As the first long-term storage solution available on the market, the proNEXT Archive Manager from the procilon GROUP has received the TR-ESOR certificate from the BSI according to the new version...
Signature creation
Things worth knowing about signatures
Why sign digitally?
Why sign digitally?
One of the most common requirements in industry and administration is the digitization of paper-based processes. This includes circular resolutions and contracts as well as documents for documentation purposes. The digitization of these processes is made particularly difficult if the legislator requires the written form according to BGB §126. In this case, the qualified electronic signature according to eIDAS-VO is the right solution. Other trust services of the eIDAS-VO can be used for other applications. With the right tool of the eIDAS-VO and the use of the defined standards, digitization is significantly simplified.
Electronic or digital signature?
Electronic signature
The electronic signature is a legal or legal term. This is data linked to electronic information that identifies the signer. Functionally, it is similar to the handwritten signature on paper, with only the qualified electronic signature having such a handwritten signature
Signature is equated. The legal framework
the electronic signature were in the eIDAS regulation summarized.
Digital signature
The digital signature is an asymmetric cryptosystem in which the signer uses his secret signature key (private key) to encrypt the hash value of a document to be signed. This encrypted hash value allows anyone to use the public verification key (Public Key) to check the integrity of the document. In order to be able to assign a signature created with a signature key to a person, the associated verification key must be unequivocally assigned to this person.
Digital signatures can be used to create secure electronic signatures in accordance with Article 3 No. 10 to 12 of the eIDAS regulation produce.
The simple electronic signature does not place any requirements on the identification of the signer or the integrity of the data.
The image of a scanned signature or the e-mail footer can already represent a simple electronic signature.
However, a certificate (digital signature) can be used to ensure the integrity of the document.
EES
no proof of person
Document may have been modified
not to be equated with a manual signature
no evidence in court
EDF
The advanced electronic signature is created by means that the signer can maintain under his sole control.
The requirements for identification are publicly stored in the certificate guidelines (CPS).
This results in a clear identification of the owner. The digital signature ensures the integrity of the document.
proof of person
Document has not been changed
not to be equated with a manual signature
no evidence in court
Within the qualified electronic signature the owner of the signature can be clearly assigned.
A qualified certificate issued by a trust service provider is used.
Only this signature fulfills the written form requirement according to BGB §126a probative value of private documents according to ZPO §371a.
QUESTIONS
proof of person
Document has not been changed
equivalent to a handwritten signature
reliable evidence in court
Which signature?
Which signature?
The corona pandemic and its consequences reveal how important the digital processing of contracts is for the functioning of everyday processes. Remote work and the increase in collaborative work via long-distance communication and tools have become an integral part of the modern working world. And cross-border business transactions are also increasing - the simultaneous presence of contractual partners to sign documents is no longer the standard case. However, in various contexts, questions about the digital processing of orders, contracts and evidence are always being asked. The use of trust services and the use of various electronic signatures according to the eIDAS regulation fulfill an important function here.
The Bitkom working group on the use of electronic trust services focuses on user practice around trust services. With this guide we want to make a contribution to the correct use of the services and in this article we have compiled the most important aspects and answers on the subject of digital signatures for practical use.
Since the eIDAS-VO came into force, electronic signatures can be triggered on the go, for example via smartphones or tablets. The private signing key is generated on secure servers of a qualified trust service provider (VDA). With the remote signature, documents can be electronically signed in a matter of seconds, conveniently and cost-effectively.
Hash value signature
From Sign Live! only the hash values of the documents are transferred to the VDA. The effectively legible documents do not leave the customer's system environment! In this respect, the VDA has no access to the documents to be signed or can draw any conclusions about their content.
Remote signature
Remote signature
Siegel
Siegel
According to eIDASArt. 35 (2) applies to qualified electronic seals the presumption of the integrity of the data and the accuracy of the proof of origin of the data. Among other things, the seal serves as an integration guarantee according to BSI TR-RESISCAN and the guidelines of the Federal Office for Social Security as well as for tenders, offers and assignments at federal level.
Proof of legal entity
Document has not been changed
not to be equated with a manual signature
reliable evidence in court
According to eIDAS Art. 41 (2) applies to qualified electronic timestamps the presumption of the accuracy of the date and time stated therein and the integrity of the data associated with the date and time.
Time stamps can be applied to a document as an independent signature, but can also be part of a personal signature or seal.
time stamp
time stamp
no proof of legal or natural person
Document has not been changed
not to be equated with a manual signature
reliable evidence in court
Preserve
Preserve
Preservation services make it possible to extend the trustworthiness of qualified electronic signatures and seals beyond the period of their technological validity.
The conclusive storage of signed documents over a long period of time requires a form of storage that ensures the readability and preservation of the probative value of the documents and signatures, regardless of the storage medium. In order to maintain the legal validity and probative value of electronic signatures and seals in the long term, suitable preservation techniques must be used, as described in ETSI SR 019 510.
The preservation techniques used by a “Preservation Service” (PresS) under Article 34 of the eIDAS regulation must be implemented can be based on evidence files (Evidence Records) according to RFC 4998 or RFC 6283 or the continuous preservation of signatures with archive time stamps according to CAdES or XAdES.
Electronic signatures, seals and time stamps that comply with the eIDAS-VO
generated can be checked by a validation service.
For this purpose, the validation service uses the certificates contained in the trust lists according to Article 22 eIDAS regulation or the implementation decision DFB (EU) 2015/1506 and ETSI TS 119 162(v2.1.1) as an anchor of trust and carries out a signature check according to EN 319 102-1 with an appropriate signature verification policy (Signature Validation Policy) by.
If signed documents have to be validated in large quantities or if validation is to be carried out as background processing within a workflow, an on-premise validation server can be used.
In order to reliably check electronic signatures, seals and time stamps at the workplace, standard programs such as Adobe Acrobat Reader can be used for PDF documents. An alternative to this is the Sign Live! CC validation client, which, in addition to signed PDF documents, can also securely check all other signature formats (CAdES, PAdES, XAdES and Evidence Records).