In today’s digitally networked working world, contracts are no longer signed with pen and paper, but completely digitally and from any location via e-signature. Many company managers ask themselves how they can independently verify the identity of the signatory ‘at the other end’. This is exactly where the signature certificate comes into play. But what is a signature certificate anyway? How is it issued? And what role do trust service providers play? You can find answers to these questions in our blog article.
What is a signature certificate?
A signature certificate is an electronic document that confirms the identity of the signatory and the validity of a digital signature. It consists of a public key issued by a certification authority and further information about the signatory.
A signature certificate is a data record that verifies and confirms certain information about a person or object using a mathematical procedure. It is required to generate digital signatures and serves to authenticate the signatory or confirm their identity. It is issued by a recognised certification authority, also known as a trust service provider, which assigns a key pair consisting of a private key and a matching public key to a person or organisation.
Specifically, a signature certificate is issued when a person signs a document with an advanced electronic signature (AES) or qualified electronic signature (QES). The detailed requirements for these signature levels are set out in the European eIDAS Regulation. It is issued is publicly accessible. The following stored information can be read using a PDF reader, for example:
- Identity of the signatory: Who signed the document?
- Time of signature: When was the document signed?
- Integrity protection: Have any subsequent changes been made to the document?
- Security level: What signature level was used to sign the document?
- Validation and certification authority: Who issued the certificate and is it LTV-capable?
Who issues a signature certificate?
A signature certificate is issued by a trusted entity known as a Certificate Authority (CA). These authorities are responsible for verifying the identity of the individual or organization requesting the certificate and ensuring that the digital signatures they issue are secure and reliable. Certificate Authorities follow strict procedures to validate the identity of the applicant, often requiring substantial documentation and proof before issuing a signature certificate.
The process begins with the applicant submitting a request for a signature certificate, accompanied by the necessary identification documents. The CA then conducts a thorough verification process to confirm the authenticity of the applicant’s identity. Once verified, the CA issues the signature certificate, which includes the public key associated with the applicant’s digital signature and information about the CA that issued it.
Using a signature certificate issued by a reputable CA enhances the trustworthiness of digital signatures, as recipients of digitally signed documents can verify the signature’s authenticity through the CA’s credentials. This process ensures that the digital signature is legally binding and can be trusted in electronic transactions. The role of the Certificate Authority is crucial in maintaining the integrity and security of digital signatures, making them a cornerstone of digital trust and security in online communications and transactions.
Sign documents with the digital signature in a legally secure way! 🖊️
How identities are verified with a signature certificate
In order for a certification authority to verify the identity of a signatory, this person must first set up a user account with the respective provider. The person then undergoes a one-off identification procedure (e.g. eID, Video-Ident or PoS-Ident). Successful verification creates the basis for initiating legally secure signature processes in the future. Particularly smart: With the e-signature from d.velop sign, the verification process is integrated directly into the signature software. The qualified electronic signature (QES for short) must be used to clearly assign a signature to a specific person.
These 3 steps are carried out to create the signature certificate for the QES:
- Select QES as the signature level and start the signature process
- Confirm identity: Before the signature can be applied to the document, the signatory goes through a 2-factor procedure. To do this, the signatory must log into the user account of the respective trust service provider (1st factor) and request a TAN number, which they then confirm in the signature software (two-factor).
- Finally, a signature certificate is issued and the signature process is finalised.
Signature certificate as a digital counterpart to handwriting
To summarise, the signature certificate ensures secure identities in the digital working world. By verifying the signatories through certification authorities, documents can be signed completely independently of location. The use of signature certificates is uniformly regulated and legally legitimised by the European eIDAS Regulation. Companies must now realise the enormous savings potential (paper, printing and postage costs) with the help of e-signatures and take their own contract management to the next level.