esignatur achieved the highest score on a security scale of 1-7.
FortConsult rates the overall security of esignatur as 7 – very high.
This is how esignatur secures your sensitive data
Because esignatur processes personal data every day, security has the highest priority for us. esignatur fulfills comprehensive security requirements to secure the data of your company and signers.
All communication between you and esignatur takes place via an encrypted connection so that unauthorized persons cannot access the information that is exchanged.
esignatur’s data is stored with ZENDATA and is encrypted with AES/Rijndael and uses a 256-bit key.
All data about your signers is anonymised and can only be identified by PID or RID numbers.
Secure digital signature with NemID
Signing documents via esignatur is both easy and secure. Signing is conducted through the infrastructure in NemID. That way, esignatur can easily confirm a person’s identity so you always know who signed.
NemID in Denmark is personal and should never be shared with others. When you sign with esignatur, we ensure that your personal data is not shared with unauthorized parties.
It’s easy to confirm the validity of your signature for third parties
Once all parties have signed a document, esignatur generates a so-called PAdES document (PDF Advanced Electronic Signatures), which ensures the validity of the agreement and makes it possible to confirm the validity of signatures for any third parties.
The PAdES document is a sealed file that confirms, in contested cases (litigation, disputes, etc.), that a particular person has in fact signed the document.
The PAdES format can be re-encrypted over time. This ensures that the signature and integrity of the signed document is maintained over time.
Security at the highest level
FortConsult is an international company that specializes in testing the security of IT systems. www.fortconsult.net
esignatur is continuously tested by FortConsult to ensure esignatur’s integrity, confidentiality and accessibility.
Executive summary from latest security report
Rovsing Applications (“Rovsing”) engaged FortConsult to perform a security test on their e-signature solution. The test simulated threats originating from external attackers without credentials, as well as a registered NemID user. All testing was performed over the Internet.
The Rovsing e-signing solution is very well designed and defended itself remarkably well against standard attack vectors. The solution is based on the ASP.NET framework and relies on multiple layers of security mechanisms to protect its valuable assets. Notable defense mechanisms include session timeouts, adequately random session tokens and identifiers, stringent input validation mechanisms, correct integration with NemID, CSRF Defenses via Randomized URLs and use of strong Cryptographic algorithms for signing and producing message digests .