Secure by Design

Zero-Trust Security Architecture

The security of your data isn’t just a feature — it’s foundational. We don’t need a copy of your document to vouch for your seal. From our command-line tools to our cryptographic key infrastructure, every layer of our system is built with zero trust principles, clear boundaries, and hardened infrastructure.

Software Design

API

Our API is purpose-built for minimal attack surface and clear operational boundaries (see API documentation):

• Least privilege access is enforced at every layer — services, IAM roles, and internal processes
• Separation of concerns ensures each component only does one thing and does it securely
• Modular architecture allows rapid patching and secure isolation of components
• Ephemeral compute: all workloads run on disposable infrastructure with no persistent state
• Zero trust: every request is authenticated; all client data is untrusted and verified server-side

CLI

Our CLI is security-forward by design — it minimizes risk by transmitting only what’s absolutely required:

• Local SHA-256 hash is generated for your document; the document itself is never uploaded
• HMAC-SHA-256 is computed using your API Key to prove authenticity and freshness
• Secure HTTPS transmission ensures confidentiality and integrity
• No overreach: the CLI sends only the digest, HMAC, and a UTC timestamp — never your documents

API Keys

API Keys give you fine-grained control over how signing works in your environment:

• 160-bit cryptographically secure random keys
• Scoped access: define allowed IPs, times of day, usage rate limits, and expiration dates
• Audit-friendly: every key usage is logged and tied to the specific action it authorized; logs are immutable
• Encrypted at rest: API Keys are encrypted at rest with an HSM-hosted key and can only be decrypted by the PDF signing service.

Signing System

Architecture

Our document signing backend is built with strict isolation and compliance in mind:

• Network-isolated: runs in its own VPC with no internet exposure and limited ingress
• TLS required for all internal service calls — no exceptions
• Key material cannot leave the HSM: all signing operations are performed on-device
• FIPS 140-3 Level 3 compliant HSMs for the highest assurance in cryptographic key protection

Signing Logic

Every signature produced is compliant, verifiable, and future-proof:

• PKCS#7 CMS structures are built directly from the client-submitted SHA-256 hash
• Full certificate chain is embedded for long-term validation and Adobe Acrobat trust
• Secure timestamps are logged for every request (TSA timestamps within the PDF are available)
• Immutable logs of every signing operation are stored with write-once-read-many (WORM) protection

Security Certifications & Compliance

• FIPS 140-3 Level 3 Hardware Security Modules
• Adobe Acrobat trusted certificate authority
• eIDAS European digital signature compliance
• ISO 27001 Certified Infrastructure

Frequently Asked Questions

How secure are PDF digital signatures?

Our PDF signatures use enterprise-grade HSM protection with FIPS 140-3 Level 3 compliance, the same security level used by banks and government agencies. Our focus on security from the start has made Trusted Signatures a premier product.

How do you secure our documents?

We never see or store your PDF documents. Only SHA-256 hashes are transmitted for signing, ensuring complete document privacy. Because we never have access to them, it is impossible for us to leak your confidential documents.

What compliance standards do you meet?

We meet Adobe Acrobat, and eIDAS standards, and our infrastructure meets ISO-27001, SOC II, and FIPS standards, making our service suitable for regulated industries including government, healthcare, finance, and legal.