<link rel="stylesheet" href="/digital-building-blocks/sites/download/attachments/879493538/searchElement.css">
<link rel="stylesheet" href="/digital-building-blocks/sites/download/attachments/879493538/faq.css">
<script src="/digital-building-blocks/sites/download/attachments/879493538/hardcoded-faq.js"></script>
<script src="/digital-building-blocks/sites/download/attachments/879493538/searchElement.js"></script>
<section class="section" id="faq-search-section">
<div class="container">
<div class="cols">
<div class="col-12">
<div class="search-container">
<p>Search the eSignature FAQ</p>
<div class="input-wrapper">
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-magnifying-glass-accent-blue.svg"
alt=""
aria-hidden="false" />
<label for="faq-search" class="visually-hidden">Search FAQ</label>
<input
type="text"
id="faq-search"
class="faq-search"
placeholder="Type to start searching the FAQ"
aria-label="Search FAQ"
title="Type to start searching the FAQ" />
</div>
</div>
</div>
</div>
</div>
</section>
<section class="section">
<div class="container">
<div class="cols">
<div class="col-9 main-wrapper-section">
<div
class="faq-widget"
data-widget-id="demo-widget"
data-filter-curated=""
data-sidebar-id="faq-sidebar-nav"
data-filter-categories=""
data-widget-id="faq-widget-0">
<div class="faq-notification-container" style="display: none"></div>
<div class="faq-loading-spinner loader-wrapper" style="display: none">
<div class="load"></div>
</div>
<div id="819857855" class="category-block">
<h3 class="category-title">General questions</h3>
<div class="accordion">
<div id="819857866" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-819857866"
role="button">
<p>What is an electronic signature?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div
id="content-819857866"
class="accordion-content"
role="region"
aria-labelledby="819857866">
<p>
An electronic signature is a data in electronic form which is attached to or logically
associated with other data in electronic form and which is used by the signatory to sign,
where the signatory is a natural person.
</p>
<p>
Like its handwritten counterpart in the offline world, an electronic signature can be
used, for instance, to electronically indicate that the signatory has written the
document, agreed with the content of the document, or that the signatory was present as a
witness.
</p>
<p>
In case you want to seal a document as a legal person (e.g. as a business or
organisation), you might be instead interested in an electronic seal (<a
href="#eSignatureFAQ-1"
>What is an electronic seal?</a
>).
</p>
</div>
</div>
<div id="00" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-00"
role="button">
<p>What is an electronic seal?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-00" class="accordion-content" role="region" aria-labelledby="00">
<p>
An electronic seal is a data in electronic form, which is attached to or logically
associated with other data in electronic form to ensure the latter’s origin and integrity,
where the creator of a seal is a legal person<strong> </strong>(unlike the electronic
signature that is issued by a natural person).
</p>
<p>
In this purpose, electronic seals might serve as evidence that an electronic document was
issued by a legal person, ensuring certainty of the document’s origin and integrity.
Nevertheless, across the European Union, when a transaction requires a qualified
electronic seal from a legal person, a qualified electronic signature from the authorised
representative of the legal person is equally acceptable.
</p>
</div>
</div>
<div id="01" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-01"
role="button">
<p>What is the difference between an electronic signature and a digital signature?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-01" class="accordion-content" role="region" aria-labelledby="01">
<p>
An ‘electronic signature’ is a legal concept that is defined in eIDAS by the following:
</p>
<p>
<em
>“‘electronic signature’ means data in electronic form which is attached to or logically
associated with other data in electronic form and which is used by the signatory to
sign;” </em
>(eIDAS Article 3.10)
</p>
<p>
A digital signature, on the other hand, refers to a mathematical and cryptographic concept
that is widely used to provide concrete and practical instances of electronic signature.
The definition given by ETSI TR 119 100 is that of
<em
>data appended to, or a cryptographic transformation of a data unit that allows a
recipient of the data unit to prove the source and integrity of the data unit and
protect against forgery e.g. by the recipient</em
>.
</p>
<p>
These two concepts should be distinguished, as all electronic signatures are not
necessarily digital signatures.
