Document Signing

Full reference for DOCX, CMS, PKCS#7, P7S, file hash, and custom file signing workflows.

All features supported

Every document signing capability listed below is implemented and working on Mobile App and Desktop Software. CMS/PKCS#7 envelopes follow RFC 5652 with CCA India certificate chains.

Overview

Beyond PDF and XML, SecureSign signs arbitrary file types using hash + CMS/PKCS#7 workflows. DOCX signing embeds signatures in Office Open XML structure; P7S files provide detached signature containers for any file type.

Hash signing — compute hash server-side, sign via Digital Signing.
CMS/PKCS#7 — attached signature envelope with certificate chain.
P7S — detached .p7s sidecar file for any document.

Platform Support

Feature	Mobile App	Desktop Software	REST API
DOCX Signing	Deep link	Deep link	POST /sign/docx
P7S Generation	Supported	Deep link	POST /sign/p7s
CMS Signing	Supported	Deep link	POST /sign/cms
PKCS#7 Signing	Supported	Deep link	POST /sign/pkcs7
File Hash Signing	Deep link	Deep link	POST /sign/hash
Custom File Signing	Hash + CMS workflow	Deep link	POST /sign/file

Supported Formats

Endpoint	Input	Output	Use case
`POST /sign/docx`	DOCX base64	Signed DOCX base64	Word documents with embedded signature
`POST /sign/p7s`	File hash base64	P7S base64	Detached signature sidecar (.p7s)
`POST /sign/cms`	Content base64	CMS envelope base64	Attached CMS signature
`POST /sign/pkcs7`	Content base64	PKCS#7 base64	Alias for CMS signing
`POST /sign/file`	File base64 + mimeType	Signature + signed file	Generic file signing
`POST /sign/hash`	Hash base64	Raw signature base64	Custom integration

Request Fields

Common fields

Field	Type	Required	Description
`fileBase64`	string	Yes*	Base64-encoded file content
`hashBase64`	string	Yes*	Pre-computed hash (for P7S / hash workflows)
`hashAlgo`	string	No	`SHA256` (default)
`mimeType`	string	No	MIME type for `/sign/file` (e.g. `application/pdf`)
`detached`	boolean	No	Return detached P7S (default `true` for P7S)
`certSerial`	string	No	Pre-select certificate
`timestamp`	boolean	No	Include TSA timestamp

Examples

const params = new URLSearchParams({
  requestId: crypto.randomUUID(),
  hashBase64: sha256Base64,
  hashAlgo: 'SHA256',
  documentType: 'hash',
  callbackUrl: 'https://portal.example.gov.in/sign/callback',
  apiKey: 'ss_live_abc123xyz'
});
window.location.href = `securesign://sign?${params}`;

const params = new URLSearchParams({
  requestId: crypto.randomUUID(),
  hashBase64: sha256Base64,
  hashAlgo: 'SHA256',
  documentType: 'hash',
  callbackUrl: 'https://portal.example.gov.in/sign/callback',
  apiKey: 'ss_live_abc123xyz'
});
window.location.href = `securesign://sign?${params}`;
// Use documentType and documentBase64 per Deep Link Protocol

curl -X POST https://api.securesign.toolsbots.com/v1/sign/cms \
  -H 'Authorization: Bearer ss_live_abc123xyz' \
  -H 'Content-Type: application/json' \
  -d '{"fileBase64":"...","hashAlgo":"SHA256","callbackUrl":"https://portal.example.gov.in/callback"}'

Custom file signing

securesign://sign?documentType=hash&amp;...
{
  "fileBase64": "UEsDBBQAAAAI...",
  "mimeType": "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
  "hashAlgo": "SHA256",
  "detached": true
}

Response

P7S / CMS

{"success":true,"p7sBase64":"MIIG...","contentType":"application/pkcs7-signature","algorithm":"SHA256withRSA"}

DOCX

{"success":true,"signedFileBase64":"UEsDBBQAAAAI...","signatureField":"Signature1"}

Custom file

{"success":true,"signatureBase64":"MEUCIQD...","p7sBase64":"MIIG...","fileHash":"a1b2c3d4..."}

Errors

Code	Cause	Resolution
`SS_FILE_INVALID`	Unsupported or corrupt file	Verify file format and encoding
`SS_MIME_TYPE_UNSUPPORTED`	Unknown `mimeType`	Use supported MIME type or hash workflow
`SS_DOCX_SIGNATURE_FAILED`	DOCX structure incompatible	Ensure valid Office Open XML document
`SS_HASH_INVALID`	Hash does not match file	Recompute hash server-side

See also Digital Signing and Verification Engine.