What is the difference between S/MIME and PGP for email?

Both are end-to-end signing/encryption protocols for email. S/MIME uses X.509 certificates and a CA-rooted trust model; PGP uses self-signed keys and a web-of-trust model. S/MIME is the enterprise default because it slots into existing PKI; PGP remains popular among engineering teams.

What does Long-Term Validation actually do?

LTV embeds the OCSP response and TSA timestamp into the signed document at signing time. Years later, a verifier can prove the certificate was valid at the moment of signing — even after the certificate has expired and the OCSP responder has been shut down.

Why can't a server-side signing platform produce eIDAS Qualified signatures?

Qualified signatures require the signing key under the sole control of the signer. Server-side signing where the platform holds the key typically does not satisfy that condition — the key is under the platform's control, not the user's. Hardware-backed signing on the user's own device does.

PKICornerstonePublished 2026-05-11Updated 2026-05-1113 min read

Designing Secure Email and Document Signing Platforms.

Server-side TLS protects the wire. Once the message lands, only a signature gives you cryptographic integrity that survives the transport, the storage, and the certificate’s expiry.

The problem that signing platforms actually solve

Server-side TLS protects an email or a document in transit. It does nothing once the data lands. Encryption-at-rest in the operator's mail store protects it from a database breach; it does nothing about the operator's own staff, or about subpoenaed access, or about the user who needs to verify a signature months after the certificate expired. The class of problems that signing platforms actually solve sits at a different layer: cryptographic integrity that survives the transport, survives the storage, and survives the time the certificate was valid.

This post is for the engineer designing a secure email or document signing platform. The components are well-known — S/MIME, PKCS#7, PDF signing, hardware-backed credentials — but the architecture that holds them together has real choices.

The standards layer, briefly

A signing platform sits on top of four standards families:

S/MIME (RFC 8551). Email content type for signed and/or encrypted mail. The signed body is wrapped in a CMS (PKCS#7) structure carrying the signer's certificate.
CMS / PKCS#7 (RFC 5652). The cryptographic envelope. Used by S/MIME, by PDF signing, by code signing, by long-term archival signatures.
PAdES / PDF Sig (ISO 32000). PDF-native signature dictionaries embedded in the document. Three profiles: Basic (CMS), Long-Term Validation, and Cryptographic Time-Stamp.
X.509 (RFC 5280). The certificate format and chain semantics every signature ultimately verifies against.

Reference material: X.509 extensions, ASN.1 (the encoding underneath all of the above), and the credential lifecycle primer for the issuance/revocation backbone.

Where the signing key lives

This is the architectural decision. Every other choice flows from it.

On a server. The signing key sits in an HSM the platform accesses. The user logs in, the platform signs on their behalf. Operationally simple. Cryptographically: the user is not actually signing — the platform is. Audit-wise, the binding between "this user signed" and "this cryptographic operation happened" is whatever the platform's audit log says it was.
On a hardware token. The user holds a smart card or USB token (a digital signature token, the PKCS Signature Suite, or a PIV card). The platform asks the user's device to sign; the private key never enters the platform process. This is the model the Secure Mail Suite uses.
On a platform authenticator. The signing key lives in the user's TPM or Secure Enclave. The platform asks the device's local credential store. Device-bound. Cannot move with the user across devices.

For legally-binding signatures (eIDAS Qualified Electronic Signatures, US ESIGN-compliant signatures, India IT Act 3A signatures), the standard requires the key under the sole control of the signer. Server-side signing typically does not meet this bar without explicit cryptographic-control attestation. Hardware-backed signing on a user-held device does.

The trust list problem

A signature is meaningless without a trust anchor. The verifier has to know which CAs to trust. There are three approaches:

Operator-published trust list. The platform publishes its own list of trusted CAs. Verifiers configured against the platform pull this list. Right for closed ecosystems — an enterprise verifying its own signatures.
Public trust list. Adobe Approved Trust List (AATL), EU Trusted List (TL), Microsoft Trusted Root Program. Operators apply for inclusion; verifiers default-accept these anchors. Right for cross-organisation signatures.
Bridge model. Operator runs a local trust list, but the trust anchor of that list cross-signs with a public root. Common in government identity. Operators control issuance day-to-day; cross-organisation verifiers fall through to the public root.

