Validator

The eGov signature validator of the Federal Administration (Validator) was developed and made available by the Federal Office of Justice in 2008 in connection with the introduction of electronically signed extracts from the register of convictions. The Validator service operated by the Swiss federal government is intended to strengthen trust in electronically signed documents by allowing their authenticity and the validity of the signature to be easily checked in accordance with Swiss law.

The Validator verifies electronic documents containing one or more signatures/seals in line with the requirements of ESigA (RS 943.03) and EPAO (RS 211.435.1). Verification of an electronic signature, which could also be done with tools such as Adobe Acrobat Reader, has been extended with the Validator to include the dimension of verifying certain properties of the signature and also the authenticity of the document. The aim of the Validator is to give even laypersons the possibility to determine the validity of a document and the signatures and stamps contained therein in a simple but secure way.

The Validator is offered in two forms of application:

• As a Web Validator, in which the document to be validated can be uploaded and checked using a standard web browser. This form of application is available to everyone (i.e. all citizens, but also companies) free of charge.
• As a Discreet Validator, in which a secure connection is established from a specialist application to the Validator via a Java client. Only the hash value of the document to be validated and the extraction of the electronic signature(s) are transmitted in this way, not the actual document itself. Hence the term 'discreet' Validator.
  
  

The Discreet Validator is available only for validating PDF documents of the Federal Administration and also the cantons (and communes). For this purpose, the cantons (and communes) conclude a user agreement with eOperations Switzerland, which acts as their single point of contact.

The Discreet Validator can also be provided to third-party companies that operate software solutions for the Federal Administration or the cantons (and communes) on their behalf.

Which documents can the Validator be used for?

The Validator is mainly used for checking and validating electronically signed documents created and received by Swiss authorities. The Validator verifies electronic documents containing one or more signatures/seals in line with the requirements of ESigA (RS 943.03) and EPAO (RS 211.435.1). It validates advanced electronic signatures (AdES) of the Swiss Government PKI (SG-PKI) and Swiss qualified electronic signatures (QES) as well as regulated electronic seals.

The eGov signature validator checks an electronically signed document with regard to authenticity (does it have a valid electronic signature?) and integrity (no alterations after signature?). It also checks whether the electronic signatures contained in a document meet the criteria for the document being verified. The criteria may relate to the validity of the document as a whole (e.g. valid criminal records extract) or to the validity of all signatures contained in it (e.g. qualified signatures only). If the document contains invalid signatures or time stamps based on the automatically determined document type, the detailed report will provide information on which signature is concerned and which aspects are causing problems. In Adobe Acrobat Reader checks are instead carried out directly on individual signatures.

Depending on the document type, the following criteria are checked by the Validator:

• Integrity of the signed file (always)
• Signature verification at the time of signature (always)
• Revocation status of the signing certificate (always)
• Validity of the time stamp in line with ESigA.
• (Intended) certificate authorised for this type of document

Depending on the document type, it may also be necessary to:

• ensure the signature applies to the whole document
• issue a warning if a pseudonym has been used for the signature

The Validator can currently be used on the following types of signed documents:

• Notarised documents, i.e. documents with a qualified electronic signature (QES) under ESigA prepared by a public official, which also feature the regulated electronic seal of the Register of Public Officials (proof of admission into UPReg).
• Documents with one or more qualified signature(s) with qualified time stamp(s), whose certificates originate from a trust service providers (CSP) recognised in Switzerland in accordance with ESigA.
• Documents with a regulated electronic seal in accordance with ESigA.
• Documents with signature(s) and time stamps of the Swiss Government PKI (SG-PKI).
• Documents from the Confederation's publication platform (www.bundesrecht.admin.ch) which feature a regulated electronic seal in accordance with ESigA, issued to the Official Publications Centre of the Swiss Federal Chancellery.
• e-dec documents of the Federal Office for Customs and Border Security (FOCBS) featuring an advanced electronic signature (AdES) of the Swiss Government PKI (class C).
• Documents of the debt enforcement and bankruptcy system (e-DEBA) featuring an advanced electronic signature of the Swiss Government PKI (class C).
• Criminal records extracts with a regulated electronic seal in accordance with ESigA, issued to the Federal Office of Justice (class A of SG-PKI).
• Official publications of the Official Gazettes Portal with a regulated electronic seal in accordance with ESigA.
• Documents issued by administrative authorities, communes and the Administrative Court of the Canton of Zug.

The Validator cannot check documents with simple electronic signatures (SES), documents with advanced electronic signatures from providers other than the Swiss Government PKI or documents with signatures from foreign providers. The latter are not legally recognised in Switzerland.

Unlike the Validator, Adobe Acrobat Reader validates signatures individually and only at the technical level. Although it recognises certificates from a wide range of providers (e.g. roots), it does not know if the country of origin classifies them as qualified, regulated, advanced or secure with regard to, for example, the identity of the holder. The same applies to the time stamps of these certificates.

Adobe Acrobat Reader has been equipped by Adobe with two so-called 'trust lists': the Adobe Approved Trust List (AATL) and the European Union Trusted Lists (EUTL). These contain the Adobe root certificates used to sign the user certificates, which are in turn used to sign the document. Both AATL and EUTL are activated when Adobe Acrobat Reader is installed. This means that simple (SES) and advanced (AdES) signatures not regulated by the Swiss ESigA, many EU signatures and some non-European signatures can only be verified and validated at the technical level. It does not provide information on whether the corresponding signatures are (legally) qualified or regulated, how secure they are technically, and whether their certificates were created based on a reliable identification of the holder.

How does the web version of the Validator of the Federal Administration work?

1. The user accesses the Validator,
2. uploads the document to be validated, and
3. activates the validation process.

With the new eGov Signature Validator (Version 2), it is no longer necessary to select a specific document type from a pull-down menu before uploading the document, as was the case with the previous version (Version 1). Instead, the eGov Signature Validator is now able to determine the document type itself using context-based validation and to validate it applying the corresponding validation rules stored in the Validator.

The Validator displays the result of the validation procedure and, if required, provides a detailed validation report for viewing or downloading.

Note on data protection

Documents uploaded via the web browser to be checked by the Validator are not stored permanently by the system, nor are the contents and metadata of validated documents registered in system logs.

All data involved in the machine validation process (uploaded document, the signatory's certificate, and validation report) are kept or generated in the random access memory of the Validator during the validation process. To gain knowledge of the content of the uploaded document, someone would have to overcome major technical hurdles to penetrate the Validator at the exact moment that the document is being processed and create an image of the random access memory. All data traffic with the Validator is encrypted (SSL) and can therefore hardly be intercepted by third parties.