An open, multi-platform digital signature solution.


This project is devoted to provide a simple software layer for digital signature, when an hardware cryptographic token is required.

The main goal is to maintain platform independence, and application environment neutrality (web and standalone usage examples are provided). The default implementation tries to comply as strictly as possible with the italian law digital signature directives.

j4sign has the ambition to be the first Java2 free software implementation of an "italian law - compliant" digital signature. Other similar software exists, see SmartSign and OpenSignature projects, but they use primarily C, C++ language.

It is developed at Servizio Sistema Informativo of Municipality of Trento, and is currently used to provide services involving digital signature of electronic documents.

The project core is practically an extension of the open source BouncyCastle cryptographic libraries for using PKCS#11 tokens.

PKCS stands for Public Key Cryptographic Standards, and is a set of specifications proposed by RSA Security Inc.; many of them has become RFCs or are de-facto standards. PKCS#11, for example, is the most widely used API for interacting with cryptographic tokens, because it was the first adopted in web browsers. For more informations about PKCS standards go to RSA Labs website.

Since PKCS#11 standard is an API specification in C language, implementations provided by token manufacturers are typically native libraries. The project uses Java Native Interface and related native libraries to interact with tokens.
For PKCS11 we use the excellent pkcs11 wrapper developed by IAIK of Graz University of Technology, released under an Apache/BSD-style license.

For basic SmartCard detection we use also the PCSC wrapper developed by the Open Card Framework consortium; this wrapper (the wrapper only) also is released under Apache/BSD-style license.

The project addressed the Windows1 OS initially, due to the prevalent availability of pkcs11 implementation libraries for this platform.
As of release 0.1.2 Linux support has been introduced, and now (2010) the availability of proprietary PKCS#11 Linux libraries is quite common; many thanks to Antonino Iacono from opensignature project for his precious help in setting up Linux stuff.
OpenSC project Free Software pkcs11 implementation (opensc-pkcs11 library), which supports lot of tokens both on Linux and Windows, works with j4sign, but is not usable currently with tokens that protect PIN entry and signature function with Secure Messaging.

The upcoming 0.12 release of OpenSC will introduce support for Secure Messaging, and in particular for dynamic negotiation of SM keys, as in IAS-ECC. Unfortunately, some Italian Certification Authorities still embed static symmetric keys for Secure Messaging both inside tokens and in PKCS11 proprietary libraries.


Freesigner, verifica-firma and firma-digitale latest versions support CAdES with sha256 hashing.

Note: All the examples feature complete verification to ensure non-repudiation, checking the full certification path including the CA root certificate, and CRL verification.


j4sign is Free/Libre software, released under the GNU GPL version 2 (or later) License.

(1) Windows® is a registered trademark of Microsoft Corporation.
(2) Java is a registered trademark of Oracle Corporation.

Style respectfully borrowed from Blue Robot's Layout Reservoir

Certum code:

Comune di Trento

SourceForge.net Logo