-08-20:

    • SecSigner can use locally attached card readers even if the connection to a gematik Konnektor is active.
    • The SMC-B in the gematik Konnektor needs different certificate and PIN handles than the HBA.
    • The path to the gematik Konnektor access properties file may be configured.
    • SecSigner parses the OCSP responses found in SignedData only after the certificates found in the SignedData to make sure that the certificates to which the OCSP responses refer are available already.
  • SecSigner 6.15 of 2019-08-09:

    • Support for signing the same XML document several times in the SecSigner’s drag-and-drop dialog.
  • SecSigner 6.14 of 2019-07-10:

    • SecSigner will ask the user for a password if the webserver requests it to download secsigner.properties.
    • SecSigner will display the type of the inserted gematic card HBA, SMC-B, gSMC-K and eGK.
    • SecSigner recognizes the D-Trust V3.7 1ca Bayern card.
    • SecSigner deletes its files in the temporary folder only after a week.
    • Parsing of XML CDATA fixed.
  • SecSigner 6.13 of 2019-07-10:

    • The gematik SMC-B card does not have a qualified signature certificate but it can sign using the organisation signature certificate in DF.ESIGN.
    • SecSigner webrun parameters may be put into quotes to allow parameters to contain spaces.
    • The SecSigner webrun call to only read the certificates from a smartcard and post them to a web server can be used with smartcards without a signature certificate too.
    • The warning that the verified PDF document was modified after the signature does not appear if the modifications are limited to a set of allowed modifications which do not alter the visible appearance of the document.
    • The CallSecSigner-DLL does not try to call setUseLegacyBmuXmlSigFormat() in the SecSigner any more. The field was removed from the SecSigner already.
    • SecSigner’s timestamp dialog is not blocked if the user’s clicks on the next button while SecSigner is still waiting for the timestamp and the timestamp request ends with an error.
  • SecSigner 6.12 of 2019-06-24:

    • XAdES format added to the signature format list in SecSigner’s drag-and-drop dialog.
    • SecSigner deletes locally stored certificate stacks if it cannot verify their signatures. Otherwise the download of a new certificate stack would not start.
    • Removed the obsolete SecSigner option “seccommerce.secsigner.signrightaway”.
    • Support for reading XAdES signatures over Polish financial reports containing a ClaimedRole with an XML tree.
    • Fixed: The OK dialog in the certificate stack download sometimes blocked the signature verification.
    • A signature verification is not started automatically if a file is dragged into SecSigner. A button for signature verification will be shown instead. If the document shall be signed after verification use the correct signature format type e.g. PAdES or XMLDSig or CAdES.
    • Fixed issues in PDF Viewer e.g. when JBIG2 encoded images or black and white images are embedded in the PDF document.
    • Fixed issues when PDF documents are parsed e.g. when the ref section does not start with zero object or when parsing Type1 fonts.
  • SecSigner 6.11 of 2019-04-14:

    • Workaround for a bug in the JDK which falsely throws an exception “connection not yet open” when asking for the server’s HTTPS certificates for example in the SecSigner’s finish-URL in web run mode.
    • The save-OCSP-response-file-chooser is not displayed twice.
  • SecSigner 6.10:

