Skip to content

SafeNet Remote Signing

Remote signing — eIDAS QES / SCAL2

SafeNet Remote Signing lets users sign securely without a USB token. Signing keys stay centrally in an HSM, while each signature is approved right on the user’s phone with biometrics — reaching Qualified Electronic Signatures (QES) under eIDAS.

Book a consultation All products
The problem

USB-token signing forces users to carry hardware, install drivers and cannot sign without the token. For organizations with thousands of signers, issuing, revoking and managing tokens becomes a major operational burden. Remote Signing removes the hardware without sacrificing user control.

Features & capabilities

Sole control

Keys live on the server, but the server cannot sign on its own.

  • Private keys are generated and kept only inside the HSM
  • Each signature needs Signature Activation Data (SAD) signed by the user’s phone
  • Device keys protected by Secure Enclave (iOS) / StrongBox (Android)
  • Meets eIDAS SCAL2

WYSIWYS — sign what you see

  • Documents are not pushed in notifications; the phone fetches the real file
  • It verifies the hash matches the authenticated value
  • The user sees the exact content before confirming with biometrics

Five-component architecture

  • SSA — server holding HSM keys, issues SAD
  • SCA — builds signature formats, holds no keys
  • Mobile App (SIC) — the user’s control device
  • RSAdmin — web admin, protected by mTLS
  • Sample business app as a reference for your developers

Formats & assurance levels

  • PAdES, CAdES, XAdES, ASiC
  • B-B (baseline) → B-T (timestamp) → B-LT (long-term) → B-LTA (archive)
  • Fast integration via CSC API v2.0 using existing CSC libraries

On-premise deployment

  • Runs entirely in your infrastructure, even air-gapped
  • Not locked to one HSM vendor (Thales Luna, Entrust nShield)
  • Multi-node high availability, HSM in a redundant cluster
  • Federates existing SSO via OIDC/SAML (Okta, Azure AD, ADFS)

Use cases

Banking & finance

Digitize signing workflows with strong legal standing.

Government

Remote document signing, centralized control, full audit.

Enterprises

Sign contracts and e-invoices anywhere from a phone.

Standards & compliance

eIDAS QES / SCAL2 CSC API v2.0 ETSI EN 319 142 / 122 / 132 ETSI TS 119 432 Circular 16/2019/TT-BTTTT

Interested in SafeNet Remote Signing?

Book a free consultation with a SafeNet expert for a demo and a fit assessment for your organization.

Book a consultation Explore other products