Faça o Login no Certillion

Início » API » Overview

Overview

Documentation

Overview

Certillion is a complete digital signature generation and verification service, providing several benefits to developers and end consumers in a simple and direct way, and is compatible with national and international digital certification standards.

Overview

Certillion Overview

Certillion is a digital signature service that offers, among others, several benefits to the developer:

    1. Develop systems that accept all types of digital certificates: A1 (file), A3 (card or USB token) and cloud certificates;
    2. Sign any type of file: .doc, .pdf, .xml, etc.;
    3. Sign using any standard – CAdES (any data), XMLDSig and XAdES (xml) or PAdES (pdf);
    4. Access via REST web service API, which can be called from any programming language.

The end user (or signatory, who will sign documents) has the following advantages:

    1. Sign on any platform: Windows, Mac, Linux, Android and iOS;
    2. Use the same certificate you already have, without having to purchase another one to access a specific system.

To achieve these benefits, Certillion uses a Unified API, which allows:

    1. Making signature requests using local A1 and A3 certificates;
    2. Make signature requests using cloud certificates;

Both actions described above are performed without the need to modify the signature flow, only requiring the selection of the PSC to be used. The API accepts the following PSCs:

    1. CERTILLION_SIGNER (Emulates a PSC slot with the signer) for signatures with local A1 and A3 certificates;
    2. BIRDID, VAULTID, REMOTEID, SAFEID, VIDAAS, NEOID and DSCLOUD for signatures with cloud certificates;

Terminology

In this document, the following terms are used:

    1. AC (Certification Authority): company that provides the digital certificate;
    2. ACT (Time Certification Authority): company that provides the time stamp;
    3. Application: system that the end user uses (e.g.: Electronic Medical Record, ERP, web portal, etc.);
    4. App: signing application running on the signatory’s device;
    5. Timestamp: digital document provided by a Time Certification Authority that attests to the exact moment, with legal value, of a signature. It contrasts with a “self-declared” signature, based on the time of the computer where the signature was made and whose legal value can be contested more easily;
    6. Client: client company from the point of view of Certillion, which develops the applications used by its end users;
    7. Device: the computer or smartphone where the app is installed;
    8. Hash: document summary code (generally generated with the SHA-256 algorithm);
    9. ICP-Brasil (Brazilian Public Key Infrastructure): set of standards for regulating certification in Brazil;
    10. ITI (National Institute of Information Technology): Brazilian public agency responsible for maintaining ICP-Brasil
    11. LCR (List of Revoked Certificates) or CRL: file containing a list of revoked digital certificates (i.e., canceled before the scheduled deadline) issued by a specific Certification Authority;
    12. OCSP (Online Certificate Status Protocol): like LCR, it provides information about the validity of a digital certificate, but only for a single certificate;
    13. Oauth2: web authentication standard where a website redirects to another for authentication (e.g. login via Facebook);
    14. OTP (One Time Password): dynamic password, generated by an app or portable hardware (e.g. “bank keychains”) and changed every 30 or 60 seconds;
    15. Signature standard: digital signature encoding format, the most common are:
      • CAdES: standard that can sign any type of digital file – documents, images, videos, audio, etc. – and is known by the extension “.p7s”. Supports attached and detached modes and all signature policies;
      • PAdES: signature standard for PDF files. Only supports the attached format, where the signature is inside the PDF document. It is automatically recognized and verified by Acrobat Reader on Windows; 
      • XAdES and XMLDSig: specific signature of the XML standard, XMLDSig is the standard used in Electronic Invoice (NFe);
      • Signature Policies: standardize the generation and verification of a digital signature:
      • Digital Signature with Basic Reference (AD-RB): contains:
        • signature itself;
        • signatory’s digital certificate;
        • can optionally contain the original document (attached mode), if not included it is called detached mode;
  2. Digital Signature with Time Reference (AD-RT): AD-RB plus time stamp;
  3. Digital Signature with Validation References (AD-RV): AD-RT plus references to verify the signature;
  4. Digital Signature with Complete References (AD-RC): AD-RT plus LCR or OCSP, allows verification of the signature in offline mode;
  5. Digital Signature with Archiving References (AD-RA): AD-RC plus new signatures to extend the verifiability of the signature for more years; 
  6. PSC (Trusted Service Providers): company that keeps the user’s digital certificate and private key in the cloud;
  7. QrCode: image containing encoded digital information, to retrieve it requires an app with access to the camera;
  8. Signatory or signatory: end user who has a digital certificate and signs documents.
Shopping Basket