    • Shorten very long texts in BMU XML documents to avoid an OutOfMemoryException.
    • The drag-and-drop dialog of the SecSigner recognizes the file name extension “-signed.xml” as a signed XML document.
    • TLS cipher suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 supported.
  • SecSigner 6.9 of 2019-04-03:
    • SecSigner default maximum Java virtual memory size set to 100 GB in 64 bit mode.
    • The SecSigner web run classes read the proxy settings from the Windows registry so that they can use it to load secsigner.properties.
    • EnvelopedData decryption compatible with data encrypted by old SecSigner and BouncyCastle versions.
  • SecSigner 6.8:
    • gematik connector supported to read certificates from the smart card and send it via HTTP POST to a web application
    • HBA-G2 and SMC-B transport PIN status query corrected.
    • SecSigner encryption and decryption with ECC keys corrected. An additional update for compatibility with the old encryption format will follow, though.
    • Labels of the signature types selection list in the drag-and-drop-dialog adopted to recent standards like PAdES.
    • Shorter label for the smart card init dialog to improve its readability.
  • SecSigner 6.7:
    • SecSigner in webrun mode with parameter EncryptDataOnly and with the DocumentURL “fileopen:*.*” sends the name of the user selected file as HTTP POST parameter “FileName”.
  • SecSigner 6.6:
    • In case someone calls SecSigner.close() before the algorithm catalogue download thread has finished then wait until it is done. Otherwise NullPointerExceptions could occur in the thread if the options and the logging object are null already.
    • PDF rendering accelerated with a global PDF font cache.
  • SecSigner 6.5:
    • Removed the SecSigner Webrun (and Webstart) property “ShowUrlsInBrowser” because the value “on” was not useful. A random browser was started and the URL was displayed in a random tab. The value “off” is the only possible behaviour now.
    • Support for OCSP responses which do not include the OCSP signer certificate.
    • PDF rendering accelerated with a headless rendering mode.
  • SecSigner 6.4:
    • PDF font rendering improved.
    • JPEG imaged in PDF rendering improved.
  • SecSigner 6.3:
    • Avoid ClassCastException in IBM forumSTAR: weblogic.net.http.SOAPHttpsURLConnection cannot be cast to javax.net.ssl.HttpsURLConnection.
    • PDF rendering of recursive fonts improved.
    • PDF rendering of transperancy improved.
  • SecSigner 6.2 of 2019-01-14:
    • SecSigner for Windows 32 bit includes the 32 bit OpenJDK from Azul Systems Inc.
    • CallSecSignerDLL may use an OpenJDK installed in the SecSigner’s installation folder.
    • SecSigner for Windows 64 bit will be installed in the 64 bit program files folder.
    • SecSigner’s Windows Explorer context menu DLL always runs the 64 bit SecSigner in a 64 Bit Windows Explorer.
    • If SecSigner is called in webrun mode and the secsignerwr file was converted to a shortened path by Windows then it will be converted back to the original long file name first.
    • The file name passed to SecSigner as command line parameter will not be converted to lower case.
    • SecSigner webrun examples included in the SecSigner developer zip.
    • Support for all Brainpool curves.
    • Algorithm expiration dates taken from SOG-IS. In particular: PKCS#1v1.5 as legacy algorithm accepted until the end of 2022.
    • Support for applets and web start removed. Please use SecCommerce webrun to start the SecSigner within a web application instead.
  • SecSigner 6.1 of 2018-11-21:
    • SecSigner now supports the SecCommerce Webrun format as the successor of Java Webstart because there is no support for webstart any longer scince Java 9.
    • For the Webrun start of the SecSigner you will need a locally installed SecSigner version. The installed SecSigner will register .secsignerwr and .secverifierwr as known filenedings. Websites or webservices which have generated java webstart jnlp files can now generate the webrun files to start the SecSigner either for signing or signature creation
    • SecSigner registers pkcs7 as known fileending on MacOSX so the SecSigner will start with a double click on those pkcs7 files.

