Easily integrate electronic signatures into your applications

Cryptolog Universal Token Environment (CUTE) is a software toolkit designed to help you easily integrate electronic signature functionalities into a business application or website. CUTE is compatible with most of certificates and signature creation devices on the market and can be used to generate all electronic signature formats, from the most generic—CMS, XMLDsig and PDF—right through to the most advanced: CAdES, PAdES and XAdES. Written in Java, this toolkit is especially suited to web-based deployment through applets. It is primarily aimed at software programmers, SaaS providers, IT solution integrators and companies with a CIO.

A powerful electronic signature toolkit

The CUTE kernel forms the basis of the solution and allows you to:

  • Access SSCDs (Secure Signature Creation Devices)
  • Perform powerful filtering of certificates, carefully matching various criteria, such as the certification authority, certification policy or even key constraints
  • Create cryptographic signatures by adding a timestamp token

Transparent access to most of certificates on the market

This is CUTE's constant promise: Thanks to the CUTE kernel, CUTE gives you transparent access to most of keys and certificates stored on any cryptographic hardware or software.

Learn more

By employing standard interfaces, CUTE is capable of using certificates stored on any of the main cryptographic hardware and software currently available:

  • Smartcards, USB sticks and hardware security modules (SSCD) via the PKCS#11 interface
  • Microsoft Windows certificate stores via the MS-CAPI interface
  • Mozilla Firefox browser certificate stores via the Network Security Services interface
  • Mac OS Keychain certificate stores
  • PKCS#12 files

Creating temporary certificates on the fly

The CUTE PKI kernel allows you to create single-use public/private key pairs on the fly.

Learn more
During this process, you can also ask for a certificate to be created by a certification authority via the PKCS#10 interface. This kernel will be especially useful in any integration scenario where the signatories do not have certificates.

Simplified integration in Java or JavaScript

Thanks to the code samples and the CUTE installation guide, it has never been easier to add electronic signatures to applications!

Learn more

In Java

CUTE includes all the components required to work in an autonomous Java library, thus simplifying its integration. A few lines of code are enough to call on CUTE and integrate the powerful electronic signature functionalities into your existing business applications.

In Javascript

CUTE is delivered with a Java applet—the CUTE applet—that makes it possible to add electronic signature functionalities to a web application. Technically speaking, the CUTE applet serves as a gateway between CUTE and applications running in a web-compatible HTML/JavaScript browser. On the basis of an initial document and signature parameters, the applet returns the signed document to the web application. It has been designed so that a specific graphic interface can easily be added to it in order to meet every requirement..


Advanced signature formats

CUTE makes it very easy to implement all the main signature formats currently in use in strict compliance with the latest international standards: CMS and CAdES, XMLDsig and XAdES, PDF and PAdES.

Learn more


In addition to simple electronic signatures in CMS format, the CUTE CAdES kernel makes it possible to format signatures in advanced CAdES (CMS Advanced Electronic Signatures) format in different variants: CAdES, CAdES-BES, CAdES-EPES and CAdES-T.

CUTE CAdES offers the following advanced signature functionalities:

  • Signature of raw documents
  • Co-signature of raw documents: multiple signatures for the same document
  • Countersignatures: signatures of signature


In addition to simple electronic signatures in XMLDsig format, the CUTE XAdES kernel makes it possible to format signatures in advanced XAdES (XML Advanced Electronic Signatures) format in different variants: XAdES, XAdES-BES, XAdES-EPES and XAdES-T.

CUTE XAdES offers the following advanced signature functionalities:

  • Signature of raw documents and XML
  • Co-signature of raw documents and XML: multiple signatures for the same document
  • Countersignatures: signatures of signature
  • Multiple signatures of documents: signatures for several documents


In addition to the simple electronic signature of PDF ISO 32000-1 documents, the CUTE PAdES kernel makes it possible to format signatures in advanced PAdES (PDF Advanced Electronic Signatures) format in different variants: PAdES, PAdES-BES and PAdES-EPES.

CUTE PAdES offers the following advanced signature functionalities:

  • Signature of PDF documents, in compliance with the ISO 32000-1 standard
  • Certification signature: author signature
  • Approval signature: recipient signature

And much more besides

Learn more

Visual materialization of signed PDFs

In PDF format, each electronic signature can be shown on the document in a signature field that may contain one or more images and text relating to the signature (last name, first name, date of signature etc.). For each electronic signature of a PDF document, CUTE allows you to position an entirely personalized signature field anywhere in the document.

