pdfMachine - Signing Server

For details on pdfMachine Signer please click here

The pdfMachine Signing Server performs two functions:

1) Time Stamp Authority (TSA)
It adheres to the Time-Stamp Protocol described in RFC 3161. It can be used to Timestamp PDF's by the pdfMachine Signer client software.

2) PDF signing server
To be used by pdfMachine client software for digitally signing PDF's with a private key that resides on a server.

The URL's for the servers are:

https://signer1.broadgun.com:7070
https://signer2.broadgun.com:7070

What is a Time Stamp Authority (TSA) ?

A time-stamping service supports assertions of proof that a document
existed before a particular time. This is all done in a cryptographically secure manner.

This is described in detail in RFC 3161 at http://www.ietf.org/rfc/rfc3161.txt

Put simply, if you can trust the time of a TSA, then you can trust the document signing time in the PDF thus proving the existence of a document at a certain time.

The pdfMachine Signing Server synchronizes its time every few minutes with the time servers at the National Institute of Standards and Technology (NIST) in the USA. The NIST is the official timekeeper in the USA and uses atomic clocks to calculate time.

When a PDF file is time stamped, a little "clock" symbol is shown on on the signature property pages within Adobe Reader.

e.g.

TSA details:

Policy ID:

1.2.3.4.5.6.6449.1.2.1.3.8

- See "permitted usage" below.

Specified Accuracy :
plus or minus 1 minute (although actual accuracy is less than a second)

Timestamping Certificate:

There are two certificates - the timestamping certificate and the root certificate.
Our timestamping certificate was issued by Broadgun Software and has a root certificate named "Broadgun Software CA".
This root certificate MUST be installed on all machines that are used to either sign or view the certificate.
You can either:

Click here to install the Broadgun Software root certificate in the Windows certificate store. Make sure you choose which store to place it into (the "Trusted Root Certification Authorities Store") rather than let the Wizard automatically place it.
or
Click here to install the Broadgun Software root certificate in the Adobe Reader certificate store.

Click here to view/download the Broadgun Software time stamping certificate

What is Server Signing?

Server signing allows you to get up and running with signing PDF's immediately. You sign your PDF's with a digital certificate that resides on a pdfMachine server. This works without sending the PDF or any private data to the pdfMachine servers. Only a 20 byte "message digest" of the PDF is sent from the pdfMachine client application to the pdfMachine Signing Server, where it is signed and time stamped. The signature is then sent back to the client machine to and inserted into the PDF.

Permitted Usage:

The servers are only intended to be used by pdfMachine customers using the pdfMachine software. Any other use without permission of Broadgun Software Pty Ltd (Broadgun) is not allowed.

A document signed with a Broadgun Timestamping Certificate indicates that the pdfMachine Signing process has been followed - that is all. It does not mean the Broadgun agrees to the content of the signed document in any way. Broadgun never sees any document content, nor is any document content passed to any Broadgun server.

Please contact Craig Broadbear at regarding licensing enquires.