Long-Term Validation (LTV)

A signature signed today with a certificate that expires in 2027 stops being verifiable in 2028 — unless the verifier still trusts the now-expired chain. LTV solves this by embedding, at signing time, the OCSP responses and the timestamp that prove the certificate was valid at the moment of signing.

Implementation: when the platform builds the CMS, it captures the OCSP response for the signer's certificate plus a Time-Stamp Token (RFC 3161) and packs both into the signed-attributes set. Years later, a verifier can rebuild the validation chain from the bundle alone, without needing the long-since-shut-down OCSP responder.

Practical implication: every signing platform that promises archival validity has to integrate with a Trusted Timestamp Authority (TSA). Without the TSA, you cannot do LTV. With it, signatures survive certificate expiry, CA shutdown, and audit windows that extend a decade past the signing event.

The S/MIME ecosystem reality

S/MIME has been deployable since the late 1990s. Why is it not universal? Two reasons.

First, key management. S/MIME requires every user to have a certificate, and every sender to have the recipient's public certificate before the first encrypted mail can be sent. Without an enterprise directory carrying certificates (typically LDAP) or an operator-managed certificate directory, the first-mail cost is high.

Second, mobile clients. iOS Mail and Android Mail support S/MIME but the UX for installing a personal certificate is poor. Mass-market deployment usually means a managed-device push of the certificate, not a user-initiated import.

What this means for a platform design: ship the trust-list management surface and the per-tenant LDAP/SCIM directory integration as first-class components, not afterthoughts. The signing UX is the easy part; certificate distribution is the operational reality.

Document signing, in production

PDF signing is the dominant document signing workflow. The flow:

The PDF reader (Acrobat, Foxit, the operating system's PDF viewer) opens the document, builds the byte range to be signed (everything except the signature dictionary itself), and hashes it.
The hash goes to the signing credential. With a hardware-backed credential, that means an APDU to the smart card or token; the card returns a signed hash.
The reader embeds the signed hash, the signer's certificate, the OCSP response (if LTV), and the TSA timestamp into the signature dictionary.
The PDF is saved. Any future verifier walks the byte range, recomputes the hash, verifies the signature, and verifies the certificate chain against the embedded validation data.

For batch signing — HR documents, contracts, invoices — the same flow scales by having the signing credential live in an HSM that the platform calls per document. For per-user signing, the credential lives on the user's smart card or token.

The audit-trail layer

Every signing event should produce an immutable audit record. Minimum fields:

Signer’s certificate fingerprint (not the private key, never the private key).
Hash of the document or message that was signed.
Timestamp from the TSA.
Tenant identifier.
Policy reference (which trust list applied, which signature profile was used).

The audit log itself should be signed by the platform's own audit-signing key, so tampering is detectable. This is a layer beneath the user-facing signing surface; users don't see it, but the operator and the regulators do.

Where this fits

A signing platform is one component of a wider identity stack. It needs:

Hardware-backed credentials (a card, token, or PIV applet on the user side).
A relying-party identity layer (often the same one that handles FIDO2 sign-in).
A certificate issuance backbone (a CA, or integration with an external one).
A trust-list management surface (the operator’s own list, plus optional bridges to AATL or EU TL).
A Time-Stamp Authority for LTV.

Building this from scratch is a multi-quarter project. White-labelling an existing platform — like the Secure Mail Suite on AmbiSecure's stack — collapses the build into integration plus tenant configuration. The signing primitive is the same either way; the time-to-value differs.

The bottom line

A secure email and document signing platform is not a single product. It is a stack: hardware-backed credentials, an issuance CA, a trust-list management surface, a TSA, an audit-signing key, and a thin signing UX. The build-vs-buy decision turns on whether the operator wants to own the stack end-to-end or whether they want to ship signatures next quarter. Either path has the same cryptographic posture; the difference is in the operator's time and the team they need to keep it running.