GSign Docs

Appearance

Master Prompt

Complete technical specification for the GSign Digital Signature Platform.

INFO

Энэ нь төслийн бүрэн техникийн specification юм. Шинэ session эхлэхдээ энийг уншаад контекстыг ойлгоно уу.

Project Overview

GSign is an enterprise-grade digital signature platform with API-first architecture for third-party integrations. Built to comply with international standards (eIDAS, ESIGN, UETA) with a usage-based business model.

Core Architecture

Technology Stack

Backend (Go):

  • Go (Golang) 1.21+
  • Fiber v2 (high-performance web framework)
  • PostgreSQL (primary database with pgx driver)
  • Redis (caching, sessions, queues)
  • MongoDB (document storage, audit logs)
  • Asynq (distributed task queue)
  • AWS S3 (document storage)

Frontend (Next.js):

  • Next.js 14+ (App Router)
  • TypeScript
  • Tailwind CSS (styling)
  • Zustand (state management)
  • React PDF (document rendering)
  • React Signature Canvas (signature capture)
  • TanStack Query (data fetching)
  • Shadcn/ui (component library)

Authentication & Security:

  • JWT with refresh tokens (golang-jwt)
  • bcrypt (password hashing)
  • Go crypto/x509 (X.509 certificate handling)
  • pdfcpu (PDF manipulation and signing)
  • digitalsignature/pkcs7 (PKCS#7 signature generation)

PKI & Certificate Management:

  • HSM Backend Service (internal microservice)
  • Certificate generation, document signing, validation
  • PKCS#12 (.p12/.pfx) import/export
  • X.509 certificate parsing and validation
  • OCSP/CRL for certificate revocation checks

Core Functional Requirements

1. Document Management

  • Upload: PDF, DOCX, XLSX (max 25MB)
  • Storage: S3 with encryption at rest
  • Versioning: Track all document versions
  • Metadata: Title, tags, custom fields
  • Conversion: Auto-convert to PDF for signing
  • Preview: Real-time document viewer

2. Digital Signature Workflow

Field Types:

  • Signature (drawn, typed, uploaded image)
  • Initial
  • Text input
  • Date (auto or manual)
  • Checkbox
  • Dropdown

Signing Methods:

  • Simple Electronic Signature (draw, type, upload)
  • Advanced Electronic Signature (PKI)
  • Qualified Electronic Signature (QES with HSM)

3. Multi-Party Workflows

Routing Options:

  • Sequential (ordered signing)
  • Parallel (any order)
  • Hybrid (mixed sequential/parallel)

Participant Roles:

  • Signer, Approver, CC, In-person signer

4. PKI & Certificate Management

Users can own multiple digital certificates:

  • Self-signed certificates (testing)
  • CA-issued certificates
  • eIDAS qualified certificates
  • Corporate certificates

HSM Integration:

  • External HSM device for certificate generation
  • Private key never leaves HSM
  • Development mode with mock HSM service

5. API Platform

RESTful API Design:

  • Versioned endpoints (/api/v1/)
  • JSON request/response
  • Pagination (cursor-based)

Key Resources:

  • Documents (CRUD, upload, download)
  • Envelopes (create, send, void, download)
  • Templates (CRUD, instantiate)
  • Recipients (add, update, resend)
  • Certificates (generate, import, list, delete, sign)
  • Webhooks (subscribe, manage)

6. Billing & Analytics

Pricing Model:

  • Free: 5 envelopes/month
  • Pro: $15/user/month
  • Business: $40/user/month
  • Enterprise: Custom pricing

Certificate Pricing:

  • Self-signed: Free
  • Standard CA-issued: $75/certificate
  • eIDAS qualified: $250/certificate
  • PKI signature: $0.20/signature

Development Standards

Code Quality

Backend (Go):

  • golangci-lint with strict configuration
  • gofmt, goimports (enforced in CI)
  • Minimum 80% test coverage

Frontend (Next.js):

  • TypeScript Strict Mode
  • ESLint + Prettier
  • React Testing Library + Vitest

API Design Standards

Response Format:

json
{
  "success": true,
  "data": {},
  "meta": {
    "page": 1,
    "limit": 20,
    "total": 100
  }
}

Error Format:

json
{
  "success": false,
  "error": {
    "code": "INVALID_REQUEST",
    "message": "Human readable error",
    "details": {}
  }
}

Performance Requirements

  • API endpoints: < 200ms (p95)
  • Document upload: < 5s for 10MB
  • 10,000 concurrent users
  • 99.9% uptime SLA

Security Checklist

  • ☑️ Input validation on all endpoints
  • ☑️ SQL injection prevention
  • ☑️ XSS protection
  • ☑️ CSRF tokens
  • ☑️ Rate limiting
  • ☑️ Authentication on protected routes
  • ☑️ Authorization checks (RBAC)
  • ☑️ Secure password storage (bcrypt)
  • ☑️ Encrypted sensitive data
  • ☑️ HTTPS only
  • ☑️ Audit logging

Version History

VersionDateChanges
1.02026-01-23Initial master prompt
1.12026-01-23Technology stack change (Node.js → Go, React → Next.js)
1.22026-01-23PKI & Certificate Management module added

GSign Digital Signature Platform

Copyright © 2026 GSign