I have recently penned a couple of blog posts about our CloudFoxy eIDAS-compliant solution for PDF signing and first experiences from the production use. CloudFoxy is a signing integration for a zero-driver use of secure signing web services and hardware (including eIDAS compliant or OpenPGP smart cards).
Thanks to a kind help from Josef Cacek, the author of JSignPDF, the integration for CloudFoxy is now supported by one of the most popular free PDF signing software. It means that 2,541 users (as of 15:30 on 26th September), who downloaded JSignPDF from SourceForge, and others using one of the numerous download locations are able to do eIDAS signatures without complicated configuration of their computers.
CloudFoxy is designed for enterprise customers, where there are hundreds of users who need to sign documents before they are sent to third-parties or archived to comply with eIDAS legislation. But it can also run on a single Raspberry Pi mounted to your laptop as a file storage, where you can drop files you need to sign.
Get in touch ([email protected]) if you’re interested in the desktop / Raspberry Pi / home .. version. We have a proof of concept done but looking for suitable integration options.
As we got some requests about more common signing devices, we now test the system with OpenPGP smart cards and dongles (Yubico – NEO dongles, OpenKMS, Prism, OpenFortress, etc.). As the CloudFoxy solution is built with flexibility in mind, we only had to add a new signing provider in FoxyProxy.
The picture above shows the points, where you can integrate your application with CloudFoxy. From a low-level integration on the left, through an application-friendly middle option, to a particular use-case – PDF signing in this case.
eIDAS smart cards (aka qualified signature creation device – QSCR … I know, I can’t remember it either) – suitable for advanced digital signatures, as well as qualified digital signatures are hard to keep working with laptops and PCs. Our solution takes these headaches away as all the complexity is hidden in our CloudFoxy.
Each eIDAS provider has their own proprietary protocol to talk to their smart cards. This means you need a particular driver and you need a driver for each trust provider you may use.
We have abstracted this complexity into FoxyProxy, which translates useful commands (Sign, Request new certificate, etc.) into one of the proprietary protocols. Supporting OpenPGP means an addition of a protocol translation into FoxyProxy – a low footprint network proxy) and that’s it.
- get in touch – [email protected]
- visit our website at https://cloudfoxy.com
- GitLab projects and technical documentation – https://gitlab.com/cloudfoxy
… and have a look at our HTTPS monitoring service KeyChest, which will integrate with CloudFoxy for secure key distribution and certificate renewal in near future.