Solution – Document Signing

When a document is shared (via email or via other means) but is not first signed, there is no way for the recipient to authenticate the sender nor verify the contents of the document has not been tampered with.

End-to-end document signing security overcomes these challenges by signing the contents of your document before it is shared with others. Use digital certificates with your document authoring software to secure your document against tampering.

How it works

The sender proves his/her identity to the recipient and shows that the document came from the sender. The electronic signature on the message proves that the contents of the document has not been tampered with after the signature has been applied.


  • Electronic signature support on most popular software including Microsoft Office, Libre Office and Adobe Acrobat
  • Ability to encrypt and/or electronically sign the contents and attachments to the email
  • Each electronic signature provides a high degree of assurance because:
    – It is uniquely linked to the signer
    – It is capable of identifying the signer (authentication)
    – Only the signer has control over the key used for the signature creation (non-repudiation)
    – It can be identified if the contents of the signed document has been tampered with or changed after the signature has been applied (integrity)
  • Support for multiple signatures in a document allow for each individual to sign their signature block in the document


Step 1 Choose your document signing product option
Step 2 Login/register into your account
Step 3 Complete your order and make payment online
Step 4 In case of physical token, await shipping of token to you
Step 5 * Generate your keys and certificate signing request (CSR) on your security token (physical/cloud) and upload your CSR
Step 6 Prove that you own the email mailbox (through email validation)
Step 7 Additionally upload your supporting documents (certified or notarized copies); for PersonalPass Premium, arrange your face-to-face meeting with TrustFactory to sign the subscriber agreement in their presence
Step 8 * Your certificate will be issued; download and install it on your PC/device and use together with your token (physical/cloud)

*  This step varies per operating system; refer to online support resources for assistance


  • Online self-service portal for order processing and full certificate life-cycle management (issuing, reissues, rekeys, revocation and renewals)
  • Free and unlimited certificate re-issues
  • Free and unlimited rekeys
  • Certificates valid for up to 2 years before renewal is required; up to 5 years for organization certificates
  • Private keys may be stored on a physical security token or securely in a cloud key storage service (such as CumuloKey)

Technical Specification

  • RSA public-key support for key length 2048-bit and above
  • Support for SHA-2 hash algorithm (256 bit)
  • Digital certificate is fully compliant to X.509v3 specification
  • Fully compatible with modern electronic signature standards:
    – XML Advanced Electronic Signature (XAdES), including support for the following profiles:

    XAdES-BES (basic) Basic electronic signature
    XAdES-T (timestamp) Includes timestamp
    XAdES-C (complete) Includes all references to validation data
    XAdES-X (extended) XAdES-C with included timestamp
    XAdES-X-L (extended, long-term) Includes all certificates and revocation lists for future verification even after expiration
    XAdES-A (archival) Suitable for long term archival with periodic timestamping

    – PAdES – PDF advanced electronic signature
    – CAdES – CMS advanced electronic signature
    – ASiC – associated signature containers

  • Client Root Certificate embedded in Microsoft Root Certificate Store
  • Client Root Certificate listed on Adobe Approved Trust List (AATL)

Difference between TrustFactory Physical and CumuloKey Token

Security Standard compliance NIST FIPS 140-2 Level 2
Keypair Storage Multiple (up to 64KB) 1, 5 or 10 bundle
unlimited bundles
Cryptographic API Support MS CAPI
MS Minidriver
Supported Operating Systems (OS) Windows 7/8/8.1/10
macOS X
Delivery Method Requires shipping Online (no shipping required)
Microsoft Office Document Signing ico * ico
Libre Office Document Signing ico * ico
Adobe PDF Signing ico * ico
Signatures Unlimited Fair use

* Using the CumuloKey online signing service

Product Options – Certificate

PersonalPass PersonalPass
Security protocol XAdES
Validation level Person In-Person
Assurance level Strong person
Strong in-person
Required documents Government-issued ID document
Proof of address (individual)
Company registration
Proof of address (company)
Certificate contents First name
Email Address
Organization name
Organizational Unit (optional, one or more)
Timeframe for issuance Within 1 day from submission of supporting documents Within 1 day from completion of face-to-face meeting Within 1 day from submission of supporting documents
Document authoring compatibility MS Office
Libre Office
Adobe Acrobat
Required token for private key (NIST FIPS 140-2 Level 2 compliant) TrustFactory Physical
Use your own hardware security module (HSM)
Valid for 1 year ico Available ico Available ico Available
Valid for 2 years ico Available ico Available ico Available
Valid for 3 years ico Available
Valid for 5 years ico Available