</p>
<p>
More information about the levels of electronic signatures can be found in the FAQ entry
<strong>
<a href="#eSignatureFAQ-Anchor2"
>What are the levels (simple, advanced and qualified) of electronic signatures?</a
>
</strong>
</p>
</div>
</div>
<div id="02" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-02"
role="button">
<p>What are the levels (simple, advanced and qualified) of electronic signatures?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-02" class="accordion-content" role="region" aria-labelledby="02">
<p>
The eIDAS Regulation defines three levels of electronic signature: 'simple' electronic
signature, advanced electronic signature and qualified electronic signature. The
requirements of each level are built on the requirements of the level below it, such that
a qualified electronic signature meets the most requirements and a 'simple' electronic
signature the least.
</p>
<p><strong>'Simple' electronic signatures</strong></p>
<p>
An electronic signature is defined as "data in electronic form which is attached to or
logically associated with other data in electronic form and which is used by the signatory
to sign". Thus, something as simple as writing your name under an e-mail might constitute
an electronic signature.
</p>
<p>
<strong>Advanced electronic signatures (AdES)</strong>
</p>
<p>
An advanced electronic signature is an electronic signature which is additionally:
</p>
<ul>
<li>uniquely linked to and capable of identifying the signatory;</li>
<li>created in a way that allows the signatory to retain control;</li>
<li>
linked to the document in a way that any subsequent change of the data is detectable.
</li>
</ul>
<p>
The most commonly used technology able to provide these requirements relies
on the use of a public-key infrastructure (PKI), which involves the use of
certificates and cryptographic keys.
</p>
<p>
<strong>Qualified electronic signatures (QES)</strong>
</p>
<p>
A qualified electronic signature is an advanced electronic signature which is
additionally:
</p>
<ul>
<li>created by a qualified signature creation device (QSCD);</li>
<li>and is based on a qualified certificate for electronic signatures.</li>
</ul>
</div>
</div>
<div id="03" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-03"
role="button">
<p>What are the levels (simple, advanced and qualified) of electronic seals?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-03" class="accordion-content" role="region" aria-labelledby="03">
<p>
Like the electronic signature, the eIDAS Regulation defines three levels of electronic
seal: 'simple' electronic seal, advanced electronic seal and qualified electronic seal.
The requirements of each level are built on the requirements of the level below it, such
that a qualified electronic seal meets the most requirements and a 'simple' electronic
seal the least.
</p>
<p>
Nevertheless, levels of electronic seals don’t have the same definitions, requirements,
nor legal effects than levels of electronic signatures:
</p>
<p><strong>'Simple' electronic seals</strong></p>
<p>
An electronic seal is defined as "data in electronic form, which is attached to or
logically associated with other data in electronic form to ensure the latter’s origin and
integrity".
</p>
<p><strong>Advanced electronic seals (AdES)</strong></p>
<p>An advanced electronic seal is an electronic seal which is additionally:</p>
<ul>
<li>uniquely linked to the creator of the seal;</li>
<li>capable of identifying the creator of the seal;</li>
<li>
created using electronic seal creation data that the creator of the seal can, with a
high level of confidence under its control, use for electronic seal creation; and
</li>
<li>
linked to the data to which it relates in such a way that any subsequent change in the
data is detectable.
</li>
</ul>
<p>
The most commonly used technology able to provide these requirements relies
on the use of a public-key infrastructure (PKI), which involves the use of
certificates and cryptographic keys.
</p>
<p><strong>Qualified electronic seals (QES)</strong></p>
<p>
Similar to a qualified electronic signature, a qualified electronic seal is an
advanced electronic seal which is additionally:
</p>
<ul>
<li>created by a qualified seal creation device (QSCD);</li>
<li>and is based on a qualified certificate for electronic seals.</li>
</ul>
</div>
</div>
<div id="04" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-04"
role="button">
<p>What is a certificate for electronic signatures?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-04" class="accordion-content" role="region" aria-labelledby="04">
<p>
When signing a document, a pair of keys might be needed (i.e. when the signature relies on
the use of public-key infrastructure), namely a ‘public key’ and a ‘private key’. The
public key can be publicly shared while the private key shall be securely stored.
Especially, the private key is used by the signatory to sign a document while the public
key is used by anyone verifying that it is actually the private key of the signatory that
has been used to sign the document.
