sgcSign produces eIDAS-grade digital signatures from Delphi, C++Builder and .NET code: XAdES for XML, PAdES for PDF, CAdES for any binary content and ASiC containers to bundle documents with their signatures. All four AdES levels, 10 key providers and 21 pre-configured EU country profiles, with native CNG/BCrypt cryptography and no external DLLs.
One signing engine behind four signature families. Pick the format your regulator or counter-party expects; the profile does the rest.
A Delphi XAdES / PAdES digital signature component has one job: produce output that the receiving portal actually accepts. sgcSign covers the four ETSI signature families: XAdES (EN 319 132, XML), PAdES (EN 319 142, PDF), CAdES (EN 319 122, CMS/PKCS#7) and ASiC-S / ASiC-E containers (EN 319 162), at every AdES level from B-B (basic) through B-T (timestamped) and B-LT (long-term, with embedded chain and revocation data) up to B-LTA (long-term with archive timestamps).
Keys come from wherever yours live: local PFX/PKCS#12 and PEM files, the Windows certificate store, PKCS#11 smart cards and HSMs, or cloud services (Azure Trusted Signing, AWS KMS, Google Cloud KMS, HashiCorp Vault, Certum SimplySign, CSC v2 remote QTSPs). Every provider implements the same IsgcKeyProvider interface, so switching from a PFX file to a cloud HSM is a one-component change.
XAdES
Enveloped, enveloping and detached XML signatures: TsgcSignXML + TsgcSignProfile_XAdES
PAdES
PDF signatures with visible appearance, Adobe Acrobat compatible: TsgcSignPDF + TsgcSignProfile_PAdES
CAdES & ASiC
CMS/PKCS#7 signatures over any file, plus ZIP-based ASiC-S / ASiC-E containers
Compilers
Delphi 7 through RAD Studio 13, C++Builder and .NET
Features
Built for EU compliance work
The pieces that turn a raw signature into a document a public administration accepts.
RFC 3161 timestamps
Point TSA.URL at any timestamp authority and levels B-T and above embed a signature timestamp automatically.
Long-term validation
For B-LT / B-LTA, OCSP.AutoFetch and CRL.AutoFetch retrieve and embed the full chain and revocation data, so the document verifies for years without network calls.
21 country profiles
VeriFactu, TicketBAI, Facturae, FatturaPA, KSeF, Factur-X / ZUGFeRD, e-Factura, SAF-T PT, Peppol and more. Each profile pre-tunes hash, canonicalization, level, timestamp and revocation policy for the target regulator.
Employment contracts
Nine EU employment-contract profiles (Germany, Italy, Spain, France, Austria, Belgium, Portugal, Netherlands, Poland) pre-set the AdES / QES level each jurisdiction expects.
Verification & reports
TsgcSignatureVerifier validates digests, chains, OCSP revocation and timestamps, and returns a structured report with the detected level, signer and status.
EU Trust List
TsgcEUTrustList parses the live LOTL and the per-Member-State Trusted Lists, so you can classify any certificate as eIDAS-qualified against the official EU registry.
Visible PDF signatures
Signer name, reason, location, contact info and a configurable signature rectangle on any page, compatible with Adobe Acrobat.
Native cryptography
Windows CNG/BCrypt under the hood. No OpenSSL DLL to deploy alongside your executable.
Library or server
The same engine ships as an in-process component library and as sgcSign Server, a self-hosted REST signing daemon for build farms and CI pipelines.
QuickStart
Sign an XML invoice, then a PDF
Load a key provider, configure a profile, sign. The same three-step pattern for every format.
Every signing workflow should end with a verification pass. TsgcSignatureVerifier takes the signed XML or PDF and returns a report per signature: the AdES level actually achieved, the signer subject, the timestamp and any chain or revocation problems. If you asked for B-T and the report says B-B, the timestamp request failed and you find out on your machine, not in the regulator's error queue.
For eIDAS qualification checks, combine the verifier with the EU Trust List component: sgcSign validates signatures the same way the EU validates them, against the live LOTL, and can produce a standardised validation report.