Changelog SecSigner 5

  • SecSigner 5 of 2018-04-04:
    • Added methods to query information about signature form fields from pdf document.
    • When image mask created check transparent pixel in index color model to define whether the mask needs to be inverted or not.
    • Check whether encoding was correct when pdf hex strings are decoded.
    • Always log stacktrace if a document cannot be shown in SecSigner.
  • SecSigner 5 of 2018-03-13:
    • Bugfix for CT-API card reader access at port 0.
  • SecSigner 5 of 2018-01-05:
    • Extended support for different Java versions.
  • SecSigner 5 of 2017-12-14:
    • When signing a pdf document ensure that each signature has a unique name.
    • When checking XMLDSig signatures don’t encode the signature to speed up the signature verification.
  • SecSigner 5 of 2017-12-27:
    • Support of current QuoVadis smart cards for advanced signatures.
    • Workaround for invalid responses of smartcard readers when checking whether secure pin entry is supported.
  • SecSigner 5 of 2017-12-06:
    • If SecSigner’s license file property does not contain an absolute path then SecSigner uses its installation folder as base directory to search the license file.
    • In signature creation mode the SecSigner only warns about an unknown trustcenter instead of a test signature certificate if it does not know the CA.
    • When validating signed PDF files the SecSigner checks byte order marks in certain string values for character encoding specification.
    • Support for QuoVadis’ OCSP URL without a path for Swiss regulated certificates.
    • SecSigner avoids a NullPointerException if SecSigner.close() is called twice.
    • Bug fix when parsing a tiff document with no default bits per sample value.
  • SecSigner 5 of 2017-10-17:
    • SecSigner’s Windows installer and DLLs adapted for Java 9: Java 9 has a different registry key name to find the jvm.dll. There is no 32 bit version of the Java runtime environment with Java 9 any more.
  • SecSigner 5 of 2017-10-06:
    • SHA-3 accelerated.
    • For XAdES signatures the reserved XML namespace “xml” is understood without declaration.
    • When rendering a ccitt encoded bilevel image, do not set the graphics xor mode in SecSigner viewer.
    • Try to extract the character set from the document itself when no character set was specified while html or xml document shall be shown.
    • Added custom tag html document, reader and tag action objects to handle special HTML5 tags in SecSigner viewer which are unsupported by java.
    • Bug fixed when checking ID entries in file trailer for PDF/A compliance check.
    • Check whether unsigned pdf document versions exist or if the byterange does not refer to the complete document which means the pdf document was modified after signing.
  • SecSigner 5 of 2017-09-25:
    • SecSigner’s start via Java Web Start changed for Java 9.
    • Certain corrupt PDF documents are not mistakenly found to be unsigned by the SecSigner. Instead, the SecSigner evaluates the signature and notes that it is invalid.
    • The default font size is just to set the default font size in viewing component and is not a secure property.
    • New SecSigner property seccommerce.secsigner.pdfannotationformfieldname to specify the PDF signature annotation position.
    • Bug fixed in pdf viewer when jpg images using CS_PYCC colorspance. Bug fixed when inserting pdf documents when pdf pages are organized in complex trees. Bug fixed parsing local and global subroutines in Type1C fonts.
    • Check whether string encoding in pdf documents utf-16 is little endian or big endian to be Android SDK compliant.
  • SecSigner 5 of 2017-09-08:
    • Timestamp requests can be send via a Java URLConnection just like OCSP responses. This may be useful if the SecCommerce TLS classes cannot evaluate the proxy configuration.
    • Support for timestamps from DGN Service without a non-repudiation flag in the timestamp signer’s certificate.
    • New version 5.0.0.5 of CallSecSignerDLL with the changes in the PDF annotation struct to keep the order of the elements intact.
    • Secure PIN entry for A-Trust ECC CardOS 5.3 cards repaired to support their minimum PIN length of 4 digits.
  • SecSigner 5 of 2017-08-08:
    • New version to avoid IllegalAccessError when calling getAccessibleContext.
    • 3072 bit RSA CA certificates from DRV trustcenter.
  • SecSigner 5 of 2017-07-19:
    • New D-Trust qualified seal cards with a 3072 bit signature key need extended length coding for the signature APDU.
    • New eweIDAS CA certificates from DGN.
    • New D-Trust CA certificates for advanced certificates in use by Deutsches Patent- und Markenamt.
    • Pin dialog is now undecorated and has no close button.
    • Bug fixed in PDF viewer for some fonts.
    • XML-DSig signature can contain html entities in base64 encoded certificate and signature data.
  • SecSigner 5 of 2017-07-05:
    • Via soap you can specify the look and feel of SecSigners dialog. Modal and alwaysOnTop can be sent as parameter in sign request.
