OpenSign is a collection of Java applets providing client-side digital signing functionality using x.509 certificates. It currently consists of two applets, one for signing plain ASCII text and another providing login functionality.


OpenSign is licensed under the GNU LGPL.

Since OpenSign is free software, we encourage everybody to submit code, suggestions and bugfixes.

Brief history

The applet is based on code kindly denoted by IT-Practice to the project in 2003. Since then, OpenSign has undergone much development and today it is an integrated component of numerous systems that requires logon or signing of documents using a x.509-based PKI. See our list of references for an incomplete list of some of applications that are using OpenSign as a component.


OpenSign provides the following features

  • digital signing of text
  • logon functionality
  • support for x.509 certificates stored in PKCS12s
  • support for x.509 certificates stored in the Microsoft Windows Keystore (CAPI)
  • support for the native Microsoft Java virtual machine
  • works in all common browsers: Firefox, Internet Explorer, Mozilla, Safari, etc.
  • has a small footprint: The core applet is less than 100KB.
  • has localization support

As of v1.3.0 OpenSign also

  • implements a plugin mechanism: You only download the needed functionality. Plugins will be locally cached for faster startup

OpenSign does not provide any validation mechanisms for the signed XML document generated by the applet. Validating the signature is a serverside job and therefore not in the scope of the OpenSign project. The OpenOcesAPI does provide high-level functionality for validating and processing the signed XML documents generated by OpenSign.

Current status

OpenSign is stable and is being used in production environments. Note that both a stable and an unstable branch is being maintained. We suggest using the stable branch for production environments.


OpenSign is an applet and will therefore be used on many different combinations of operation systems, browsers and JREs. We keep a list of all combinations that people have reported to be working or people have experienced problems using.

We are always looking to extend the list, so if your configuration is not listed or you are experiencing different results than the previously reported results, please report your results on the user mailinglist.