Connection to a timestamping service

With the CUTE TSA (TimeStamp Access) kernel, you can add timestamp seals to the electronic signatures produced by the signature kernels. Access to the timestamp server strictly complies with the RFC 3161 standard. CUTE TSP can therefore interact with all timestamping services that comply with this standard including, for example, the Cryptolog Universign platform.

Importing signature policies

The CUTE Signature Policies kernel makes it possible to integrate signature policies and take into account the constraints of these policies throughout the electronic signature creation process. It supports signature policies that comply with the ETSI 102 038 standard for CAdES and the ETSI 102 272 standard for XAdES. If you already have your own signature policies, CUTE will allow you to generate advanced electronic signatures that comply with these policies instantly.


I- Signature

Learn more

Signature formats:

  • CAdES (ETSI TS 101 733 v1.8.1)

    • CMS (RFC 3852 - Cryptographic Message Syntax)
    • BES (Basic Electronic Signature)
    • EPES (Explicit Policy Based Electronic Signature)
    • T (Signature Time-Stamp)
  • XAdES (ETSI TS 101 903 v1.4.1)

    • XMLdSig (XML-Signature Syntax and Processing)
    • BES (Basic Electronic Signature)
    • EPES (Explicit Policy Based Electronic Signature)
    • T (Signature Time-Stamp)
  • PAdES (ETSI TS 102 778 v1.1.1)

    • ISO 32000-1
    • BES (Basic Electronic Signature)
    • EPES (Explicit Policy Based Electronic Signature)
    • T (Signature Time-Stamp)

Signature tokens:

  • PKCS#12 v1.0 (Personal Information Exchange Syntax Standard)
  • PKCS#11 v2.20 (Cryptographic Token Interface)
  • Microsoft CryptoAPI, CSP (Cryptographic Service Provider) & CNG (Cryptographic New Generation)
  • Mozilla NSS (Network Security Services)
  • Apple KeyChain

Signature validation policies (EPES signatures):

  • ASN.1 format for signature policies (ETSI TR 102 272 v1.1.1)
  • XML format for signature policies (ETSI TR 102 038 v1.1.1)

Signature algorithms:

  • RSA PKCS#1 (RSA Cryptography Standard)

    • "RSA/Sign, padding=1.5"
    • "RSA/Sign, padding=PSS"
  • DSA (Digital Signature Algorithm or Digital Signature Standard)

    • "DSS, encoding=ASN.1"
    • "DSS, encoding=RAW"
  • ECDSA (Elliptic Curve Digital Signature Algorithm)

    • "ECDSA, encoding=ASN.1"
    • "ECDSA, encoding=RAW"
  • Digest algorithms:

    • "sha-1"
    • "sha-256"
    • "sha-384"
    • "sha-512"
  • MD (Message Digest)

    • "md5"
  • RIPEMD (RACE Integrity Primitives Evaluation Message Digest)

    • "ripemd160"

II- Timestamping

Learn more
  • RFC 3161 (Time-Stamp Protocol)
  • PAdES (ETSI 102 778 - Part 4)


Learn more
  • Software key generation (Single usage certificate)
  • PKCS#10 v1.7 (Certification Request Standard)
  • PKCS#8 v1.2 (Private-Key Information Syntax Standard)
  • Key generation algorithms:

    • "RSA/KeyGen"
    • "DSS/KeyGen"
    • "EC/KeyGen, curve=P-192"
    • "EC/KeyGen, curve=P-384"
    • "EC/KeyGen, curve=P-521"
    • "EC/KeyGen, curve=K-163"
    • "EC/KeyGen, curve=B-163"

IV- Other functions

Learn more
  • Java 1.5 and further compatible
  • Advanced logging
  • Advanced template configuration from properties
  • Advanced signature field configuration for PAdES signatures
  • PDF pre-processing for PAdES signatures
  • CUTE applet for direct usage from JavaScript

V- Architecture

Learn more
  • Kernel: Core functionalities, which are always present in CUTE.
  • CAdES: Support for generation of CAdES signatures
  • PAdES: Support for generation of PAdES signatures
  • XAdES: Support for generation of XAdES signatures
  • TSA: Support for retrieval of time stamps (from external time stamp authorities)
  • sigvp: Support for decoding and analysis of signature validation policies
  • PKI: Support for keys and certificate generation
  • Applet: Support for CUTE applet.
CTA telecharger Download our products
Test our products for 15 days
Product downloads
CTA cas client Success stories
Discover how our customers are using our products
Success stories
CTA pdf Product sheet
Learn more about our dateiled product features
Product Sheet