| Electronic Signatures | |
|---|---|
| To create a 'simple' electronic signature, a digest (i.e. data) is signed with a private key that is only in the possession of the signer. The signature can be verified with a corresponding public key, that can be shared with the recipients of the data. | |
| Typically an electronic signature involves the signing of a payload, without indicating the purpose (commitment type) of the signature (e.g. approval or cancellation request). This makes the evidence incomplete. |
|
Quali-Sign |
| Specialists in mobile apps for eID and Strong Customer Authentication | |
Standards > Electronic Signatures
| eIDAS | |
|---|---|
| EU Commission: Trust Services and eID | |
| eIDAS Observatory | |
| CEF Digital : Signature Standards | |
| (EU) No 910/2014 eIDAS Regulation | |
| (EU) 2015/1506 Specification of Advanced Electronic Signatures | |
| Advanced Electronic Signatures | |
|---|---|
| With an advanced electronic signature, the signer must possess an X.509 certificate that contains his details and a copy of the public key that corresponds to their private key. Now the digest contains the following elements: | |
| ◆ | The payload (e.g. payment data) |
| ◆ | A copy of the signer's X.509 certificate. |
| ◆ | The mime-type of the data being signed. |
| ◆ | A timestamp. |
| ◆ | A commitment type (e.g. creation, delivery, receipt, approval, cancellationRequest, revocation). |
| A benefit of the Advanced Electronic Signature structure is that it packages all the information required for the recipient to verify the signature. The recipient can even use a 3rd party online tool to perform the verification. | |
| ETSI Standards | |
|---|---|
| XAdES Baseline Profile | |
| Associated Signature Container (ASiC) | |
| List of Commitment Types (see Annex B) | |
| Signature Verification | |
|---|---|
| ETSI Signature Conformance Checker | |
| EU DSS signature validation tool | |
| Alternative signature validation tool | |
| Qualified Electronic Signatures | |
|---|---|
| In order for advanced electronic signatures to become 'Qualified': | |
| ◆ | The creation of the signature must be performed on a certified Qualified Signature Creation Device (QSCD) |
| ◆ | And the signer's X.509 certificate must be issued by a Qualified Trust Services Provider (i.e. certificate authority) |
| Only these signatures are recognised as carrying the equivalent legal strength as a handwritten signature, in all the countries of the EU. | |
| Signature flavours supported by our eID app | |
|---|---|
| ◆ | Our eID app supports all three flavours of Electronic Signature. |
| ◆ | To date, the only smartcard that has been tested with the app is the Estonian eResidency smartcard (a certified QSCD). Other smartcards will be tested on request. |