SDK development components

Software components intended for integration into third-party solutions include:

The Szafir SDK software library written in Java, which enables electronic signature and electronic seal functionality to be embedded in third-party applications and systems running under the control of an operating system on the user’s workstation, or in server-based solutions where processing is performed in the background, for example in the case of automatic document sealing, automatic verification or upgrading to an archival format. Together with the Szafir SDK library, SDKWrapper is provided as a DLL library dedicated to integrators when the software is not developed in Java. SDKWrapper enables the use of functionalities offered by the Szafir SDK library from applications written in C/C++. In particular, the library can be used in the .NET environment.

Szafir SDK Web Module – a JavaScript library that enables electronic signature and electronic seal functionality to be embedded in applications and systems that use a web browser interface to communicate with the user. This library provides a universal interface enabling the use of the dedicated Szafir SDK Web extension and the SzafirHost application in Google Chrome >45, Opera >37, Firefox >52, and Edge based on the Chromium engine.

Both the library and the Web Module enable the creation and verification of standard and qualified electronic signatures and electronic seals in the following formats:

• CAdES (PKCS#7) – the application supports the following variants: CAdES-BES, CAdES-T, and enables multiple signatures.
• XAdES – the application supports the following variants: XAdES-BES, XAdES-T, XAdES-C, XAdES-A, and enables multiple signatures, countersignatures and enveloping signatures.
• PAdES – the application supports the following variants: PAdES-BES, PAdES-T, PAdES-LTV.
• ASiC-S – the application supports the following variants: ASiC-S-CAdES-BES, ASiC-S-XAdES-BES, ASiC-S-CAdES-T, ASiC-S-XAdES-T.

Szafir SDK components enable:

• creating and verifying electronic signatures and seals in all formats permitted under eIDAS (CAdES, XAdES, PAdES, ASiC-S)
• RSASSA-PKCS1-v1_5 digital signature, for example the possibility of using JWT token signatures in e-Delivery services
• timestamping documents that are signed or sealed
• timestamping documents both at the stage of creating and verifying signatures and seals
• support for TSL lists, enabling the verification of signatures and seals from most EU countries
• operation in multithreaded environments
• operation under any operating system on which Oracle Java version 1.8 or higher, or OpenJDK, is installed; the preferred version is AdoptOpenJDK
• configuration and launching of components in a way that prevents the user from making unwanted changes to the component configuration. The component configuration is defined at the component initialization stage using an XML structure with a defined format
• communication with cryptographic devices, such as a cryptographic card or cryptographic module, using PKCS#11
• extensive API parameterization. Tasks involving the creation and verification of electronic signatures, electronic seals and timestamping are commissioned by passing an XML structure to the component, within which:
  • signature or seal creation and verification tasks are defined
  • properties are assigned to these tasks, such as signature/seal format, timestamping options, etc.
• data objects to be signed/sealed or signatures/seals to be verified are indicated;
• the ability to process multiple data objects after a single launch of the component; the number and scope of processed objects result from the XML structure passed to the component, which contains the definitions of tasks to be performed
• placing a graphical representation of a signature or seal in a PDF file
• communication without the use of the file system. Data objects may be indicated to the components, and returned to the calling application or system, through file access paths or passed to the components within XML structures as Base64Binary objects
• reading and saving signatures via HTTP/HTTPS protocols
• bulk and fast creation and verification of signatures and seals through:
  • indicating multiple files for stream signing, sealing or verification
  • where the key pair is stored on a card, defining a time limit or a limit for the number of cryptographic operations up to which the technical component may be used after entering the PIN once
  • encryption and decryption of files using non-qualified certificates with DES3 and AES algorithms
• support for cryptographic cards issued by all qualified certification centres operating on the Polish market and by foreign qualified providers
• support for cryptographic modules via the PKCS#11 interface
• signing and verification of documents using the Polish e-ID card
• preview of many formats of documents signed, sealed and verified by Szafir SDK without the need to open files in an external application

• Windows 8/10/11
• Windows Server 2012/2016 R2/2016/2019/2022
• Mac OS, with distribution depending on the availability of cryptographic devices and libraries
• Linux, with distribution depending on the availability of cryptographic devices and libraries

Supported web browsers: Google Chrome >45 / Opera >37 / Firefox >=52 / Microsoft Edge >=81 based on the Chromium engine.

Signature creation devices:

• middleware software using the PKCS#11 interface, version 2.01 or higher, or Windows CAPI
• cryptographic card reader compliant with the PC/SC specification
• card working with any standard card reader compliant with PC/SC
• support for cloud/mobile certificate providers such as mSzafir; middleware software from the certificate provider using the PKCS#11 interface or Windows CAPI is required
• support for HSM cryptographic modules, Hardware Security Modules, via the PKCS#11 interface

Additional software:

A free or commercial version of Java from Oracle, version 1.8 or higher, is required. In the case of the free Java version, Adoptium OpenJDK 11 LTS or later is recommended (https://adoptium.net/temurin/releases).