</p>
<p>
A certificate for electronic signatures, issued by a Certificate Authority (CA), is an
electronic attestation which links electronic signature validation data to a natural
person and confirms at least the name or the pseudonym of that person. This way, the
certificate, usually linked to the signed document, can be used to verify the identity of
the signatory and whether the document has been signed using the corresponding private
key.
</p>
<p>
Qualified certificates for electronic signatures, by following stricter requirements laid
down in eIDAS, provide, for instance, higher guarantees regarding the identity of the
signatory and therefore higher legal certainty regarding the created electronic
signatures. Especially, qualified certificates are provided by qualified trust service
providers (QTSP) which have been audited as such and granted a qualified status by
a national competent authority, as reflected in the national
<a
href="https://ec.europa.eu/digital-single-market/en/eu-trusted-lists-trust-service-providers"
class="external-link"
rel="nofollow"
>Trusted List</a
>. Those lists, and therefore QTSPs listed in it, can be browsed in a user-friendly way
using the
<a
href="https://eidas.ec.europa.eu/efda/home/#/screen/browse"
class="external-link"
rel="nofollow"
>Trusted List Browser</a
>
(the actual content of these Trusted Lists is managed and published by each Member State
and ‘Trusted List Browser’ is “merely” browsing these Trusted Lists).
</p>
<p>
Usually, providers of qualified certificates for electronic signatures deliver the
corresponding private key on a qualified signature creation device (QSCD).
</p>
</div>
</div>
<div id="05" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-05"
role="button">
<p>What is a certificate for electronic seals?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-05" class="accordion-content" role="region" aria-labelledby="05">
<p>
When sealing a document, a pair of keys might be needed (i.e. when the seal relies on the
use of public-key infrastructure), namely a ‘public key’ and a ‘private key’. The public
key can be publicly shared while the private key shall be securely stored. Especially, the
private key is used by the creator of the seal to seal a document while the public key is
used by anyone verifying that it is actually the private key of the creator of the seal
that has been used to seal the document.
</p>
<p>
A certificate for electronic seals, issued by a Certificate Authority (CA), is an
electronic attestation that links electronic seal validation data to a legal person and
confirms the name of that person. This way, the certificate, usually linked to the sealed
document, can be used to verify the identity of the creator of the seal and whether the
document has been sealed using the corresponding private key.
</p>
<p>
Like qualified certificates for electronic signatures, qualified certificates for
electronic seals, by following stricter requirements laid down in eIDAS, provide, for
instance, higher guarantees regarding the identity of the creator of the seal and
therefore higher legal certainty regarding the created electronic seals. Especially,
qualified certificates are provided by qualified trust service providers (QTSP) which have
been audited as such and granted a qualified status by a national competent
authority, as reflected in the national
<a
href="https://ec.europa.eu/digital-single-market/en/eu-trusted-lists-trust-service-providers"
class="external-link"
rel="nofollow"
>Trusted List</a
>. Those lists, and therefore QTSPs listed in it, can be browsed in a user-friendly way
using the
<a
href="https://eidas.ec.europa.eu/efda/home/#/screen/browse"
class="external-link"
rel="nofollow"
>Trusted List Browser</a
>
(the actual content of these Trusted Lists is managed and published by each Member State
and ‘Trusted List Browser’ is “merely” browsing these Trusted Lists).
</p>
<p>
Usually, providers of qualified certificates for electronic seals deliver the
corresponding private key on a qualified seal creation device (QSCD).
</p>
</div>
</div>
<div id="06" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-06"
role="button">
<p>What is a qualified signature/seal creation device (QSCD)?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-06" class="accordion-content" role="region" aria-labelledby="06">
<p>
Signature/seal creation devices come in many forms to protect the electronic
signature/seal creation data (e.g. private key) of the signatory/creator of the seal, such
as smartcards, SIM cards, USB sticks. A qualified signature/seal creation device
(QSCD), by following stricter requirements laid down in eIDAS, offers higher guarantees
regarding the protection (e.g. mitigating any kind of replication or forgery) of the
electronic signature/seal creation data (such as the private key) and therefore higher
legal certainty regarding the created qualified electronic signatures/seals.