    • New option seccommerce.secsigner.showsaveocspbutton
    • The revocation of a CA certificate is checked for the valid-not-before-date of the certificate it has issued in the certificate chain being validated.
    • Allow to cancel the sign process when a user hasn’t chosen the certificate of a tcos card yet.
    • T-Systems CA certificate for health profession cards (HBA).
    • Corrected order of new parameter in DOCUMENT struct of SecSigner calling library.
  • SecSigner 5 of 2017-06-27:
    • Certificates and OCSP responses signed using an ECC key can be read.
    • Elliptic curve secp521r1 supported for new Telesec root certificate.
    • New Telesec CA and root certificate added.
    • XAdES UnsignedProperties nodes will only be added if it has a content.
    • Signatures for waste management will be created in the new XAdES format per default.
    • Use the current version of the document struct and corrected PDF annotation parameters in SecSigner’ C# example.
    • SecSigner C# example calls either the 32 bit or 64 bit version of SecSigner’s DLL.
  • SecSigner 5 of 2017-06-01:
    • Added Type and Id attribute to the Reference node in XAdES signatures.
    • Bug fixed in refreshing image and PDF viewer in SecSigner.
    • beA card allows 12 digit long PINs.
    • A new smart card search after clicking on “back” does not falsely create a second InitSignUnitPanel.
    • DATEV advanced CA certificates of 2014 added.
    • When verifying a timestamp use its generation time from its signed content to check the algorithm suitability.
    • The SecSigner sub menu in the Windows Explorer context menu is not displayed twice for link files.
    • Added setUseLegacyBmuXmlSigFormat as parameter in the DLL to call SecSigner. Removed obsolete fields in the PDF annotation struct in the same DLL.
  • SecSigner 5 of 2017-05-23:
    • Check the appearance state of form field annotations to show initial values correctly.
    • SecSigner web start parameter UseLegacyBmuXmlSigFormat is also available in the applet.
  • SecSigner 5 of 2017-05-04:
    • Validation of certificates using RSA PSS padding corrected.
    • SecSigner SOAP returns a specific fault code (602) if the user has canceled the signature.
    • When calling SecSigner the DLL checks which code is returned: No signature in PDF or that the data is unsigned.
    • D-Trust eIDAS CA certificates.
  • SecSigner 5 of 2017-04-28:
    • When the verification report is generated assume ISO-8859-1 encoding in PDF location, contact info and other fields in signature dictionary.
    • Evaluate monetary limits in certificates specified with the new ETSI OID too.
    • Prefer RIPEMD-160 again for old A-Trust ACOS cards again since they do not seem to accept a 32 bytes long SHA-256 hash.
  • SecSigner 5 of 2017-04-18:
    • ECC plain format signatures with SHA-3 supported.
    • Optional web start parameter UseLegacyBmuXmlSigFormat added for ZKS XML signatures.
    • Timestamp example URL is from BaltStamp of Vilnius.
    • Use of pattern %FILENAME% in reason for PDF Signature annotation which is replaced by documents name.
    • Tolerance when parsing pdf objects with wrong object type to allow pdf documents being verified and displayed.
  • SecSigner 5 of 2017-04-10:
    • German Telematics GT900 supported on Mac OS using CT-API.
    • Private signature keys can be loaded from PKCS#8 files using PBES2. A SecretBag in a PKCS#12 file does not prevent the private signature key from being loaded.
    • Volksverschluesselung CA of Fraunhofer SIT added.
  • SecSigner 5 of 2017-03-30:
    • SHA-3 support for signature creation and verification, for timestamps, OCSP responses and CRLs. For the time being SHA-3 signature creation only works using soft tokens since there are no smart cards with SHA-3 support yet.
    • Signatures can be created using new A-Trust ECC cards based on Atos CardOS 5.3.
    • Drag and drop of files to be signed into SecSigner’s window repaired for Mac OS.
    • Removed the SecSigner property “seccommerce.secsigner.percentageofdocstoviewbeforesign”.
    • New property seccommerce.secsigner.editpdfannotationdimension to adjust whether the user can edit the PDF signature annotation.
  • SecSigner 5 of 2017-03-10:
    • The PDF parser supports a name object which has an empty name.
    • The XML parser supports XML tags in comments.
  • SecSigner 5 of 2017-02-21:
    • Option “seccommerce.secsigner.percentageofdocstoviewbeforesign” no longer causes that all documents have to be displayed.
    • Fixed decryption of PKCS#12 soft keys for very rare cases where the password was not recognized as correct.
    • Removed option “seccommerce.secsigner.maxbatchsize”.
  • SecSigner 5 of 2017-02-10:
    • The certificate chain validation is not limited to root certificates as trust anchors.
    • ETSI’s QCStatement claiming that the certificate is a EU qualified certificate is evaluated.
    • SecSigner Webstart always uses the Java URLConnection class to make sure the configured proxy will be used.
