eSignature Services

Digital Signature Services (DSS)

Release candidate

Download DSS v5.8.RC1 (pre-release)

Here, you can download the latest version of the Digital Signature Services open-source library released in December 2020. You can read more about DSS and how it can help you here.

Source code is available in .zip and tar.gz

Release Note - Version 5.8.RC1 (pre-release)

Bug

[DSS-1900] - Unable to init SunPKCS11 with Java 9+ since DSS 5.5
[DSS-2055] - XAdES Enveloping - Content timestamp not working with Embed XML option
[DSS-2090] - PAdES visual signature always has whitespace above text
[DSS-2112] - JAdES : Support of Content Tst with Detached Signature
[DSS-2116] - ETSI VR: DTBSR in Signature Identification Element
[DSS-2145] - MessageTag shouldn't contain arguments
[DSS-2148] - OfflineRevocationSource : use RevocationTokenRefMatcher for references and identifiers comparision
[DSS-2149] - Extending LTA signatures adds unnecessary revacation info objects
[DSS-2150] - Incorrect ats-hash-index-v3 creation extending a signature with two archive time-stamps
[DSS-2156] - X.509 Validation Constraints shall return INDETERMINATE/CHAIN_CONSTRAINTS_FAILURE
[DSS-2160] - DSS includes manifest entries in the scope when detached documents are not provided
[DSS-2162] - Extract LevelContraints based on a Context
[DSS-2186] - XAdES Enveloped Second Signature with LT or LTA and Content Timestamp fails
[DSS-2190] - XAdES : ArchiveTimeStamp inclusive canonicalization does not include parent namespaces
[DSS-2199] - Error validating Docusign document on LONG_TERM_DATA level after extending to PAdES_BASELINE_LT
[DSS-2214] - NPE in the ValidationProcessUtils.getLatestAcceptableRevocationData
[DSS-2216] - DigestMatcher does not find data for an EnvelopingCountersignature
[DSS-2227] - Native PDFBox drawer : wrong text position with a custom SignerTextPosition
[DSS-2228] - The font color is not being applied correctly in the OpenPDF implementation
[DSS-2239] - PAdES : conflict between signature parameters
[DSS-2251] - CaDES-LTA signature cannot be applied to document previously signed with CAdES baseline B
[DSS-2256] - Fails XAdESLevelTIndividualDataObjectTimeStampTest
[DSS-2257] - The revocation data is not updated for signatures with no timestamps
[DSS-2279] - XAdES : counter signature serialization issue with JDK 8
[DSS-2293] - Extraction of signed data fails for xades enveloping signature
[DSS-2294] - PAdES : level detection issue
[DSS-2301] - Incorrect warning when both ESSCertID and ESSCertIDv2 are present in QTSA

New Feature

[DSS-1964] - Implementation of JAdES (part 1)
[DSS-2075] - JAdES : creation with Complete JWS Serialization format
[DSS-2076] - JAdES : parallel signature support with JWS JSON Serialization
[DSS-2077] - JAdES : implementation of unsigned properties (Baseline-T)
[DSS-2078] - JAdES : Detached signature implementation ('sigD' element)
[DSS-2079] - DSS-2075 JAdES : creation with Flattened JWS Serialization format
[DSS-2102] - Introduce JAdES in the webapp
[DSS-2107] - JAdES : implementation of unsigned properties (Baseline-LT)
[DSS-2108] - JAdES : implementation of unsigned properties (Baseline-LTA)
[DSS-2109] - Introduce JAdES in the dss-standalone (JavaFX)
[DSS-2110] - JAdES : provide converter from JWS Compact Serialization to JSON (Flattened) Serialization format
[DSS-2111] - Introduce JAdES in the Webservices (REST/SOAP)
[DSS-2114] - XAdES : support of SignaturePolicyStore
[DSS-2125] - JAdES : introduce a KidCertificateSource
[DSS-2137] - Demonstration : add the possibility to provide signing/adjunct certificate(s) to the validation
[DSS-2164] - JAdES : support of SignaturePolicyStore
[DSS-2165] - JAdES : add unit tests for requirements
[DSS-2167] - JAdES : support counter-signature
[DSS-2172] - CAdES : support of SignaturePolicyStore
[DSS-2173] - SignaturePolicyStore validation
[DSS-2174] - Validate a SignatureValue against a ToBeSigned object and a certificate
[DSS-2177] - XAdES : counter signature creation
[DSS-2178] - CAdES : counter signature creation
[DSS-2187] - Demonstration : add webpage to produce counter-signatures
[DSS-2188] - Webservices : add methods to produce counter-signatures
[DSS-2204] - ASiC : add counter-signature creation
[DSS-2205] - ASiC : support of SignaturePolicyStore (creation)
[DSS-2266] - Add a check for OCSP Responder recursion into the validation process

