Specialists in mobile apps for eID and PSD2 Strong Customer Authentication

Features > Electronic Signatures

Electronic Signatures
To create a 'simple' electronic signature, a digest (i.e. data) is signed with a private key that is only in the possession of the signer. The signature can be verified with a corresponding public key, that can be shared with the recipients of the data.
Typically an electronic signature involves the signing of a payload, without indicating the purpose (commitment type) of the signature (e.g. approval or cancellation request). This makes the evidence incomplete.
EU Commission: Trust Services and eID
eIDAS Observatory
CEF Digital : Signature Standards
(EU) No 910/2014 eIDAS Regulation
(EU) 2015/1506 Specification of Advanced Electronic Signatures
Advanced Electronic Signatures
With an advanced electronic signature, the signer must possess an X.509 certificate that contains his details and a copy of the public key that corresponds to their private key. Now the digest contains the following elements:
The payload (e.g. payment data)
A copy of the signer's X.509 certificate.
The mime-type of the data being signed.
A timestamp.
A commitment type (e.g. creation, delivery, receipt, approval, cancellationRequest, revocation).
A benefit of the Advanced Electronic Signature structure is that it packages all the information required for the recipient to verify the signature. The recipient can even use a 3rd party online tool to perform the verification.
ETSI Standards
XAdES Baseline Profile
Associated Signature Container (ASiC)
List of Commitment Types (see Annex B)
Signature Verification
ETSI Signature Conformance Checker
EU DSS signature validation tool
Alternative signature validation tool
Qualified Electronic Signatures
In order for advanced electronic signatures to become 'Qualified':
The creation of the signature must be performed on a certified Qualified Signature Creation Device (QSCD)
And the signer's X.509 certificate must be issued by a Qualified Trust Services Provider (i.e. certificate authority)
Only these signatures are recognised as carrying the equivalent legal strength as a handwritten signature, in all the countries of the EU.
Signature flavours supported by our eID app
Our eID app supports all three flavours of Electronic Signature.
To date, the only smartcard that has been tested with the app is the Estonian eResidency smartcard (a certified QSCD). Other smartcards will be tested on request.