Understanding signing modes
Overview
Redtrust supports several signing approaches, depending on whether the signing process is performed by a user or by an automated system. This document explains the main signing modes available in Redtrust and how each one fits into different use cases. This documentation is intended for anyone wishing to understand how Redtrust manages signing features. This topic is intended for anyone who wants to understand how Redtrust manages signing features and adapts them to different use cases.
Background
Digital signing processes can vary widely depending on whether signatures are initiated by users or executed automatically by systems. Some organizations rely exclusively on interactive signing, where users personally approve each signature, while others implement unattended signing to automate large-scale or system-driven processes.
Redtrust supports these different needs by offering distinct signing modes. Each mode is designed for specific technical and operational contexts, ensuring that signatures can be applied securely and efficiently regardless of how or where they are performed.
User-driven signing
User-driven or interactive signing refers to any signature operation that requires a user’s direct participation. The user initiates and confirms the signature using a native or local application or a web-based interface, and the signed documents are stored on the user’s computer.
Redtrust supports two types of interactive signing native and web-based.
Native signing
The user signs directly from their device using applications such as Adobe Acrobat or AutoFirma, through the Redtrust Agent.
User-driven native signing is available on Windows, macOS, and iOS.
Depending on the operating system used to perform the signing operation, the metadata recorded in the audit log may vary. On Windows, a record is kept of the process and the parameters used, and in some cases, the name of the signed document. On macOS and iOS, only the essential elements are recorded, such as the date and time, the user, and the certificate.
Web-based signing
When no native application is needed, users can sign documents through a web interface.
Redtrust offers the following two options depending on the complexity of the signature process.
Signtrust
Signtrust is Redtrust’s web-based signing service. It enables users to sign documents directly from their browser without installing any local software. Signtrust can also be integrated with SharePoint to create internal signing workflows that run entirely within the organization’s intranet. With a custom development by a Redtrust partner, users can build signing workflows tailored to their specific processes.
Sign Service
Redtrust’s Sign Service enables integration with signature management tools, such as signing portals, to handle complex signing workflows. In this way, when the process requires multiple users to assign, approve, and sign documents in sequence, the signing portal manages the workflow while Redtrust ensures a secure signature. Sign Service is a REST-based solution that centralizes certificate use and supports advanced automation.
For implementation details, see Integration with Sign Service.
Unattended signing
Unattended or massive signing refers to automated signature operations performed without user interaction. In this mode, documents are signed by services that access the necessary signing keys securely and automatically. This approach is used when signatures must be applied on a server or as part of an automated workflow.
Both unattended signing options use a service user to perform signature operations and are designed for massive signing scenarios. They can be used to sign PDF documents, XML files (such as electronic invoices), or other binary files.
Unattended agent
Used when the signing process relies on native signing tools such as AutoFirma. This option requires the installation of the unattended agent on a Windows or Linux server, where signature operations are executed automatically using a service user. It is typically used for bulk signing processes executed from the customer’s own infrastructure.
DSS (API)
Used when the signing process is implemented through the Redtrust DSS API, a standards-based interface that allows Redtrust to integrate easily with external systems and applications that manage signing operations. The customer or partner must develop the integration that calls the DSS service from their infrastructure. For details on how to configure DSS signature profiles and timestamp servers, see Signature configuration in Redtrust and the API reference DSS API.
The DSS API is not compatible with the cloud service.
How to decide which one you need
Each signing mode is designed for a different type of process and level of user interaction. The following guidelines can help you identify which approach fits your scenario:
| Scenario | Signing type | Recommended component | Why this option is ideal |
|---|---|---|---|
| Users need to manually sign documents from their device using Adobe Acrobat, AutoFirma, or any application capable of digitally signing with the installed certificates. | User-initiated | Redtrust Agent (native signing) | Allows users to sign with their preferred desktop tools while keeping key usage secure. |
| Users need to sign documents from a web interface, and store them locally without installing any software. | User-initiated | Signtrust (web signing) | Enables signing directly from the browser without installing local software. |
| The organization wants to automate signature management from SharePoint. | User-initiated | Signtrust + SharePoint (custom integration) | Enables internal signature workflows directly in SharePoint through an integration developed by a partner. |
| The organization needs to manage multi-stage signature workflows through an application. | User-initiated | Sign Service (REST) | Centralized API-based service that enables integration with signing platforms. |
| The organization needs to automate signing operations using a native signing tool (for example, AutoFirma) on its own server. | Unattended | Unattended agent | Enables mass server-side signing with AutoFirma, installed on Windows or Linux. |
| The organization needs to integrate Redtrust into an existing application through an API. | Unattended | DSS | Provides an API-based, OS-independent solution for automated signing processes. |
What’s next
- If you need a server-side API for automated signing, see DSS API.
- If you need a REST API to sign from your app using Redtrust-managed certificates with token auth, see Integration with Sign Service.
- If you need intranet signing flows on SharePoint, see Signtrust SharePoint integration.
- If you want user-driven online signing, see Signtrust.