Discreet Validator

When using the Discreet Validator, the relevant information about the signature is extracted from the document and only that information is transmitted for signature verification – without the possibility of inferring anything about the content of the PDF document. The document does not have to be uploaded as a whole and does not leave the user's infrastructure.

This functionality was developed because there were security concerns on the part of notaries and lawyers, as well as on the part of the authorities involved in electronic legal transactions, that the uploading of documents with confidential content or sensitive content under data protection law to an external system could violate professional or official secrecy.

How does the Discreet Validator work and what components does it consist of?

The Discreet Validator consists of a web service of the Validator, a Java library, and a command line interface (CLI) application built on the Java library. The Java library with the CLI application is referred to below as the discreet validation client. The client must be integrated in a web application, a specialist application, or a local application so that discreet validation can be used.

The client for discreet validation locally calculates the cryptographic hash value of the document to be validated, extracts all electronic signatures contained in the document, and performs a local pre-validation. If the local pre-validation is positive, the client transmits the hash value and all signatures to the web service of the central Validator, where they are checked for validity. The web service then returns the validation result and the validation report to the calling program. The document itself always remains local.

Who is allowed to use the Web Validator and the Discreet Validator?

The Web Validator may be used by anyone free of charge. Cantons and communes pay only for the creation of special types of documents.

The Discreet Validator may be used by authorities at all three levels of government as well as by the delivery platforms recognised by the federal government. For this purpose, the office stipulated in a service-level agreement (the FOITT for the Federal Administration and eOperations Switzerland for cantons (and communes) grants them the necessary access rights as well as the programs that they can integrate into their web or specialist applications. Authorities can also create their specific document types on the Validator and store the associated regulated seals (or the certificates or certificate chains used for that purpose) on the Validator as well.

For electronic public documents, the Federal Office of Justice established a legal basis for the Validator in Article 19 of the Ordinance of 8 December 2017 on the Establishment of Electronic Public Documents and Electronic Certifications (EPAO; SR 211.435.1) along with an obligation of the federal government to operate the Validator on a permanent basis.