The DSC agent

DSC signing uses a physical USB crypto-token. Because browsers can’t talk to USB security tokens directly, QSign uses a small desktop helper — the Qsign Agent — to bridge your token to the web app. It runs locally and exposes a secure endpoint at https://127.0.0.1:3176.

The agent is cross-platform and vendor-neutral: it auto-discovers any installed PKCS#11 module (OpenSC, eMudhra, Capricorn, NCode, SafeNet) and works with Class 3 DSC tokens.

Install

In the QSign web app, go to Help → Download the DSC Agent (it auto-detects your platform), or grab an installer from the releases page:

Platform	Installer
Windows 10 / 11 (64-bit)	Qsign-Agent-windows-x64-setup.exe
macOS (Apple Silicon)	Qsign-Agent-macos-arm64.dmg
Linux (Debian / Ubuntu)	Qsign-Agent-linux-x64.deb

Sign

1. Plug in your DSC USB token.
2. Launch Qsign Agent — it sits in your menu bar (macOS) or system tray (Windows/Linux).
3. Trust the local certificate — on first launch macOS asks you to trust the agent’s local certificate (Always Trust); Windows and Linux are silent.
4. Open a document and click Sign with DSC — your certificate appears automatically.
5. Enter your DSC PIN.

Your PIN never leaves your computer

Only the hash to be signed (in) and the resulting signature (out) cross the wire. Your DSC PIN and private key stay on your machine — they are never sent to QSign servers. The agent only accepts requests from QSign origins.

Troubleshooting

• “Agent not detected” — confirm Qsign Agent is running and that you trusted its certificate on first launch (macOS).
• No certificate listed — confirm the token is plugged in; some tokens also need their CA’s vendor middleware installed.
• Adobe shows a yellow ⚠ — the signature is cryptographically valid; the warning means the reader doesn’t yet trust the signer’s CA chain. It doesn’t affect legal validity.