Page tree
Skip to end of metadata
Go to start of metadata
News

2018-06-14

Nexus GO PDF Signing now includes an API. With the Nexus GO PDF signing API, you can build in creation of PDF signing requests into your own application. See PDF Signing API and PDF Signing API - examples.

See more news...

What is Nexus GO PDF Signing?

Nexus GO PDF Signing is a cloud service that enables all your users to make secure digital signatures on PDF documents. The documents are uploaded to and signed in the Nexus GO PDF Signing Portal

You can either let your users sign documents with the built-in methods Nexus Personal Mobile or Swedish BankID, or use existing identities in your corporate directory to let users sign documents with any type of credential. To use your existing identities, you need to connect the service to an identity provider, such as Nexus Hybrid Access Gateway.

You can also have the PDF signing built into your own applications using the PDF Signing API.

Simply sign up for a subscription, and your users can start making digital signatures straight away. 

Nexus GO PDF Signing

How does Nexus GO PDF Signing work? 

A PDF document is signed in the Nexus GO PDF Signing Portal in the following way: 

  1. An administrator logs in with Nexus Personal Mobile to the Nexus GO PDF Signing Portal, uploads a pdf document, invites persons to sign, and selects the required signing method for each person. An email is sent to each person. 
  2. Each signer follows the link in the email to the Nexus GO PDF Signing Portal, and signs the document with the required method. 
    For each signer, the following steps take place in Nexus GO:
    1. A one-time RSA key pair is created.
    2. The signer is associated to the key pair with two-factor authentication.
    3. A hash of the PDF document is generated and signed with the private key of the key pair. The private key is then discarded.
    4. The identity of the signer is securely bound to the key pair in a certificate, issued by the CA of the service, through the use of an HSM.
    5. The signed document hash, the newly generated certificate, and a time stamp is built into the PDF file. 
    The PDF document is now securely signed and cannot be modified without detection. The signed PDF document can be verified for example in Adobe Acrobat Reader.


Expand/Collapse All

FAQ

General questions

 Is the Nexus GO PDF signature an Advanced Electronic Signature according to eIDAS?

Yes. The following features of the solution makes Nexus GO PDF signatures compliant to the level of Advanced Electronic Signature in the EU regulation eIDAS (electronic IDentification, Authentication and trust Services)

  • The identity of the signatory is ensured using a two-factor authentication to a properly issued identity
  • The one-time RSA key pair can only be used by the signatory who has authenticated, as the private key is discarded after use
  • Subsequent change of the contents of the PDF file can be detected. This is a standard feature in Adobe Reader and is done by validating the signed hash of the document towards the current contents of the document. If the document has been changed, the signature is invalid 

For administrators

 How do I order the Nexus GO PDF Signing service?
To order Nexus GO PDF Signing:
  1. Sign up and log in to Nexus GO.
  2. Click Services > Signing > PDF Signing
  3. On the Add signing method page, PDF Signing is now marked. Click NEXT.
  4. Enter a Name and click NEXT. Read and Accept the terms. Click SUBMIT to confirm the method. 
    An administrator account is now created, and you can try out the service by uploading and signing documents in the Nexus GO PDF Signing Portal.
  5. When you are happy with the testing and want to buy the service for unlimited number of documents, you can upgrade to a Business subscription: 
    In Services > Signing, select the added PDF Signing service, click Manage subscriptions, and enter your Invoice address. You will be contacted by Nexus with a confirmation. 

    The signing service is now ready to use in your production environment.
 How do I configure my own Identity Provider in Nexus GO?
To use an external identity provider, the connection must be configured both in the identity provider and in Nexus GO. For example, some user attributes must have the same names in both services, and metadata from each service must be uploaded in the other.
For a general description of the steps to configure an Identity Provider (IDP) in Nexus GO, see here:
  1. Log in to Nexus GO.
  2. Click Services > Signing
  3. Select the signing service you want to add an identity provider to, and click Set up SAML IDP.
  4. In Upload metadata:
    1. Enter a Display name, which is the name of the Signing method that will be shown in the signing portal.
    2. Upload the xml file containing the Identity Provider metadata, for example idp.xml.
    3. Click Next.
  5. In Map SAML attributes:
    1. Check the configured SAML attribute names in the identity provider for the following attributes: email and commonName, and enter them in the corresponding fields.

      The attribute names in Nexus GO must match those that are configured in the identity provider for the connection to work.