    • The SecSigner installer for Windows does not accidentally hide context menu items of other applications.
    • A missing property for PDF signature creation in the SecSigner Webstart call does not lead to a NullPointerException.
  • SecSigner 5 of 2017-01-30:
    • CallSecSignerDLL.dll adapted for new PDF annotation options.
    • SecSigner installer runs on 32 bit Windows too again.
    • Umlauts in SecSigner’s context menu in the Windows Explorer will be displayed correctly again.
    • Consider the height of the title bar when dialog is resized.
    • Bug fixed when serializing rtf document.
  • SecSigner 5 of 2017-01-20:
    • SecSigner’s context menu entries in Windows Explorer regarding encryption can be removed by installing SecSigner using the command line: “SecSigner-5-Setup.exe $ExplorerContextMenuEncryptItems=3”.
    • SecSigner may read and create XML signatures in the XAdES format of ETSI EN 319 132-1 V1.1.1 (2016-04).
    • XAdES signature time parser understands more formats.
    • The XAdES signature validation treats signatures containing references which cannot be evaluated as invalid.
    • Bug fixes parsing PDF documents.
    • Bug fixes calculating maximum height of a dialog showing the verification report.
  • SecSigner 5 of 2017-01-10:
    • Localized SecSigner messages in the decrypt dialog and the card reader dialog.
    • Use ETSI’s SigningCertificateV2 to find the signer’s certificate in a XAdES signature.
  • SecSigner 5 of 2017-01-05:
    • When saving documents in SecSigner consider datatype for correct file extension.
    • The IP address to bind SecSigner’s SOAP server port to may be given at the command line.
    • SecSigner won’t complain about a SigG null PIN not replaced with a user’s PIN yet on a Telesec card, if the user only wants to sign using his advanced certificate.
  • SecSigner 5 of 2016-12-30:
    • Signatures containing a signaturePolicyImplied are accepted. However, such signatures shall not exist according to ETSI.
    • Dialog for verification report is now resizable.
    • New DOI and OSCI CA certificates included.
  • SecSigner 5 of 2016/12/19: More specific recommendations for the user in SecSigner’s out-of-memory error messages.
  • SecSigner 5 of 2016-12-13:
    • Verification report dialog is now resizable and cannot be higher than the screen height.
    • Bug fixed when showing TIFF documents containing more than 10 pages.
    • The signature using the German identity card works again (An error had been introduced when the D-Trust V3.1 card was integrated).
  • SecSigner 5 of 2016-12-09:
    • D-Trust V3.1 and V3.4 (seal) smart cards supported.
    • Bugfix for the work-around for DRV- or D-Trust-V3.0 cards that sometimes produce corrupt PSS signatures. The repeated signatures do not appear as duplicates then.
    • The SecSigner user may choose whether to use the qualified or the advanced certificate for signature creation using his Telesec ECC card.
    • Telesec PKS (i.e. RSA) cards no longer supported. The last ones expired at 2015-12-31.
    • Invisible PDF signatures do not harm the PDF/A compliance.
    • SecSigner buttons use tooltips to make their text available to assistive technology like Jaws.
    • Removed print button in all SecSigner dialogs.
    • Improved thumbnail display for PDF documents.
  • SecSigner 5 of 2016/11/29: Padding RSA PKCS#1v1.5 is allowed for qualified German signatures until the end of 2017 according to the draft algorithm list of 2016-11-15.
  • SecSigner 5 of 2016/11/25:
    • Support for Bayern-PKI smart cards produced with a new software.
    • RSA with PKCS#1v1.5 padding will not be allowed for new qualified German signatures as of January 2018.
    • Redundant XML nodes required by BMU ZKS for waste management added again.
  • SecSigner 5 of 2016/11/04:
    • Support of CAdES signatures with empty lists of unauthenticated attributes.
    • Bug fix in drag&drop dialog of SecSigner that no dropped in files will be accepted which occur after java update 8u111.
  • SecSigner 5 of 2016/10/07:
    • New trustcenters and CA certificates from the EU trusted services lists.
    • Support of BNotK beA Card CA for merely advanced certificates
    • Fixed an error when the result of a failed OCSP request was tried to be integrated into a signature object.
    • Support for version 5 of the EU trusted services list according to ETSI TS 119 612 V2.2.1 (2016-04).
    • Support of Schencker’s I.CA root certficate.
    • Fixed bugs rendering masked images and bilevel jpg images in PDF documents.
    • Fixed bugs when pdf annotation is positioned in SecSigner preview window.
    • Fixed bugs when inserting a pdf document into another. Bug fixed when signing a pdf document. Check the type of the producer in info object.
    • SecSigner web start calls the cancel URL in the init-only-mode too. In this mode only the certificates are posted but no signature is created.
    • Signatures erroneously containing an ASN sequence around the signing time attribute’s value can be read.
  • SecSigner 5 of 2016/08/25:
    • Corrected the selection of the most recent Java VM when SecSigner is started via its exe or dll.
