Detailed description of the solution

What is ASD WebSigner

ASD WebSigner is developer component for Web App developers to ensure the electronic signature of any content in a Web browser environment.

It is primarily intended for developers creating Web applications in .NET environment, ie in one of the following implementation frameworks:

  • .NET Framework 4.6.1+
  • .NET Core 3.1+
  • .NET 5.0+

More is described in Technical server requirements.

For other development environments, such as PHP, Java etc., the component can also be used through REST API services deployed in .NET environments outside the Web application itself, such as Linux / Apache / .NET Core.

How does it work

The component is made of two parts:

Client part

End user will install the client part of the component on his Windows, OSX, Linux, Android or iOS device only once, regardless of which Web browser, regardless of which Web browser user uses to connect to the Internet.

You can try out the whole signing process from the end user's point of view in Demo.

Functions and features

End users can use electronic signature in web browsers on all usually used operating systems and browsers. More is described in the detailed Technical requirements for client’s environment.

Signed content

The component is designed so generally that you can sign not only pre-prepared content types like PDF, XML, CMS, DOCX, XLSX, TEXT, HASH or Binary, but you can sign basically any other content thanks to the ability to insert your own Server Plugin, or at the level of the HASH signature of the content.


The component supports both of a classic electronic signature and a signature accorting to the eIDAS directive, ie using the PAdES, XAdES and CAdES.


The created signatures can be time-stamped by any unqualified or qualified TSA authority issuing time-stamps according to RFC 3161 and RFC 5544.

Signature key algorithms

The component supports both certificates with standard RSA key algorithms and modern ECDSA (elliptic curve).

Certificates store

For signature, user can use certificates available in:

  • HW security device (HW token, chip card)
  • System Certificate Store (CSP) in Windows
  • KeyChain on OSX
  • In the certificates store of the Android and iOS mobile platforms
  • In the backup file of types PFX / P12 / PEM / CER-KEY

Bulk signature

Within one signing session, it is possible to sign not only one content or document, but it is possible to sign any number of documents in bulk.

Document size

The component is optimized for signing large documents, and if the user does not want to explicitly view the document when signing, then it is not necessary to transfer the entire large content of the document to the client. Only the fingerprint of the document calculated on the server is transmitted, which can significantly speed up the signature itself.

Certificates filtering

Web developer can influence which personal certificates (qualified, unqualified, from specified CA with specific attribute…) are acceptable for the signature and the user can then use only these of his certificates that he has installed. For other certificates, the reason why they cannot be used is shown.

Choice of certificates

After the first use of a certificate during signing, the component remembers this certificate and offers it to the user as the default when signing.

Qualified certificates

In case of using qualified certificates, the component verifies the validity of the issuing qualified certification authority against the EU TSL online service. So, it is able to confirm the use of a qualified certification authority from all EU member states.

Certificate verification

Server-side component verifies validity of used signing certificate including complete check of its integrity.

Signature verification

The server-side component verifies the validity of the created signature (s) before passing the resulting signed content to the host application.

I see what I'm signing

The user sees directly in the component what he is signing, including the ability to view the signing document(s).


The component supports localization into multiple languages. The basic distribution includes support for English and Czech, however, any additional languages can be added as an add-on.

UI Customize

On the server side, the authors of the hosting Web application may change the look of the component in Web browser (UI). The client window for the signing itself, which opens outside the Web browser, can be customized with the application’s own logo and the name of the application for which the signature is performed.

OS/Browser detection

The component automatically detects currently used client-side operating system and web browser. In case of unsupported OS / browser version, the user is notified and is not allowed to start the signing process.

Client part installation

Client part installation on desktop platform is performed from installation packages to the user’s profile without necessity to have administrator rights. Installation on mobile platform is performed from official stores Google Play and Apple Store. The installation is performed only once, regardless of which Web browser user uses or will ever use.

Automatic update

In case of use new component version in web application, after first use there is performed automatic update of client’s part of application without any user intervention.

Support for multiple versions of the client part

User can use signature in several Web application simultaneously independently of each other, while each Web application may use / require a different version of component. For these cases, the client part of the component supports multiple versions of component side by side.

Independence from other components

Client except Windows 7 doesn't have to install any other additional packages. In case of Windows 7, it is necessary to install .NET Framework 4.5 or higher.