CryptoPro DSS

CRYPTOPRO DSS —
DIGITAL SIGNATURE
SERVER

CryptoPro DSS is a remote digital signature solution helping various organizations to provide handy digital signing and encryption/decryption experience to their users. Cloud signature service is easy with CryptoPro DSS.

SUPPORTED
DIGITAL SIGNATURE
FORMATS:
  • CMS/PKCS#7,
  • CAdES-BES, CAdES-T and CAdES-X Long Type 1;
  • XML Digital Signature, XMLDSig;
  • PDF signing (Open Document Format — .pdf);
  • Microsoft Office documents signing (Open Office XML — .docx, xlsx).

CryptoPro DSS provides a web interface for both direct interaction with users and through other web portals. Also included are an APIs suitable for integration with ECM systems, online banking, e-procurement, desktop applications, mobile devices etc. SOAP, REST and HTTP-API (HTTP Redirect) APIs are available to choose.

DSS supports different authentication methods ranging from usual passwords to strongest cryptographic methods using different techniques. Built-in identity provider leverages the following authentication methods:

  • One-time passwords via SMS (OTP-via-SMS);
  • OTP-tokens (compliant with OATH, Open AuTHentication standards);
  • Authentication codes calculated by SIM-card applet or special mobile application myDSS, available for Apple iOS and Google Android, using MAC function (national or international cryptography are both possible);
  • Other strong cryptographic methods (various options based on TLS and USB tokens, including smart card emulators for mobile devices);

External identity providers supporting industry standard federated authentication protocols enable DSS to use other authentication methods (e.g. biometric).

SAML 1.1/2.0 (WS-Federation Passive Requestor Profile 1.0 and/or WS-Trust 1.3) and OAuth 2.0 + OpenId Connect 1.0 are both supported.

Private keys are stored and operated securely inside hardware security module (HSM). DSS can use SafeNet Luna Network HSM to support international cryptographic algorithms. CryptoPro HSM is another option both for international and Russian national cryptography. Other HSMs can be plugged to DSS too.

All operations with keys are carried out inside HSM, making them non-extractable and secure from being compromised even by administrators.

The security level of CryptoPro DSS meets requirements of CEN/TS 419241 “Security Requirements for Trustworthy Systems Supporting Server Signing” for the higher level (QES, level 2) and exceeds them in authentication security, role model, audit and functioning in a hostile environment.

Follow us