    • Support for a new version of BNotK 3.5 100 cards which initially do not have a signature certificate.
    • BNotK CA certificates for special lawyer mailbox added.
    • The pdf signature annotation background image is scaled to annotation size hence use annotation size for pdf annotation positioner.
  • SecSigner 5 of 2016/08/09:
    • Fixed bug in position calculation of pdf signature annotation if the position is chosen by viewer. The padding is considered in preview image in viewer.
    • Removed deprecated methods from SecSigner’s WSDL.
    • Removed dependency of Java JRE 7 in setup package for Windows.
  • SecSigner 5 of 2016/07/15: Bug fix when SecSigner is started in Adobe Acrobat and Adobe Acrobat DC and the document shall be shown.
  • SecSigner 5 of 2016/07/01:
    • Support of new format of Telesec timestamps scince 2016/07/01.
    • Bug fixes when scaling images or pdf documents in viewer
  • SecSigner 5 of 2016/06/15: SecSigner developer Zip contains a C# example how to call SecSigner via SOAP.
  • SecSigner 5 of 2016/06/07:
    • If there is only one signer in a verified signature then SecSigner will return the verification report of that signer as overall verification report too.
    • SignatureRecord.getVerificationReport() only returned the verification report of the last signer. For more clarity the method was replaced by getVerificationReport(int signerIndex), getVerificationReports() or getOverallVerificationReport().
    • If run via Java Web Start SecSigner loads its licence file from the code base.
    • XAdES signatures may be limited to a certain XML node instead of the whole document (reference URI).
    • SecSigner.exe as well as the DLLs have a code signature.
    • SecSigner call example code in C and C# updated.
    • Bug fixed in PDF rendering
  • SecSigner 5 of 2016/05/18:
    • RSA PSS signature validation fixed for the case where the result of the RSA decryption is shorter than the modulus (in bytes).
    • Bug fixed in PDF viewer, dont reset text rendering mode when ET command occurs.
    • SecSigner timestamp dialog changed for PAdES.
    • Acrobat Reader DC plug-in using Visual Studio 2015. Upgraded/converted from the old Acrobat Reader 8 SDK project which used Visual Studio 2005.
    • Acrobat Reader DC plug-in added to the new SecSigner installer (Tarma InstallMate 9).
    • The default value for SecSigner web start’s parameter ShowUrlsInBrowser is on.
    • SecSigner will not display an error message if a test certificate is about to be used for signature creation. The red line saying “test signature” in the main dialog is sufficient.
    • The pdf signature annotation can be specified by new properties to show or hide signers icon and signed image. Bug fix in calculating the height of the signature annotation.
  • SecSigner 5 of 2016/05/04:
    • New CA certificates from Deutsche Bundesbank, E.ON, SwissSign, BSI-Verwaltung, Unify (ECBA), Deutsche Bank, Secardeo (ECBA).
    • SecSigner now can be called via SOAP.
    • PDF-Signatures in ETSI-CAdES compliant format in the Adobe Acrobat Plug-In.
    • Bug fixed handling grayscale images in PDF documents.
    • OCSP-URLs will also be read from attribute certificates.
  • SecSigner 5 of 2016/04/14: Changes to gain downward compatibility for PDF signatures
  • SecSigner 5 of 2016/04/07:
    • Signature formats CAdES and PAdES according to ETSI EN 319 122-1 and ETSI EN 319 142-1.
    • Verification of CAdES and PAdES signatures with levels B-B, B-T, B-LT and B-LTA.
    • Generation of CAdES und PAdES signatures of levels B-B and B-T. If B-T is desired, a trust center timestamp will be added into the signatures as attribute SignatureTimeStamp.
    • During the generation of signature attribute certificates are entered into the attribute SignerAttributeV2.
    • CA certificates are also verified with OCSP.
    • CA certificates and OCSP responses coming from verified signatutres, time stamps and OCSP responses are also used for the verification of the certificates.
    • OCSP responses for attribute certificates originating from signatures are mentioned in the audit report as well as attributes of the signature attributes SignerAttributes and SignerAttributesV2 mentioned by the signatory .
    • The signature attributes ContentTimeStamp, SignatureTimeStamp, Countersignature, SignerLocation, and CommitmentTypeIndication are read.
    • BNetzA catalog of 9.12.2015 is considered.
    • Support of OCSP responses with other hash algorithms than SHA-1.
    • Layout of the PDF signature annotation re-designed with a new logo.
    • For PDF signature: Removal of authentication stamp as alternative for signature annotation.
    • Improvement of the PDF signature annotation for invisible signatures.
    • PDF objects can be also decompressed with gzip instead of zlib.
    • New property for defining the PDF/A version and the compliance level for the PDF/A conformity check.
    • SecSigner with Java Web Start and SecSigner applet use per default RSA-PSS-Padding.

