Architecture Component

Prerequisites

When installing the Local Signing Application, the following dependencies are mandatory:

• Installation of a Trust1Connector instance

• Internet connection for Application Updates

Trust1Connector

The Trust1Connector can be downloaded from the application itself (see Settings).

The functionality of the Trust1Connector, acting as a middleware running in user space, is to enable smart card or token connectivity. The Trust1Connector is your personal and local Identity Provider. As it is inherently decentralized, you are solely in control of your identity when using the Trust1Connector.

High-level Components

The following image depicts all the components used for the Local Signing Application:

Component Overview

Component	Environment	Description
LSA-App UI	Local User Space	The native desktop UI where the user interacts with
LSA-Embedded SQL	Local User Space	A local file database, located in the LSA folder (See Local Folder Selection)
LSA-Local Backend	Local User Space	A native compile backend used the the UI to complete exposed use cases
Signbox API	Local User Space/Network/Docker	Implements the EIdAS protocol, used by LSA to digitally sign a PDF document
T1C-API	Local User Space	Trust1Connector middleware, an user managed identity provider running local in user space. Solely in control of the user, and facilitates communication with smart card readers, tokens and secrets stores. The API enables integration endpoints for External web/native applications
T1C-REG	Local User Space	Optional component which activates when running in a shared environment or remote desktop
T1C-Sandbox	Local User Space	Protocol implementations for smart cards RFCs, X509 PKI protocols and other hardware releated communication protocols

Conceptual Flow

The LSA runs as a cross-platform native application developed in Rust. The application operates in a user session as a secured sandbox. The user interactions are shielded from any browser or web application, all communication in/out is controlled by the application.

The LSA uses the T1C to communicate with smart cards, hardware tokens, software token and the trust store/keystore.

The LSA application has an API, which is accessible from a web application, by enabling the T1C-LSA module. The T1C version needed to operate correctly can be downloaded from the LSA: Settings menu.