Our seminar ”Electronic signing, PKI Management and SSL certificates” on Feb-6 2019 was attended by over 40 professionals with lots of experience about cyber security. The seminar was streamed on-line to the net and it is still available as recordings. This article provides the links to the recordings and the material as well as highlights from the first session.
Session 1: Electronic signing, digital signing, eIDAS, PadES
Presenter: Robert Hann, Sales Director, Entrust Datacard
Facilitator: Antti Larvala, Director for development eSign for Visma Solutions
Session 3: SSL/TLS certificates – what lies ahead?
Presenter: Chris Bailey, VP Strategy and Business Development, Entrust Datacard
Facilitator: Harri Tuuva, CTO, Wesentra
Some highlights from session: Electronic signing, digital signing, eIDAS, PadES
The strength of an electronic signature is dependent on the amount of assurance built to it. To coordinate this EU has made the eIDAS regulation which need to be used by the EU nations. The ETSI association has provided the needed technical standards. One of the main goals of eIDAS is to allow federation of electronic identities from qualified sources of each EU nation throughout EU. This will mean that with a electronic identity from one EU country a person can also access all public systems of other EU countries.
eIDAS covers the following solutions:
1) eID 2) eSignature (typically for a person) 3) eSeal (for organizations) 4) eTimeStamp
5) Qualified Web Authentication Certificate (QWAC) 6) Electronic Registered Delivery Service.
Electronic signature: This can be for example a signature drawn on a pad of a package deliverer. This requires no PKI. This is not legally very strong, but is sufficient for situation where the risk is not considerable,
Advanced electronic signature: This is defined by the ETSI standards. The provider of the signature service needs to demonstrate good practice. The provider does not need to be certified, but that is a very good way of showing good practice. The standards define how to use private keys as well as the devices to store them on. The provided system needs to contain PKI and Time Stamping. The result is: “It is very probable that John Doe/Company Ltd has signed this document.”
Qualified electronic signature: This is also defined by the ETSI standards. In court this is stronger than a wet signature (made with a pen). Registration for persons is done face-to-face. Some EU countries allow registration over a video connection. In addition to the requirements of the Advanced level this needs certification and maintenance of the certified status from the provider. The result is: “It is a fact without any doubt that John Doe/Company Ltd has signed this document.”
Entrust Datacard is capable of providing Advanced services at the moment and Qualified services in the near future.
In the next blog posts details of other two sessions will be presented.
More information: info (at) wesentra.com or https://www.wesentra.com/eng/