Improvement

[DSS-1966] - Include a JSON validator
[DSS-2095] - Transformations on signature policy files
[DSS-2101] - DSS-Demo - TL flags vs country codes
[DSS-2113] - JAdES : expand DigestMatcher type check
[DSS-2115] - SAV : add a check of signing certificate reference constraint
[DSS-2120] - Use JVM's standard system properties for proxy configuration in CommonsDataLoader
[DSS-2123] - OCSPCertificateSource : add a method to retrieve the signing certificate(s) based on the ResponderId
[DSS-2124] - CandidatesForSigningCertificate check move to abstract
[DSS-2126] - Improve the message "The algorithm is no longer considered reliable!"
[DSS-2127] - DetailedReport : include the final conclusion and the semantics
[DSS-2128] - JAdES : support of sigRTst / rfsTst
[DSS-2133] - Replace SignedDocumentValidator.defineSigningCertificate(CertificateToken) for multiple signatures
[DSS-2134] - JAdES : Support of base64Url encoded "etsiU" components
[DSS-2135] - Cookbook : include information about ServiceLoader implementations management
[DSS-2136] - Validation process : review CryptographicVerification and FormatChecking building blocks
[DSS-2140] - OnlineOCSPSource : discard unusable OCSP responses
[DSS-2141] - Review AbstractTimestampSource / JAdESTimestampSource
[DSS-2146] - CryptographicCheck : add check on the different digest matchers
[DSS-2154] - Error generating XAdES LTA from a digest
[DSS-2157] - Remove unused MessageTags
[DSS-2163] - Report (html) : add anchor links between RAC, RFC and related checks
[DSS-2166] - Unit tests : replace Thread.sleep() with awaitility
[DSS-2168] - XAdES : introduce a distinction for SignatureProperties in the report
[DSS-2179] - Add validation data for counter signatures on a signature augmentation
[DSS-2180] - Extract TimestampedReferences from counter signatures
[DSS-2184] - Review SignaturePolicy processing
[DSS-2189] - WS : include a signatureFieldId into RemoteSignatureParameters
[DSS-2192] - Improve the Javadoc
[DSS-2193] - Review SignatureIdentifiers
[DSS-2194] - AdvancedSignature shall take only one manifest file
[DSS-2200] - Create transformations on signature policy files
[DSS-2201] - Specify if a reference is duplicated
[DSS-2206] - Hide complexity of TL Signature configuration
[DSS-2207] - CAdESTimestampSource : retrieve timestampedReferences based on archive timestamp type
[DSS-2208] - XAdES Timestamps : use Inclusive canonicalization by default
[DSS-2230] - XAdES : forbid multiple signing for signatures with an enveloped transform
[DSS-2232] - PDF Shadow attack : prevent visible signature overlap (PDFBox)
[DSS-2233] - PDF Shadow attack : prevent visible signature overlap (OpenPDF)
[DSS-2236] - PDF Shadow attack : visual change detection (PDFBox)
[DSS-2237] - PDF Shadow attack : visual change extraction (PDFBox)
[DSS-2242] - JAdES : align the code with draft 0.0.4
[DSS-2245] - Larger ASiC files cannot be read by the DSS Signature Validator
[DSS-2249] - DiagnosticDataBuilder refactoring
[DSS-2252] - ASiC Detached Countersignature Issue
[DSS-2254] - Default behavior of RevocationFreshness constraint not clear
[DSS-2258] - ETSI Validation Report : improve SignatureProductionPlace element
[DSS-2263] - PdfBox: use NativePdfBoxVisibleSignatureDrawer by default
[DSS-2268] - Review JPMS
[DSS-2269] - Improve XML Schema validation
[DSS-2270] - Upgrade CXF
[DSS-2278] - XAdES : allow validation of multiple timestamps from a single element
[DSS-2280] - Update BouncyCastle
[DSS-2284] - QCStatement QC_LIMIT_VALUE MonetaryValue structure not found
[DSS-2285] - XAdES : perform canonicalization only when the Reference output is a node-set
[DSS-2288] - XAdES : canonicalize octets when ds:Reference transforms result to an XML nodeset
[DSS-2295] - JAdES : align the code with draft 0.0.5
[DSS-2297] - Add the Title attribute to a certificate in DiagnosticData
[DSS-2304] - Update the cookbook
[DSS-2310] - WebApp : add base64Url encoded EtsiU option to JAdES creation page
[DSS-2313] - JAdES : align the code with draft 0.0.6
[DSS-2315] - WebApp : improve the error message
[DSS-2323] - PAdES B-LTA not recognised in some PDFs

Task

[DSS-2117] - Upgrade BouncyCastle
[DSS-2138] - Remove deprecated methods (CertificateVerifier)
[DSS-2211] - Upgrade PDFBox
[DSS-2224] - Upgrade JUnit
[DSS-2298] - OWASP review and upgrade dependencies
[DSS-2299] - Sonar review

Previous releases and security note

Find more information on the previous releases notes and on the security or navigate to the documentation section.

« eSignature standards eSignature List of Trusted Lists »

Thanks for downloading DSS

We would greatly appreciate if you could also help us enhance the user experience of this website and fill in this survey to tell us who you are:

Sector required

Private

Public

Company or organisation: required

Email address required

In compliance with our record and privacy statement, I accept that CEF uses the information I have provided for:

Update required

registering and receiving important notifications (e.g. security updates) regarding DSS)

Marketing

marketing activities e.g. the organisation of events, live webinars etc.

On-boarding

on-boarding activities such as contacting relevant stakeholders and explaining the building blocks etc.

I don't wish to participate

Page tree