Changelog SecSigner 4

  • 2016/01/26: SecSigner can now run using Java Web Start. Bug fix for inverted drawn grayscale JPG images in PDF documents.
  • 2016/01/20: Support for smartcards HBA-G2 (health professional card), eGK (Electronic Health card) and SMC-B. New CA certificates of Bayrische V-PKI: Bayerische VPKI Class3 Issuing CA-2016,  Bayerische VPKI Smartcard Issuing CA-2016.
  • 2016/01/12: Support for PSS padding in attribute certificates. Correction creating PDF signatures to fulfill PDF/A-1a compliance. Bug fix during signature verification if friendly document name is not embedded into signature. Improvement of memory requirements dealing with XML documents. Added shell script for linux. New Telesec CA certificates. New CA certificates from GlobalTrust and e-commerce monitoring GmbH, Austria. New CA certificates of dgn Service. New dutch root certificates from Staat-Root.
  • 2015/12/02: Corrected an error in PDF signatures because of the improvement of memory requirements of embedded PDF signatures
  • 2015/11/22: Decreased the memory requirements of embedded PDF signatures
  • 2015/10/15: Option to switch between two properties files. Improved display of the button to withdraw a certificate selection. Check whether PINs are blocked at D-Trust-V3.0-cards. Fix of the processing of JBIG2 data in PDF documents. Fix of the PDF/A check with unused fonts.
  • 2015/09/29: New CA certificate of Suva (Switzerland). RSA-PSS padding supported with XMLDSig too. SecSigner’s drag and drop window has a symbol in Windows’s task bar. SecSigner’s drag-and-drop dialog resizing issues fixed. Workaround for drag-and-drop problem which prevented another signature verification on Mac OS X.
  • 2015/09/10: New root certificate of IT-Dienstleistungszentrum Bayern, new CA certificate of SUVA (Switzerland), access verification report via library CallSecSigner.dll, bug fix when printing text, increased length of signature bytes in PDF signature.
  • 2015/08/18: Corrected the distinction between dgnService cards and Ärztekammer Schleswig-Holstein cards. Install the SecSigner plug-in in Adobe Acrobat Reader DC.
  • 2015/08/11: Corrected the algorithm IDs for signature with the Ärztekammer Schleswig-Holstein card. RSA-PSS padding supported with this card too. Corrected PDF/A check for Type3 fonts.
  • 2015/06/25: Added CA certificates of “D-TRUST Personal ID”. Improved PDF/A validation of fonts between PDF/A-1 and PDF/A-2.
  • 2015/06/18: Retry the signature if the verification failed because it happens sometimes with D-Trust cards and RSA-PSS padding.
  • 2015/06/11: Display a star for each entered PIN digit at an Omnikey 3621 reader using PC/SC too.
  • 2015/05/22: Manufacturer’s declaration for SecSigner 4 submitted at the Bundesnetzagentur on 2015-04-20. Support for PDF signature filter ETSI.RFC3161. Comments in PDF can now contain umlauts. Bug fixes in viewer component. Bug fixed when initalising data for PDF signature creation. Medium secure settings do not lead to display that qualified signature is not possible. During evidence record validation the hash for PDF files is computed over the whole file. Size changes of fields in the ZKS panel (waste industry). New CA certificates of SUVA (Switzerland).

