Skip to content

Instantly share code, notes, and snippets.

@robvanmieghem
Last active January 15, 2020 15:28
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save robvanmieghem/8f77a19696a493821c556dac89680b4e to your computer and use it in GitHub Desktop.
Save robvanmieghem/8f77a19696a493821c556dac89680b4e to your computer and use it in GitHub Desktop.

European esignatures

Legislation: https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/What+is+the+legislation+-+esignature

Most important facts:

  • electronic documents cannot be denied legal effect solely because they are in electronic form
  • the introduction of electronic seals, available to legal persons, technologically similar to electronic signature and ensuring identity and integrity

Question:What does qualified means in the following statements?

  • qualified trust services across Europe
  • a qualified validation service for qualified electronic signatures

technical specifications

List of technical specifications for XML, CMS or PDF advanced electronic signatures and the associated signature container.

Advanced electronic signatures mentioned in Article 1 of the Decision must comply with one of the following ETSI technical specifications with the exception of clause 9 thereof:

Standard Document
XAdES Baseline Profile ETSI TS 103171 v.2.1.1.
CAdES Baseline Profile ETSI TS 103173 v.2.2.1.
PAdES Baseline Profile ETSI TS 103172 v.2.2.2.

Associated signature container mentioned in Article 1 of the Decision must comply with the following ETSI technical specifications:

Standard Document
Associated Seal Container Baseline Profile ETSI TS 103174 v.2.2.1

Remarks

Functional

  • What is a digital identity? Only the ones handed out by qualified trust services like countries?
  • I understand you need an identity handed out by a qualified trust service to interact with the government but is this also required for other legally binding signatures?

Technical

Looks like the pdf specs are written by Adobe itself.

CMS is the IETF's standard for cryptographically protected messages. It can be used to digitally sign, digest, authenticate or encrypt any form of digital data.

In our case, CMS seems like the best option, need to see how we can technically comply.

At first glance, it seems based on certificates so I am a bit afraid it involves traditional Certification Authorities.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment