Skip to content
QUALIFIED TRUST SERVICES

Legally compliant digital signatures (eIDAS) to drive forward the digitalization of your business processes.

CORPORATE TRUST SERVICES

Cryptography-based trust services
to protect your digital identities,
data and business secrets.

Qualified electronic signature products based on eIDAS - legally binding and secure.

API GUIDE

Upgrade your application with electronic signatures by primesign.





DOCUMENT SIGNING API

Signing of PDF documents. primesign handles document processing and adds a visual signature stamp.

HASH SIGNING API

Signing of hash values. Your application handles document processing and provides the document viewer.

CASH BOX API

RKSV-compliant JWS- or raw signatures for cash box receipts.





Developer_SQ
primesign SUPPORT

Our offer regarding support & service.





CERTIFICATE REVOCATION

Suspicion of certificate misuse?





SERVICE STATUS

Up-to-date operational status of all primesign services.




PREMIUM SUPPORT PORTAL

Visit our Support Portal for customers with Service Level Agreement (Premium SLA or Standard SLA).

FAQ

Find your answers to frequently asked questions.





FAQ
BASIC SUPPORT

Support contact for general support requests.





primesign TRUST CENTER

All documents for our qualified trust services, certificate revocation list, root-/CA- certificates, etc.

RESOURCES

Fact sheets, product documentation and more.



BG_ICON_ARROW_3
BG_ICON_ARROW_3
primesign RKSV

CASH BOX SIGNING

Use primesign to sign your cash box receipts legally compliant in accordance with § 131b para. 2 BAO.

We offer solutions for companies of all sizes, whether in the cloud, in your own data center or via smart cards.

OVERVIEW REMOTE SIGNING

Use our highly available central remote signing infrastructure with hardware security module either as Software-as-a-Service or as a dedicated tenant environment. In both cases, we offer guaranteed quality of service levels. You benefit from our longstanding experience as a qualified trust service provider and our highly secure operating environment.

Alternatively, we can also deploy our primesign RKSV Remote Signing solution on-premise in your data center.

RKSV REMOTE SIGNING ACCOUNT

from € 185 per year (excl. VAT)

Issuance of certificates according to RKSV regulations

Signature creation according to RKSV regulations

99,8% guaranteed uptime
No signature limit
Guaranteed processing times: 50/100/150 ms - depending on chosen package
REST-API for signing
SHA256/ECDSA signatures via JSON web signature (JWS) or RAW signature
High-Security data center located in Austria

max. 100 devices for 1 certificate permitted

Support hotline & fault registration

Support service availability: mon-fri 8am-6pm / mon-sun 0-24h - depending on chosen package

Your cash register software connects to the primesign RKSV signature via REST API. Contact your cash register manufacturer or cash register supplier to find out whether your cash register software supports the primesign RKSV signature.

Visit our online store to choose from the various service packages and order your RKSV remote signing account today.

RKSV REMOTE SIGNING VIRTUAL

On request
Issuance of certificates according to RKSV regulations
Signature creation according to RKSV regulations
Dedicated tenant environment operated by the primesign TRUST CENTER
99,8% guaranteed uptime
No signature limit
Guaranteed processing times: 50ms
REST-API for signing
SHA256/ECDSA signatures via JSON web signature (JWS) or RAW signature

Admin REST-API for certificate issuance and -management

Admin UI for certificate issuance and -management
High-security data center located in Austria
Support hotline & fault registration
Support service availability: Standard mon-fri 8am-6pm / Premium (on request) mon-sun 0-24h

Use a dedicated primesign RKSV tenant environment. High performance and high availability are guaranteed. The hardware basis for your virtual primesign RKSV Remote Signing Service are the components of our central remote signing infrastructure.

You do not need to worry about maintenance and operational aspects, such as availability, failure safety, or back-up mechanisms; these are entirely our responsibility.

RKSV REMOTE SIGNING ON-PREMISE

On request
Issuance of certificates according to RKSV regulations
Signature creation according to RKSV regulations
1 or more hardware appliance suitable for operation in your data center
No signature limit
REST-API for signing
SHA256/ECDSA signatures via JSON web signature (JWS) or RAW signature

Admin REST-API for certificate issuance and -management

Admin UI for certificate issuance and -management
Support hotline & fault registration
 
Support service availability: Standard mon-fri 8am-6pm / Premium (on request) mon-sun 0-24h

With our on-premise primesign RKSV Remote Signing solution, you receive the signature creation devices for RKSV as hardware appliances that are suitable for operation in your data center. Additionally, we take care of the necessary maintenance and monitoring of ongoing operations and ensure the availability and performance of your primesign RKSV Remote Signing solution.

 

CASH REGISTER API

API documentation for the creation of RKSV-compliant JWS and raw signatures of cash register receipts with primesign RKSV Remote Signing. Admin API for certificate issuance and management.

OVERVIEW SMART CARD SIGNATURE

With the primesign RKSV Smart Card, you can sign receipts at individual cash registers or in a cash register network without Internet connection.

To use the primesign RKSV Smart Card, you need our Smart Card, a Smart Card reader and the corresponding signature software for your cash register.

primesign RKSV Smart Card

Issuance of certificates according to RKSV regulations

Pre-cut smart card in bankcard format

Pre-cut smart card in SIM card format
optional: bundle with smart card reader
optional: instant replacement service

You will receive your primesign RKSV Smart Card fully pre-personalized and functionally tested. This means that our smart cards can be used immediately upon receipt and without any further steps (such as separate activation) on your part.

Choose from the different bundles in our store.

primesign RKSV Smart Card

Documentation on the integration and use of primesign RKSV Smart Cards.

FREQUENTLY ASKED QUESTIONS

GENERAL

Further information on RKSV

Further information on the RKSV:

+ Cash RKSV regulation and detailed specification

+ BMF cash register manual

+ WKO cash register information

 

 

When registering my signature creation device in Finanzonline, I receive the error message "Der Ordnungsbegriff im Zertifikat ist nicht dem registriertem Unternehmen zugeordnet.".

When registering your signature creation device, Finanzonline reads the order term ("Ordnungsbegriff" such as UID, tax number or GLN) from the chosen certificate to assign the certificate to the registered company. If this assignment fails with the above error message, this may have the following causes:

  1. The order term ("Ordnungsbegriff") specified in the certificate is incorrect. Please check that your details are correct when purchasing the certificate.
  2. The order term ("Ordnungsbegriff) specified in the certificate is not present in Finanzonline.
My RKSV certificate expires. What do I have to do?

The RKSV certificates issued by PrimeSign GmbH for receipt signatures within the framework of the Austrian Cash Register Security Regulation (RKSV) are valid for 6 years from the date of issue. Thus, at the end of this year (December 2022), the first RKSV certificates will exceed their validity and expire. The following information serves as preliminary information regarding the continued use of expired RKSV certificates.

The following applies to all RKSV certificates issued by primesign:

  1. Continued use after expiration possible
    RKSV certificates may continue to be used after the expiration date, provided that the certificate in question was registered as a security device for manipulation prevention in FinanzOnline before its validity expired. Whether a certificate may continue to be used after its validity has expired is ultimately at the discretion of the customer or the cash register manufacturer. 

    For cash register manufacturers:
    Please ensure that your application supports the use of expired certificates!


    For users:
    Please contact your cash register manufacturers to find out whether your cash register software supports the use of expired certificates!


  2. New RKSV certificate required for new registration or recommissioning of a security device for manipulation prevention in FinanzOnline

    The validity of the RKSV certificate is verified when a security device for manipulation prevention is newly registered or reactivated in FinanzOnline. An expired certificate cannot be used in this case. A new RKSV certificate must be ordered and issued. Depending on where you obtain your cash register, you can order the certificate directly from your cash register manufacturer or via our online store. You will receive your new RKSV certificate, including new access data.

    Note:
    This only applies to the new registration or recommissioning of a security device for manipulation prevention (and not the cash register itself) in FinanzOnline.

    For users:
    If you no longer need your expired certificate, please cancel it via your cash register manufacturer, or if you have obtained the certificate directly from us, using the contact details provided at our online store.

The legal basis for continued use is § 15 (3) RKSV:
"[...] Eine Verwendung des Zertifikates über das Ende seiner Gültigkeit hinaus ist zulässig, sofern der im Zertifikat vorhandene Signaturalgorithmus laut Z 2 der Anlage als sicher gilt."

The cryptographic keys as well as the signature algorithm that are used by primesign meet the necessary standards and are considered to be secure.

See also: RKSV customer information

REMOTE SIGNING

How can I check the availability/processing time of the primesign RKSV Remote Signing Service?

At the following address you will find a status page for our RKSV Remote Signing Service, which gives you an overview of the availability and mean response times of the primesign RKSV Remote Signing Service: https://status.prime-sign.com/

What do the response times on the status page mean?

The quality of primesign RKSV Remote Signing service is defined by compliance with agreed response times for the execution of signing requests (signature creation). Since third-party systems that are not within primesign's sphere of influence are also involved in the creation of remote signatures, the quality of service is measured using primesign's reference systems. The respective QoS level can be found in the description of the ordered product.

The measurement of the specified throughput times begins upon receiving the signing request at the primesign RKSV remote signing service and ends when the correct response is sent by the service. The measurement of the contractually agreed response times therefore only takes into account the signature process. The guaranteed processing time does not include any other system-related processing times, such as those caused by additional communication protocols, e.g. by the SSL/TLS connection setup ("handshake") or authorization measures, etc., or any network latency times in the connection path to our system, such as due to low or fluctuating connection speeds or load situations, etc., as these are not or only partially within primesign's sphere of influence.

The measured values shown are current and taken from the productive system. We show the mean response time of the last 60 minutes and 24 hours for all signing requests processed on the system. All announced outages (e.g. maintenance windows etc.) are not taken into account and are therefore excluded.

In the event of a complaint, a corresponding log of the response times of a client (customer) is started for the contractually agreed observation period of 30 calendar days. The result of this 30-day logging is used to determine our actual QoS for the client and for further processing of the complaint.

How can I test my credentials for my primesign RKSV Remote Signing product?

With the credentials for our primesign RKSV Remote Signing service, you have received a Base URL, a user ID and a shared secret (= password). You can test your credentials below.

The Base URLs differ depending on where you purchased your product (EFSTA or via our Cryptoshop). Please select the correct link to create a test signature according to your Base URL.

If the text "Test successful!" appears after entering and confirming the credentials, then your credentials are correct. If a window with the text "User ID / Shared Secret not accepted" appears, please contact support.

a. EFSTA customers (base URL: https://rs-1f9e614c.ps.prime-sign.com)

Create test signature

For demonstration purposes, you can also use the following access data for a demo company:

  1. UserId: user123
  2. Shared-Secret: a4cfdc96-d083-4236-befc-64fa4cd9e6bb

b. Customers from the Cryptoshop (base URL: https://rs-fc8349ca.ps.prime-sign.com)

Create test signature

For demonstration purposes, you can also use the following access data for a demo company:

  1. UserId: user123
  2. Shared secret: KNJOJ-BLZDB-2QR2L-XPUUY-JR5Z6

c. Customers who use our Remote Signing Service via other distributors/partners etc.

Please contact your cash register manufacturer or cash register supplier.

Where can I get the credentials for my primesign RKSV Remote Signing product? You will receive the credentials from our Cryptoshop or your integrator or cash register supplier after the certificate has been issued and your account has been initialized.
What is the base URL for my primesign RKSV Remote Signing product?

a. For EFSTA customers

  • Base URL: https://rs-1f9e614c.ps.prime-sign.com
  • This means, for example, that the URL for the interface for creating a RAW signature is: https://rs-1f9e614c.ps.prime-sign.com/rs/rk/signatures/r1raw

b. For customers from Cryptoshop

  • Base URL: https://rs-fc8349ca.ps.prime-sign.com
  • This means, for example, that the URL for the interface for creating a RAW signature is: https://rs-fc8349ca.ps.prime-sign.com/rs/rk/signatures/r1raw

More information on the specific URLs for the individual REST services can be found in the documentation in section 2.4. The documentation (primesign Remote Signing API Guide) can be found at the following address here.

