SPKIS – DIGITAL SIGNATURE SOLUTIONS
SPKIS (SINAM PKI Solution) - Digital Signature Solutions is a comprehensive software suite that integrates the processes of establishing a certification authority (CA), issuing and managing digital signature certificates, as well as numerous components related to digital signing, encryption, and authentication.
The SPKIS solution has been developed in accordance with international Public Key Infrastructure (PKI) standards and legislation.
The solution includes a full-featured CA management system, tools for key generation with various cryptographic algorithms, digital signature creation modules, multifunctional libraries for encryption and signing operations, and other auxiliary components. Its primary purpose is to provide all necessary software modules for the complete setup and operation of a certification authority.
Built on Service-Oriented Architecture (SOA), SPKIS ensures easy integration with external systems.
The SPKIS solution has been successfully implemented in multiple government institutions to address digital signature and encryption needs. An accredited Issuing CA has been launched at the Central Bank of the Republic of Azerbaijan. Additionally, the Root, Policy, and Issuing Certification Authorities of the Republic of Azerbaijan have been established based on this solution and are currently in active operations.
Main organizations and areas of activity for application of SPKIS solution:
- Taxes services
- Customs control
- Ministries
- Financial organizations
- Universities
- Electronic elections
- E-commerce
- Payment systems
- Strong authentication services (MFA)
- Electronic document management
- Mail security
- SSL certification
System Architecture:
SPKIS – the general architecture for creation of Certification Centre is given in the below picture:

-
Basic features
-
Advantages
-
Modules
System basic features:
- creation and management of more than one certification center in one CA server;
- creation of public/private key and submission of digital certificate request by web enrollment service of certification centre;
- full integration with HSM for the purpose of security of CA keys;
- user keys can be generated and stored in smartcards and eTokens;
- the secure management service for registration authority;
- registration of all transactions log;
- system is developed on the base of international standards and local legislation for digital signature;
- software for generation of digital signature and library for cryptographic methods;
- technical functionalities for accreditation with government Root CA;
- support of different range of cryptographic algorithms(RSA, DSA, SHA1, SHA2, ECDSA);
- online Certificate Status Protocol (OCSP) service;
- time Stamp Authority(TSA) service.
- Mobile application for creation of digital signature and encryption data
- EİDAS qualified Remote Signing Service Provider(RSSP)
There are different information systems in the areas of E-signature and certification centre. During the development of SPKIS system similar systems were analyzed and their shortcomings were investigated and these issues were taken into consideration in the process of system development. The main distinctive features of “SPKIS” system from the other certificate centre systems are the following:
- Creation and independent management of different Certification Authorities in CA server;
- support of strongest symmetric and asymmetric cryptographic and hash algorithms such as RSA, ECDSA, AES, SHA1, SHA256, SHA512, etc;
- system allows the certificate owner to generate public/private keys and send a certificate request to the CA for certification purposes; As well as depending on the certificate policy, CA can generate keys for the certificate owner too;
- multifunctional Java and C# libraries for the integration of different information systems with digital signature and CA;
- full support of SmartCard, eToken, HSM and other similar cryptographic devices;
- mobile services and tools for signing and encryption of electronic documents as well as financial transactions;
- EİDAS qualified Remote Signing Service Provider(RSSP) for signing documents;
- 100% compatibility result of cybersecurity assessment by Deloitte on the based of compiled criteria as well as WebTrust requirements.
- “SPKİS – CA Manager” – Management system for Certification Authority
- “SPKİS – RA Manager” – Management system for Registration Authority
- “SPKİS – Enrollment Service(ES)” – Registration system of certificate requests(web application)
- “SPKİS – Personalization” – Token fərdiləşdirməsi üçün operatorun iş yeri;
- “SPKIS - eSigner” – software for signing and encrypting of electronic documents
- “SPKİS-CL” - C# and Java cryptographic libraries for digital signature and encryption algorithms;
- “SPKİS – OCSP Server” – OCSP server responder
- “SPKİS – TSA Server” – TSA server responder
- “SPKİS - RSSP” – Remote Signing Service Provider
- “SPKİS – sKeyGenerator” – Service for generating cryptographic keys;
- “SPKİS – signerService” – Service for generating digital signatures;
- “SPKİS - APİ” – CA APIs for integration with other systems;
- “SPKİS - LDAP” – LDAP directories for publishing CRLs and user certificates.