Page tree

Digital Signature Services (DSS)

1. Current release

Following a security assessment from the Ruhr-Universität Bochum, we are delivering security patches for DSS versions 5.2 and 5.3.

Delivered patches are:

(warning) Please consider that use of older versions should be discouraged. (warning)

Download DSS v5.4.RC1

Here, you can download the latest version of the Digital Signature Services open-source library released in October 2018. You can read more about DSS and how it can help you here.

Source code is available in .zip and tar.gz

Release note

Bug / Issue

  • [DSS-1161] - Scope validation of a PAdES signature
  • [DSS-1225] - Incomplete LT and LTA signatures if a Trusted List is not properly loaded
  • [DSS-1255] - PDF signatures without revocation info
  • [DSS-1342] - ConcurrentModificationException on DSS 5.0
  • [DSS-1413] - Unable to put a role inside PAdES signature
  • [DSS-1419] - SHA3 support in CAdES
  • [DSS-1420] - SHA3 support in PAdES
  • [DSS-1431] - TSLRepository#clearRepository() fails if the cache directory doesn't exist
  • [DSS-1432] - TSL service name is not historized
  • [DSS-1439] - Signature level -LT is produced with a -T setting (and a self-signed certificate)
  • [DSS-1443] - DSS 5.3 reports only B level for PDF documents with a document timestamp
  • [DSS-1444] - PDFDocumentValidator does not report when it could not parse the provided PDF
  • [DSS-1447] - CommonCertificateVerifier.setSignatureCRLSource/setSignatureOCSPSource seem to be used in a non-thread-safe way in DSS demo application
  • [DSS-1449] - Validation Certificate
  • [DSS-1450] - NPE in CommonCertificateSource.get(final X500Principal x500Principal)
  • [DSS-1453] - Validation or extension of a signature can influence the validation result of another signature
  • [DSS-1468] - Broken signatures created due to DSS-1334 as attached signatures validate fine if an original document with null file name is provided as detached content
  • [DSS-1475] - Bad URI encoding in XAdES detached signatures (e.g. ASiC-E with XAdES)
  • [DSS-1482] - Problem fetching TSL for PT, parser error: Cannot add overlapping item
  • [DSS-1483] - Certificate is ignored in KeyStoreCertificateSource if it is part of the private key entry (certificate chain)
  • [DSS-1485] - XAdES Reference incorrect - ID is not resolved correctly for namespace prefixed id attribute
  • [DSS-1496] - Include intermediate certificates that issued timestamp certificates
  • [DSS-1503] - XADES - non-conformant hash algo for SignignCertificateV2
  • [DSS-1505] - Validation proof chain gap after LTA extension using DSS
  • [DSS-1508] - PAdES : Upgrade PDFBox
  • [DSS-1509] - XAdES : enforce validation against XSW
  • [DSS-1510] - XAdES : enforce XML Security against XXE
  • [DSS-1511] - XAdES : enforce reference URI validation (SSRF / XPath injections)
  • [DSS-1512] - CommonDataLoader : enforce SSL certificates validation
  • [DSS-1515] - DssUtils wrongly replaces plus character with space
  • [DSS-1523] - Extension of PAdES signatures creates copies of already existing validation data objects instead of referencing them
  • [DSS-1524] - Could not find a resolver for URI null and Base
  • [DSS-1537] - Signature format is always XAdES-BASELINE-T for XAdES-LT/LTA signed files in detailed report
  • [DSS-1543] - Exception when signing a PDF's existing signature field using LTA level.

New Feature / Improvement

  • [DSS-1220] - Augmentation of signatures with invalid time-stamps, archive-time-stamps and revoked certificates
  • [DSS-1312] - Upgrade to Java 8 or 9
  • [DSS-1389] - Certify documents
  • [DSS-1405] - Add support of KeyHash in OCSP Responses
  • [DSS-1406] - OCSP - handling of the id-commonpki-at-certHash extension
  • [DSS-1407] - The CAdESCertificateSource class misinterprets the "complete-certificate-references" unsigned attribute
  • [DSS-1415] - Implementation improvement for POJO/jaxb objects
  • [DSS-1418] - Support of bridge certificates
  • [DSS-1428] - Add new parameter to choose the message-digest algorithm
  • [DSS-1436] - Provide getters methods on the TSL Condition subtypes
  • [DSS-1440] - Improve validation granularity
  • [DSS-1454] - DSS should avoid console (System.out) logging
  • [DSS-1460] - XAdES internally-detached
  • [DSS-1473] - Libreoffice Default XAdES Signature Validation
  • [DSS-1474] - Improve OnlineOCSPSource : allows to loop on several locations
  • [DSS-1477] - Refactoring CertificateToken
  • [DSS-1478] - Refactoring CertificatePool
  • [DSS-1479] - Allows to throw exception in case of extension failure
  • [DSS-1480] - Integration OpenPDF
  • [DSS-1487] - Review signature scopes + add constraints in the policy
  • [DSS-1488] - Standalone application : allow to open the scene with SceneBuilder
  • [DSS-1489] - XAdES : remove Xalan dependency
  • [DSS-1498] - Support for ds:Manifest in ASiC-E XAdES
  • [DSS-1499] - Allows to ignore unknown OCSP/CRL
  • [DSS-1501] - Expose SignedDocumentValidator.getOriginalDocuments as API method (REST preferably)
  • [DSS-1514] - Webservice API - RemoteDocument - Add possibility to pass absolute path to file
  • [DSS-1520] - Expose the HttpClientBuilder from CommonsDataLoader
  • [DSS-1530] - Support of ECDSA plain format
  • [DSS-1533] - Support of null nextUpdate in the trusted lists
  • [DSS-1544] - DSS Demo : upgrade NexU


e-Signature standards
Digital Signature Services (DSS)
List of Trusted Lists
Trusted List Browser
ETSI Signature Conformance Checker
Service Desk
What is an electronic signature?
Start using DSS
Apply for eSignature grants