For the creation of electronic signatures that comply with the ESigA and are hence recognised, the signatory must have:
- a private signature key stored in a SSCD (Secure Signature Creation Device), i.e. either a non-copyable key in the chip of a locally used signature card (smart card) or a key in a centralised hardware security module (HSM);
- an electronic data structure linked to the private signature key via a serial number, i.e. the certificate. The information contained in the certificate includes
- data on the identity of the holder of the private key;
- the public signature key belonging to the private key;
- data on the validity of the certificate;
- data on the certification service provider which issued the certificate and confirms the correctness of all information relating to the digital signature.
Issuing of a certificate
To have a regulated or qualified certificate issued under the ESigA, the applicant must appear in person to the certification service provider or to an office designated by the provider and present their passport or identity card. In order to trace the issuing process, the identifying data on the person or the content of the identity document are collected by the issuer of the certificate in the form of a certified photocopy and archived for 11 years. The issuer must take certified technical and organisational measures to ensure that only the applicant can use the private signature key in conjunction with the certificate.
For this purpose, the Swiss Government PKI provides the applicant in person with the necessary PINs, passwords, authentication certificates, etc., and if necessary also with the private signature key (if issued on a smart card). Other providers send the relevant information separately, and if necessary also the smart card, generally by registered letter. Private providers also offer signature services once the applicant has registered. They issue short-lived certificates used for signing only once in a server-based signing process.
When creating a digital signature
- An electronic fingerprint (hash) of a document is calculated using a signing program.
- The hash is encrypted with the private signature key of the signing person.
- Additionally, a qualified time stamp is included, which records the time of signing/sealing beyond doubt.
- This data is generally saved directly in the document (PDF) together with the signing person's certificate, which also contains the public signature key, or attached to the document as a separate signature file.
The recipient of the document can verify the document using a suitable program for displaying and validating electronic signatures. The fully automated process consists of the following steps:
- The program checks the validity of the certificate and the assignment of the certificate to the issuing certification service provider.
- The program decrypts the encrypted hash in the document with the public signature key in the attached certificate and in turn generates the hash of the document.
- The program then compares whether both hash values are identical and whether the certificate is also valid. If both conditions are met, it is certain that the document was signed with a valid certificate and has not been changed since.
The certification service provider also publishes a list of all revoked certificates, e.g. in the event of a change of job, death, or loss, together with the revocation date. The validation process automatically checks whether a certificate was still valid – i.e. not revoked – at the time of signing. To perform these chronological verifications, the time stamp included by the signing program when creating an electronic signature is checked. The presence of a qualified time stamp is a condition of validity for qualified electronic signatures in accordance with Art. 14 para. 2bis Code of Obligations (SCO, SR 220).
All certification service providers recognised under the ESigA also offer a qualified time stamp service.
See also ESigA recognised certification service providers.
