Electronic signatures in the federal government

For more than 15 years now, all employees of the Federal Administration have been provided with smart cards. The smart cards have certificates issued by the Swiss Government PKI and contain:

  • a signature key with an advanced certificate (class B signature), with which advanced signatures of internal PDF documents and of emails are permitted in particular;
  • an authentication key (class B) and associated certificate, with which access is controlled and granted to applications and the network of the Federal Administration;
  • an encryption key (class B) and associated certificate, with which files and in particular email messages can be encrypted.

Employees who have to provide qualified signatures for documents an still receive a key and associated qualified certificate issued by the Swiss Government PKI (class A certificate) on a separate local smart card together with a large USB reader or integrated into a USB mini-reader (USB token), analogous to a SIM card. The smartcard or the USB mini-reader is inserted into the computer as needed and is used to sign PDF documents. Likewise, some federal offices have issued their first regulated electronic seals on a local smart card, which are mostly used in the context of a specialist application.

Since introduction of the server-based Signature Services 2.0 in mid-August 2021,

1.    the Swiss Government PKI also issues personal qualified signature keys/certificates stored centrally on hardware security modules (HSM), as well as signature keys/certificates for regulated seals (both class A);

2.    the standard electronic records and process management system of the central Federal Administration (GEVER, Acta Nova) can be used to provide qualified signatures and seals for documents via the interface to the server-based Signature Services with the signature keys/certificates stored centrally on the HSM. Likewise, advanced signatures can be provided using GEVER with the employee's local signature certificate (class B);

3.    the DesktopSigner was rolled out instead of the previously installed Open eGov LocalSigner, which can also sign documents via the server-based Signature Services as well as with local signature keys/certificates on smart cards.

Which PDF documents and document formats are to be signed and how, and how documents are to be validated in the Federal Administration, are defined in the instruction «E018 – Use and validation of electronic signatures in PDF documents», which is classified as internal to the Federal Administration.