Changelog of SecSigner 3.6

  • 2015/04/20: Support of pdf signature filter ETSI.CAdES.detached.
  • 2015/04/02: Fix of an error which prevented the signature creation using software keys. The algorithm catalogue download may be switched off.
  • 2015/03/20: Complies with BNetzA algorithm catalogue of 2014-12-15. Use RSA-PSS padding per default if allowed by the card. Added padding algorithms to the verification report. Support expired D-Trust card types again.
  • 2015/03/16: Work around to support erroneous CA certificates of Kassenärzte Schleswig-Holstein. Ended the support of expired signature card types.
  • 2015/03/02: Added european trustcenter. Support of RSA-PSS padding for D-Trust 3.0 smartcards. PDF certification value is put into a pdf signature field. Values of pdf signature fields are put into verification report.
  • 2015/02/13: Support for smartcard QuoVadis Card OS 4.4. Automatic update of validity of cryptografic algorithms according Bundesnetzagentur. Bug fixed in GUI when smartcard is initialized. Bug fixed for PDF signature annotation coordinates if PDF pages are rotated. Added API method for decryption of multiple documents.
  • 2015/01/27: Added API method for older applications which will get a complete verification report with all signatures when a document was signed multiple times
  • 2015/01/13: PDF signature annotation width is now adjustable. PDF signature cannot be put outside the page.
  • 2015/01/12: New ca certificates of DGN service and A-Trust. Bug fixed some PDF signature annotations display errors. Complete verification report about all signatures are now in SecSign API.
  • 2014/12/22: Bug fixed when signing pdf documents with form fields. Added namespace for XML Schema Instance to XMLDSig signatures.
  • 2014/12/15: Asked for PIN again for older D-Trust 3.0 smartcards, the so called BGS-Number can be overwritten by layers in SecSigners ZKS view.
  • 2014/12/03: Bug fixed when reading the document from an url. When rendering PDF documents check the appearance streams to display user made values in PDF forms. Bug fixed when scaling the image in PDF signature annotation.
  • 2014/11/23: New ca certificates from S-Trust and D-Trust. Corrections for XML-DSig signatures for certificates with xml special characters in the subject. Corrections at pdf display: apply the decode-array except for jbig2 encoded image data.
  • 2014/11/03: New ca certificates from DATEV. If an incorrect pin was entered, the user will be asked again rather than that the process is canceled.
  • 2014/10/17: Optional SecSignerSelfcheckSig.jar for an easier access in webstart applications. Support for RSA-PSS and SHA384 and SHA-512 for S-Trust cards. Multiple encryption runs with one PIN entry for D-Trust-V3.0 card. Bugfix while encoding of JBIG2 bilevel image data. Bugfix in PDF renderer when a masked image is null.
  • 2014/10/08: New CA certificate of German Pension Fund (Deutsche Rentenversicherung – DRV)
  • 2014/10/07: Adaptation in viewer for xml advide notes used by waste management industry
  • 2014/09/17: Several bug in PDF rendering component
  • 2014/09/11: Bug fixed for PDF documents using formfield names with dots in it.
  • 2014/09/08: Bug fixed for XML-DSig signature for field ‘SigningTime’. Bug fixed for PDF documents using object-streams and xref-streams.
  • 2014/09/03: Show a pop-up dialog if a soft key file could not be read. Bug fix for AES encrypted PDF documents. Use of existing signature fields in PDF documents.
  • 2014/08/21: Added new QuoVadis CA certificate. Bug fixes for PDF viewer while parsing colorspace objects and unicode character table objects.
  • 2014/07/28: Using new code signing certificate. The included libraries are now digitally signed. Bug fixes for PDF viewer when showing encrypted pdf documents or documents with special unicode character mappings.
  • 2014/07/10: Added messages in verification report for xml signature with wrong digest hash
  • 2014/07/07: New CA certificates of SignTrust
  • 2014/07/01: Bug fixed in ca-configuration for Comodo CA certificates. more properties and options for pdf signatures.
  • 2014/05/26: Bug fix in xml documents display
  • 2014/03/26: New CA certificates of Bundesnotarkammer.
  • 2014/02/19: New CA certificates of S-Trust (S-Trust-eVergabe CA certificates) were integrated into SecSigner.
  • 2014/01/24: New CA certificates of dgnService were integrated into SecSigner and support for Type3 fonts in pdf documents.
  • 2013/12/11: SecSigner now supports smartcards with STARCOS 3.5 and CardOS 5.0
  • 2012/11/28: SecSigner now supports smartcards like the german electonical ID card and smartcards with D-Trust-Card 3.0 and TCOS 3.0 Signature Card 2.0.

We will gladly help with the introduction of SecSigner to your company

More informationQuestions about SecSigner?