Frequently Asked Questions

Can I sign documents with DSS alone?

DSS in itself provides the cryptographic core components for your digital signatures based on trusted identities. However, for the most common use case of document signatures, a few other steps are necessary.

A document that should be digitally signed needs to be submitted through the DSS API as a hash value. Hashing the document has to be done on the client side, either by leveraging a compatible digital signature application or by setting up and possibly writing a properly configured application.
The signed hash and timestamp tokens returned by DSS need to be embedded into the document. Once again, this has to be done on the client side, either by leveraging a compatible digital signature application or by setting up and possibly writing a properly configured application.

For further questions on how to use DSS to its full extent, please contact our Sales Team.

How does DSS share a private key to end user?

DSS does not provide private keys to end users. Rather than that, a private key is created when the /identity API call is used, together with a certificate containing the requested subject information (as long as those are within the validation policy). This private key is then used for the signature of the SHA-256 hash submitted with the sign API call. The signed hash is then part of the API response, but the private key never leaves the secure GlobalSign environment.

Are signatures produced by DSS AATL trusted?

As many GlobalSign CAs are part of the Adobe Approved Trust List (AATL), all certificates issued by or building a chain to any of those CAs will be trusted in Adobe Products or any software using the AATL as a trust store.

Do customers need to go through identity verification to use DSS?

As a publicly trusted CA, GlobalSign serves as a "trust anchor". Any digital identity signed as valid by GlobalSign will be displayed as valid by most software and applications. Therefore, GlobalSign will have to verify the identity of your organization before activating your DSS Account.

What signing identities does DSS Support?

DSS currently supports signing with employee or organization/department-level identities. Depending on the setup of your DSS account, the Common Name (the name that will be displayed together with your signature) for your signatures is either fixed or can be dynamically applied by submitting a /identity API call and then referencing that identity when using /sign.

I've lost my API credentials, what do I do?

Atlas Portal Users:

Navigate to the "API Credentials" tab in your account and create a new set of credentials. You'll be once again asked to associate a service and an identity. Once the API credentials are created, they are displayed and available for download.

Non Portal Users:

Please contact the account manager or Sales Engineer who assisted you in setting up your account. Or you can reach out to our Support team.  

What is the difference between Signing and Certifying?

Digital Signatures are sometimes called approval signatures and expedite an organization's approval procedure by capturing the approvals made by individuals or departments and embedding them within the actual PDF. They do exactly what the name implies, prove that you and/or other signers, have approved the content of the document.

Certifying a document is sometimes referred to as sealing the document. Unlike approval signatures mentioned above, you can only certify a document once and you cannot certify if the document already has a digital signature. This means certifying is usually done by the author or creator of the document, before it's published or sent for additional signatures or form fill-ins.
Note: As of now, you can only certify using Adobe Acrobat. Adobe Reader doesn't support this function. For more information, please see our AATL Document Signing FAQs. 

What leading document workflow platforms is DSS currently integrated with?

GlobalSign’s Digital Signing Service is already integrated with leading document work flow providers including Adobe Acrobat Sign and DocuSign. This provides customers with an easy way to add legally accepted and publicly trusted digital signatures to Adobe Acrobat Sign and DocuSign workflows. Once an organization’s DSS account is set up, employees can start digitally signing within these applications.