Signature verification

Our signature portal has an extra website where you can run signature checks. Of course, the signature verification can also be connected directly via API so that an automated verification can be performed. The signature portal server recognizes the signature level, e.g. is it a qualified signature, a qualified seal or an advanced signature, etc. The user gets everything displayed on the website in a very clear dialog.


The user can submit any number of signed PDF files here and perform the verification in one step. And then gets all contained signatures displayed on the website. As shown in the example above, this can also be a mix of different signature levels, e.g. two qualified signatures and one qualified seal. As the server operator, you decide which certificates/signatures you trust during this check. For example, you can simply set that only qualified signatures should be displayed as valid.

Or you work together with other trustworthy institutions and want your server to trust their internal PKIs, e.g. a Dataport or Siemens PKI. Then you can enter the Root Ca of these companies in the Trust Center administration of your signature portals and thus your users would also get a green signature verification presented here. This way you as a company can adapt the signature verification to your legal and business scenarios. Or you can use the default setting so that all certificates, e.g. the eiDAS Trustlist, are trusted.

As a result of the signature verification there is a signature verification report (PDF/A document) this verification report can be downloaded by the user or written directly into an archive via API. In addition, it is possible to integrate a hash tree (LTA) for the verified signatures for all signature verifications.

Verify signatures automatically via interfaces

You can call up the signature verification function from any application or existing program. This can be, for example, before files are archived in a DMS or directly from an existing program. For this purpose, we offer a REST, SOAP and JAVA API that can be directly integrated into your existing workflows to completely automate processes. In addition, we also offer special solutions for special application scenarios, e.g. an SMTP mail proxy with which incoming e-mail signatures, as well as files attached to e-mails and their signatures, can be checked automatically. If required, the verification report can also be automatically sealed in order to store it in an audit-proof manner.

Key facts:

You decide which signatures you trust Don't rely on the green check mark in Adobe Acrobat reader!

Adobe shows the user a green check mark when verifying cryptographic signatures, even if these signatures do not comply with the EIDAS regulation. On the other hand, Adobe sometimes displays a yellow exclamation mark if Adobe cannot verify the signatures, say, because they do not support a new signature format. So you should not rely on Adobe's signature verification when implementing digital signatures in a company. The SecPKI server has its own trust center management. This means that you can configure it yourself. For example, with just one click you can set it up

that only qualified certificates are to be trusted, so that your users only receive a green check result if it is a qualified signature and not - as is the case with Acrobat Reader - that Adobe certificates or Docusign certificates also receive a green check mark and a valid check result, which you may not want to trust at all. So you can configure yourself which trust centers you trust. Or which signature levels e.g. only qualified signatures or also advanced signatures you want to have displayed as valid.

Many larger companies or government agencies have internal PKI servers and if you have your own Signature Portal, you can configure your portal so that you're also able to trust and check their internal signatures.

Through your own trust center management in your SecPKI server, you can also configure the server so that you trust internal PKIs and CA's of organizations or foreign trust centers. For example, if you work with other companies or authorities that have an internal PKI, you can configure your server to trust signatures from those internal PKIs.

User-friendly presentation of signature validation results

The signature verification is presented on the website to the user in a way that is understandable even for laymen.


So that the user can immediately see at a glance what signature level is involved and, of course, how many signatures are included from which persons. In addition, a verification report is generated for each signature verification, which contains all information about the signature verification, the cryptography used, and much more.


Signature verification reports

Regardless of whether you verify a digitally signed file via API or via the website, the user will receive a signature verification report if they so choose. This can also be archived for auditing purposes. The signature verification report contains all technical and cryptographic information about the signature.


Similar Topics