Digital Signing Core
Full reference for hash signing, RSA/EC algorithms, detached and attached signatures, batch signing, and timestamps.
All features supported
Every digital signing capability listed below is implemented and working on Mobile App and Desktop Software. Hash signing is the foundation for PDF, XML, CMS, and custom document workflows.
Overview
Digital signing core signs a pre-computed document hash with the private key on the DSC token. The portal computes the hash server-side; SecureSign performs the cryptographic operation after PIN verification.
- Detached — returns raw
signatureBase64(portal attaches to document). - Attached — returns CMS/PKCS#7 envelope containing signature + certificate.
- Timestamp — optional TSA counter-signature for long-term validity.
Platform Support
| Feature | Mobile App | Desktop Software | REST API |
|---|---|---|---|
| Sign Hash | Deep link | Deep link | POST /sign/hash (orchestration) |
| Verify Signature | Product + API | REST API | POST /verify/hash |
| RSA Signing | Default | Default | RSA-SHA256 |
| SHA256 / SHA384 / SHA512 | hashAlgo | hashAlgo | hashAlgo |
| Detached Signature | Supported | detached: true | detached: true |
| Attached Signature (CMS) | Supported | attached: true | attached: true |
| Batch Signing | Multiple deep links | Session reuse | POST /sign/batch |
| Bulk Signing | Portal workflow | Session reuse | POST /sign/batch |
| Timestamp Support | TSA integration | timestamp: true | timestamp: true |
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
hashBase64 | string | Yes | Base64-encoded document hash |
hashAlgo | string | Yes | SHA256, SHA384, or SHA512 |
certSerial | string | No | Pre-select certificate by serial |
detached | boolean | No | Return raw signature (default true) |
attached | boolean | No | Return CMS envelope (default false) |
timestamp | boolean | No | Request TSA timestamp (default false) |
callbackUrl | string | REST only | Server callback after mobile signing |
platform | string | REST only | mobile_browser or desktop_software |
Algorithms
| hashAlgo | Signature algorithm | Use case |
|---|---|---|
SHA256 | SHA256withRSA | Default — GST, MCA, general signing |
SHA384 | SHA384withRSA | Higher security requirements |
SHA512 | SHA512withRSA | Policy-mandated SHA-512 |
Batch Signing
Sign multiple hashes in one PIN session. User enters PIN once; SecureSign signs each item sequentially.
{"items":[{"requestId":"r1","hashBase64":"..."},{"requestId":"r2","hashBase64":"..."}],"callbackUrl":"https://portal.example.gov.in/callback"}Examples
window.location.href = `securesign://sign?requestId=${id}&hashBase64=${hash}&hashAlgo=SHA256&callbackUrl=${callback}&apiKey=${apiKey}`;Attached CMS signature
Pass attached: true and timestamp: true via deep link query parameters or REST API body. See Deep Link Protocol.
securesign://sign?requestId={uuid}&hashBase64={hash}&hashAlgo=SHA256&documentType=hash&attached=true×tamp=true&callbackUrl={url}&apiKey={key}Response
Detached signature
{"success":true,"signatureBase64":"MEUCIQD...","algorithm":"SHA256withRSA","certificate":{"subjectCN":"Rajesh Kumar","serialNumber":"4A3B2C1D"}}Attached CMS with timestamp
{"success":true,"cmsBase64":"MIIG...","timestampToken":"MIID...","algorithm":"SHA256withRSA"}Batch response
{"success":true,"results":[{"requestId":"r1","signatureBase64":"MEUCIQD..."},{"requestId":"r2","signatureBase64":"MEUCIQE..."}]}Errors
| Code | Cause | Resolution |
|---|---|---|
SS_HASH_INVALID | Malformed or unsupported hash | Verify base64 encoding and algorithm match |
SS_ALGO_NOT_SUPPORTED | Unsupported hashAlgo | Use SHA256, SHA384, or SHA512 |
SS_PIN_INVALID | Incorrect PIN | User retries PIN entry |
SS_SIGN_CANCELLED | User cancelled | Re-initiate sign flow |
SS_TSA_UNAVAILABLE | Timestamp authority unreachable | Retry or sign without timestamp |
See also Signing API — POST /sign/hash.