    2. Click Next.
  6. In Select contributors, define which users that are allowed to upload documents and send out requests in the signing portal:
    1. Either check Everyone from this Identity Provider is a contributor, or enter an attribute and values to define specific users to be contributors.
      Example
      To let all members of the user groups admin and IT be contributors, use these values:
      attribute = memberOf, value = admin, value = IT

      If there is no group already in the user directory to define the contributors, you can create such a group.

    2. Click Next.
  7. In Confirmation, verify the details and click Submit.
    The configured Identity Provider can now be used in the signing portal.
 How do I set up the API?

To set up the API, follow these steps:

  1. Log in to Nexus GO.
  2. Click Services > Signing.
  3. Select the signing service you want to set up an API to and click Set up API.
  4. Enter a jwks URL and click Next.
    Example: https://levepodev.azurewebsites.net/api/jwks
  5. Click Next and Submit to confirm.
 How do I upload a document for signing?

To upload a PDF document for signing, you need to be an administrator in the Nexus GO PDF Signing Portal:

  1. Log in to the Nexus GO PDF Signing Portal.
  2. Click the user icon on the top right, and then Open Admin Portal.
  3. Click New Request. Add one or more PDF documents to the request, by drag-and-drop or browsing. Click Next.
  4. Enter Request name, Description, default Signing method, and Sign before date. Click Next.
    Available signing methods are Personal Mobile, Swedish BankID, or an identity provider (IDP), if configured.
  5. Add one or more recipients with Full name and Email address. If needed, select another Signing method than the default. Click the + sign to add the person to the request.
  6. Click Send Request.
    The recipients get a notification email to sign the document. If they are new users and if Personal Mobile was chosen as Signing Method, the email includes instructions how to download and activate Nexus Personal Mobile.
 What signing methods are available?

Two signing methods are available out-of-the-box: Personal Mobile and Swedish BankID.

If you have an identity provider (IDP) set up connected to your corporate directory, you can also connect to that and take advantage of all the connected authentication methods. See separate question in this section.

To deploy your own identity provider, you can use the Nexus Smart ID solution. For more information, see here.

For signers

 How do I sign a document?

When someone requests you to sign a document, you will get an email with Signature request in the subject.

To sign the document:

  1. Open the email and click on the link Sign request
    The Nexus GO signing portal opens.
  2. Enter your personal identifier, for example your Email address, and click Authenticate.
  3. Authenticate yourself with the required method. 
    When you are logged in, the document is shown.
  4. Click Sign, and sign with the required method.
 How do I see all my signing requests?

To view all requests:

  1. Log in to the Nexus GO PDF Signing Portal.
  2. Go to My requests.
    Requests to sign or Previous requests are displayed.
  3. To see older requests, click Show all previous requests.
 How do I download a signed document?

Signed documents can be downloaded within 30 days of the signing.

To download a signed PDF document:

  1. Log in to the Nexus GO PDF Signing Portal.
  2. Browse to the current or previous request containing the document.
  3. Open the document view:
    1. For Requests to sign, click on the document image.
    2. For Previous requests, click on the link under Downloadable.
  4. If there are multiple documents, navigate between them using the arrow buttons. Click Download PDF.
    The downloaded signed document can now be distributed.
 How do I validate a document?

To see the visual signature of the PDF document:

  1. Open the PDF document in a web browser or Adobe Acrobat Reader.
  2. Scroll to the last page.
    A visual signature is added for each signer: the name of each signer, date, and time.

To validate the digital signature of the PDF document and see all the signature details:

  1. The first time, you must first set the Nexus GO root certificate as trusted. See the next question below: How do I set the certificate to trusted in Adobe Acrobat Reader?
  2. Open the document in Adobe Acrobat Reader.
  3. See the signature validation in the top bar. If the signature was successful, the following message should be displayed:
    Signed and all signatures are valid.
  4. To see the details of the signature, click on the visual signature on the last page or click Signature panel in the top bar.
 How do I set the certificate to trusted in Adobe Acrobat Reader?

To add the Nexus GO root certificate to the list of trusted certificates in Adobe Acrobat Reader:

  1. Download this Nexus GO certificate exchange file: CertExchangeNexus Go PDF Signing.fdf.
  2. Open the file.
    The Import Contact window opens in Adobe Acrobat Reader.
  3. Click Set Contact Trust...
  4. In Import Contact Settings, check Use this certificate as a trusted root and Certified documents.
  5. Click OK.