Technical Product Information

Platform Support

The DBsign® Server supports 32 or 64 bit versions of

  • Microsoft Windows XP or higher,
  • Microsoft Windows Server 2003 and higher,
  • Sun Solaris (SPARC or x86),
  • Linux and
  • others.

Cryptographic Subsystem

DBsign® 4.0 includes a redesigned, multi-platform, high-performance cryptographic subsystem. The new DBsign® 4.0 cryptographic subsystem

  • supports more message digest algorithms (cryptographic hash algorithms) including MD5, SHA-1, SHA-256, SHA-384, and SHA-512,1
  • supports PKCS #12, PFX and Java JKS key files,
  • supports operating system specific cryptographic subsystems including Microsoft CryptoAPI and Apple OSX Keychains (including smart cards and other devices),
  • supports hardware cryptography via PKCS #11 (e.g., smart cards, cryptographic tokens, high performance cryptographic accelerators, etc.),
  • supports Network Security Services (NSS) on all supported platforms for high performance, multi-platform, FIPS 140-2 validated cryptography with the speed of native machine code,
  • supports FIPS 140 validated cryptographic modules including the DoD Common Access Card and PIV cards,
  • has even more efficient support for CRLs, OCSP, and CRL-DP,
  • passes all applicable interoperability and security tests in the NIST PKITS test suite, and
  • Complies with the requirements outlined in the DoD Digital Signature Guidelines.

Significant Performance Enhancements

The DBsign® Server 4.0 is able to achieve higher performance under heavy load environments due to greater multi-threaded concurrency and a more efficient caching architecture. These performance improvements are largely derived from the new cryptographic subsystem.

Certificate Status Caching

DBsign®'s Certificate Status Caching (CSC) is another performance enhancement which can greatly improve performance of heavily loaded systems, especially those which rely on OCSP and CRL-DP for revocation status checking. For example, application owners may decide that a certificate's revocation status does not need to be checked more often than, say, every 20 minutes. When DBsign®'s CSC is enabled, the last revocation status is cached and a maximum revocation check frequency is enforced which ensures that an individual certificate's revocation status is not checked too frequently. This eliminates unnecessary and costly network round trips to OCSP responders and CRL-DP sources and, in some circumstances, can greatly improve application performance. If the DBsign® CSC is disabled (the default), DBsign® checks the revocation of all certificates each time they are used in a security operation.