
EzSign
Overview
Unsung's partnership with Krestfield also covers EzSign, a cryptographic signing platform used by organisations that need to generate and verify digital signatures within their applications, including those operating under UK payment scheme signature requirements. We support clients in implementing EzSign to meet these obligations without building bespoke signing logic in-house.
The Challenge
Applications that need to produce or verify digital signatures, particularly in payments and financial messaging, face two related problems. First, building compliant signing and validation logic in-house is complex: it requires correct handling of signature formats, hashing algorithms, and revocation checking, and getting any of this wrong creates compliance and security exposure. Second, the requirements themselves are changing, with digital signature standards for schemes such as Bacs and Faster Payments needing to be met precisely, and with post-quantum signature algorithms now entering use.
Organisations that have built their own signing logic often find it difficult to update as these requirements evolve, leaving them exposed at the point a standard changes or an algorithm needs replacing.
What It Does
- Standards compliance. EzSign produces RAW (PKCS#1) and PKCS#7 compliant signatures, supporting the signature requirements of Bacs, Faster Payments, and Fast Cheque.
- Post-quantum readiness. The platform now supports the ML-DSA post-quantum signature algorithms, producing CMS signatures in line with current standards, so organisations can begin adopting post-quantum signing ahead of wider mandates.
- Full signature validation. EzSign performs complete validation, including certificate path building and revocation checking via CRL and OCSP, including OCSP request signing where required.
- Configurable checks. Organisations can configure custom validation rules, such as specific path checking requirements, to align EzSign with their own policy and compliance needs.
- Key protection and encryption. Keys used for signing and encryption can be held in software or in an HSM, and the platform also supports AES data encryption and decryption where required, depending on the organisation's security requirements.
How Unsung Helps
We help clients determine which signature standards apply to their applications, design an EzSign implementation that meets those requirements, and integrate it into existing systems. Where organisations are also planning for post-quantum signature adoption, we incorporate EzSign into a broader PQC readiness strategy, so signature migration is planned rather than reactive.