My cash register software reports: "The signature unit is not available" or "Security device has failed" (or similar). What can I do?
  1. Please check if our service is available
  2. Please check whether your credentials are correct
  3. Please check whether the primesign RKSV Remote Signing Service can be reached from your cash register or POS system via the Internet.
  4. Please check whether an error in the POS system can be ruled out. If necessary, contact your cash register manufacturer or cash register supplier to find out the exact error.
What firewall rules do I need to access my primesign RKSV Remote Signing product from my POS system?

The firewall rules differ depending on where you obtained your product from (EFSTA or via Cryptoshop).

a. EFSTA customers

  1. URL: rs-1f9e614c.ps.prime-sign.com
  2. Port: 443
  3. IP address (static): 149.154.99.185

b. Customers from the Cryptoshop

  1. URL: rs-fc8349ca.ps.prime-sign.com
  2. Port: 443
  3. IP address (static): 149.154.99.186

SIGNATURE WITH PRIMESIGN RKSV SMART CARD

My cash register software reports: "The signature unit is not available" or "Security device has failed" (or similar). What can I do?
  1. Please check whether your Smart Card is correctly inserted in the card reader (fully inserted, correct insertion direction, inserted in the correct card reader, etc.).
  2. Please check that the card reader is correctly connected and plugged into the correct cash register. Disconnect the card reader once and then reconnect it.
  3. Please check that your cash register successfully recognizes the card reader and the inserted card.
  4. Please check whether an error in the cash register system can be ruled out. If necessary, contact your cash register manufacturer or cash register supplier to find out the exact error.
  5. If the above reasons can be ruled out and a defect in a card reader and/or smart card supplied by us is suspected, please contact our Cryptoshop

MANUFACTURERS OF CASH REGISTER SOFTWARE SOLUTIONS, INTEGRATORS AND PARTNERS

I would like to integrate the primesign products into my solution. What do I need for this?

a. For primesign RKSV Smart Card

The integration of our primesign RKSV Smart Card into the cash register application is possible via APDU sequences. See our smart card documentation.

b. For primesign RKSV Remote Signing service

Our remote signing service can be integrated via a REST interface. We provide two REST APIs. One for cash box receipt signing and an Admin API for issuing and managing certificates.

See API Documentation.

Depending on the product version, you can either only use the User REST API or the User and Admin REST API.

  1. Product version "primesign RKSV Remote Signing Account":
    You have access to the User REST APIs (using the end customer's credentials). Certificates are issued when the customer or a contracted service provider places an order in our Cryptoshop.
  2. Product version "primesign RKSV Remote Signing Virtual":
    You have access to the User REST API (using the end customer's credentials) and admin interface (using separate credentials assigned by us). Certificates are issued by you (you need a corresponding RA contract for the authorization to issue certificates).
  3. Product version "primesign RKSV Remote Signing On-Premise":
    You have access to the user interface (using the end customer's access data) and admin interface (using separate access data assigned by us). Certificates are issued by you (you need a corresponding RA contract for the authorization to issue certificates).
Do you provide a test system during integration? For our remote signing service, we provide you with credentials to a test system that you can use during integration and for further development. Contact us at developer@prime-sign.com for credentials to our test system.
Do you also provide code examples or similar? Apart from the example requests contained in the API documentation, we do not provide any explicit code examples for specific programming languages.
How or where can I obtain the information for the values for the certification bodies (required in the DEP)?

The certification authorities correspond to our certificate hierarchy for RKSV. The corresponding certificates of the certification authorities can be downloaded from the following address: tc.prime-sign.com/ (RKSV hierarchy, DER format).

You can encode these certificates as Base64 values using a tool/software of your choice.

Further information on RKSV

Further information on RKSV:

+ RKSV regulation and detailed specification

+ BMF cash register manual

+ WKO cash register information

 

 

Do you have questions or need more information?