Electronic signatures are widely used to provide the same legal standing as handwritten signatures. This process is regulated by eIDAS in European Union. SD-DSS is the european free and open-source tool to handle electronic signatures. It is capable to create, extend and validate electronic signatures. SD comes from Services Directive, because it was developed originally in context of 2006/123/EC. Mission is to provide Digital Signature Service, which is trusted by administrations, businesses and citizens and ensure interoperability between EU member states.

About application

Sofware is developed and also supported by Nowina Solutions, based in Luxembourg. Releases are available for download from GitHub. There is a so called demo webapplication, which is not recommended to be used in production, but gives a lot of examples and best practices about integration. You can use it as a simple reference client. A live demo is available on Nowina's site and package is available for download here. It is also possible to build your own one from dss-demonstartions Github repository with use of Maven. Technically it is faster to rebuild root project instead of subprojects.

How to use it

Demo webapplication uses a built-in PKCS #12 certificate for server-signing process, so it is need to make a new build if you want to change it for your own signer certificate. You can use Maven Lifecycle plugins for this purpose if you use an IDE or just simply execute following command: mvn clean install. To sign a document with use of SOAP webservice, you need to go through following steps, call of following services in predefined order is necessary to construct a digitally signed file.

• getDataToSign : computes the data from input document to be signed, input is your file,
• sign : signs the previous result with a smartcard, keystore, HSM, etc. to create signatureValue,
• signDocument : creates the signed document with the given signatureValue.

The parameter values in getDataToSign and signDocument methods must be equals. To get alias of your signer certificate you need to execute getKeys request.

There is a cookbook and a lot of demonstrations about usage of DSS on GitHub. dss-cookbook offers also a sample SoapUI project with all of the available SOAP requests. You need to run your own instance of DSS Demo WebApplication to use these features. Signature operation is delegated to NexU when you call it from user interface. NexU Bundle is available for download from here, which is an open-source, multi-platform remote signature tool from Nowina. There are plenty of other handy tools in PKI Factory, but please keep in mind, all of these are just for testing purpose.
I hope this short explanation was useful and you got a big picture about usage possibilities of DSS.
Following slides provide more detailed theoretical explanation about Public Key Infrastructure.

Sources:

• DSS Documentation: https://github.com/esig/dss/blob/master/dss-cookbook/src/main/asciidoc/dss-documentation.adoc
• DSS Releases: https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/DSS+releases
• DSS Issue tracker: https://ec.europa.eu/cefdigital/tracker/projects/DSS/issues