Before the revision of Swiss legislation on e-signatures, i.e. before 2017, high-quality certificates and their signature keys were usually issued on a specially certified smart card (called a secure signature creation device).
As of 2017, the revised ESigA allows certificates and their private signature keys to be stored on specially secured central signature servers operated by recognised CSPs.
Either certificates with a term of several years are generated and recorded with their signature key, or a short-lived certificate with a term of a few minutes is generated and recorded with the associated private signature key each time a document is signed.
The holders or users identified and registered by the recognised CSP log in to a signing application and to the signature server, load the document to be signed and launch the signing process. The hash (the document's digital fingerprint) is generated, sent to the signature server and signed there with the private signature key once the holder or user has entered their PIN via an app or mobile ID. Finally, the signed hash is sent back to the application, inserted into the document and the document is then saved.
There has been a sharp decline in the number of certificates issued and associated signature keys on smart cards since 2017.
For information on CSP services, please see 'Signing – Commercial certification service providers' on this website.