Skip to main content
purple hex pattern
person on ipad

Document ownership and integrity, automated

Entrust Signing Automation Engine is an on-premises signing platform for Enterprises and Trust Services Providers, providing a complete range of web services for integrating digital signatures into applications. It is designed to centrally incorporate digital signature operations in accordance with the standards of ETSI CAdES, XAdES and PAdES.

How it works


Signing Automation Engine incorporates functions that provide a set of security and trust mechanisms as services that can be used with different integration strategies:

  • SOAP/WS: Using the OASIS DSS standard as an access protocol for web services
  • REST/WS, SOAP/WS: Using the Entrust Signing Automation Engine integration gateway, which supports configuring traffic and data processing with an XML pipeline language
  • Java SDK: For easy integration of electronic signature services in native Java applications

The following diagram illustrates a typical integration of the Entrust Signing Automation Engine platform into your organization.

Entrust Signing Automation Server architecture

Technical Specifications

  • Format: Software appliance (please contact us to learn more about supported hardware or virtual machines)
  • Event monitoring: Simple Network Management Protocol (SNMP)
  • Security services: OASIS WS-Security, DSS (Digital Signature Service) and SAML, SOAP, and SSL/TLS
  • Signature generation standards: PKCS#7, CMS, CAdES (ETSI TS 103 173), XML-DSig, XAdES (ETSI TS 103 171), signature for PDF documents (IETF), PAdES (ETSI TS 103 172) and S/MIME
  • Signature validation and augmentation standards: PKCS#7, CMS, CAdES (ETSI TS 103 173 and ETSI EN 319 122), XML-DSig, XAdES (ETSI TS 103 171 and ETSI EN 319 132), signature for PDF documents (IETF), PAdES (ETSI TS 103 172 and ETSI EN 319 142), and S/MIME Encryption standards: PKCS#7, CMS, XML-Enc, and S/MIME
  • Digital timestamping support: IETF RFC 3161 and RFC 5816 compatible servers
  • Certificate validation support: Using CRLs, IETF OCSP compatible servers and customized mechanisms (OCSP is required for LTV signatures)
  • Database and directory access: Oracle, Microsoft SQL Server, PostgreSQL and MySQL, LDAP directory access protocol
  • Authentication and authorization: Native authentication methods based on passwords and digital certificates. Password validation can be delegated to LDAP/AD
  • HSM support: PKCS#11 devices approved by Entrust Datacard (a license is required for the HSM connector)
  • Network file systems supported: SMB/CIFS and NFS

Optional Modules

Watched Folders

A module that executes a series of signature-related actions (e.g. signing, verification, stamping, augmentation) on any file added to selected folders in your network.

Read Data Sheet

Data Encryption

A module that provides document encryption and decryption functionalities. Supported formats are PKCS#7, CMS, XML-Enc, and S/MIME.

Contact Us


clipboard checked list icon

Authentication and Authorization

Supports native authentication methods based on passwords and digital certificates. The validation can be delegated to LDAP/AD.

file cabinet icon

Object and Entity Management

Manages platform entities and objects. External repositories, such as user LDAP/AD, databases, files, and HSMs can be added for protecting private keys.

certificate icon

Certificate Validation

Provides PKI functions for validating certification chains and querying certificate status. Supports OCSP/CRL and customized mechanisms (e.g., databases).

edit icon

Signature Creation and Validation

Creates and validates signatures compliant with the PAdES, XAdES, and CAdES standards; including document, email, and web services signatures.

thumbs up icon

Long-Term Validation (LTV)

Extends a signature’s validity up to the lifetime of the TSA certificate. Cryptographic reliability is preserved, the certification chain is incorporated as well as the certificate status information at the time of signing, and a timestamp.

desktop monitor icon

Auditing and Accounting

Logs are securely stored in a uniform and centralized way. It’s also possible to forward log data to an external SIEM tool for processing and generating a report.