2

I have a DMS system(alfresco) that needs to sign approx 50.000 valid signatures a year. The signing certificate needs to be acquired from one of the affiliated sub-CA's. So according to the Adobe CDS certificate policy, are they obligating me to use a hardware HSM or usb Token? I want to use SoftHSM instead. It is free & opensource (but no hardware).

Is this possible?

Improve this question
1
  • How did you resolve this problem ? I'm thinking buying a Digital Certificate for HSM and trying to install in SoftHSM.. Did you try it? Commented Aug 26, 2020 at 15:04

1 Answer 1

Reset to default
0

The CDS Certificate Policy (available here) specifies in section 6.1.1

Subscriber key pairs must be generated in a manner that ensures that the private key is not known by anybody other than the Subscriber or a Subscriber’s authorized representative. Subscriber key pairs must be generated in a medium that prevents exportation or duplication and that meets or exceed FIPS 140-1 Level 2 certification standards.

SoftHSM is not FIPS 140-1 Level 2 compliant. As far as I know, level 2 and upper requires a hardware cryptographic module.

Note that the AATL program (successor of CDS) has similar requirements but it provides a larger set of Certification Authority which could provide you either a physical signature certificate or a signature SaaS solution.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.