</p>
<p>
For example, a smartcard (e.g. ID card), when following specific requirements, can be seen
as a QSCD as, in order to “unlock” the electronic signature creation data, the signatory
shall physically possess the smartcard and know the associated PIN code.
</p>
<p>
A QSCD is not necessarily in the physical possession of the signatory/creator of the seal
but can also be remotely managed by a qualified trust service provider (QTSP). This kind
of QSCD is known as “remote QSCD”. Those remote QSCD offer an improved user experience
while maintaining the legal certainty offered by qualified electronic signatures/seals.
</p>
</div>
</div>
<div id="07" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-07"
role="button">
<p>What are the legal effects of an electronic signature?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-07" class="accordion-content" role="region" aria-labelledby="07">
<p>
Across all EU Member States, the legal effects of electronic signatures are laid down in
Article 25 of eIDAS.
</p>
<p>
An electronic signature (either simple, advanced or qualified) shall not be denied legal
effect and admissibility as evidence in legal proceedings solely on the grounds that it is
in an electronic form or that it does not meet the requirements for qualified electronic
signatures.
</p>
<p>
Regarding qualified electronic signatures, they explicitly have the equivalent legal
effect of handwritten signatures across all EU Member States.
</p>
</div>
</div>
<div id="08" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-08"
role="button">
<p>What are the legal effects of an electronic seal?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-08" class="accordion-content" role="region" aria-labelledby="08">
<p>
Across all EU Member States, the legal effects of electronic seals are laid down in
Article 35 of eIDAS.
</p>
<p>
Like an electronic signature, an electronic seal shall not be denied legal effect and
admissibility as evidence in legal proceedings solely on the grounds that it is in an
electronic form or that it does not meet the requirements for qualified electronic seals.
</p>
<p>
Regarding qualified electronic seals, they explicitly enjoy the presumption of integrity
of the data and of correctness of the origin of that data to which the qualified
electronic seal is linked across all EU Member States.
</p>
</div>
</div>
<div id="09" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-09"
role="button">
<p>Do I need a qualified electronic signature?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-09" class="accordion-content" role="region" aria-labelledby="09">
<p>
While different levels of electronic signatures may be appropriate in different contexts,
only qualified electronic signatures are explicitly recognized to have the equivalent
legal effect of hand-written signatures all over EU Member States.
</p>
<p>
Moreover, as a general rule, if a certain level of electronic signature (e.g. advanced
signature) is required, a higher level will probably be accepted (e.g. advanced signature
with a qualified certificate, qualified electronic signature).
</p>
</div>
</div>
<div id="0a" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-0a"
role="button">
<p>Do I need a qualified electronic seal?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-0a" class="accordion-content" role="region" aria-labelledby="0a">
<p>
While different levels of electronic seals may be appropriate in different contexts,
only qualified electronic seals explicitly enjoy the presumption of integrity of the
data and of correctness of the origin of that data to which the qualified electronic seal
is linked, all over EU Member States.
</p>
<p>
Moreover, as a general rule, if a certain level of electronic seal (e.g. advanced seal) is
required, a higher level will probably be accepted (e.g. advanced signature with a
qualified seal, qualified electronic seal).
</p>
<p>
Nevertheless, when a transaction requires a qualified electronic seal from a legal person,
a qualified electronic signature from the authorised representative of the legal person is
equally acceptable.
</p>
</div>
</div>
<div id="0b" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-0b"
role="button">
<p>How can I create an advanced or qualified electronic signature?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-0b" class="accordion-content" role="region" aria-labelledby="0b">
<p>
In the first place, in order to sign documents as a natural person (in order to seal
documents as a legal person, you might be instead interested in electronic seals), a
certificate for electronic signatures is needed. And, using this certificate, electronic
signatures can be created. As part of the eIDAS Regulation, these certificates can be
purchased from specific providers, named Trust Service Providers (TSP).
</p>
<ul>
<li>
<strong>Obtain a digital certificate from a TSP</strong>
</li>
</ul>
<p>
In the case of an ‘advanced electronic signature’, the certificate can be or not
qualified. In the case of a ‘qualified electronic signature’, the certificate shall be
qualified and the private key related to the certificate shall be stored on a ‘qualified
electronic signature creation device’ (QSCD).
</p>
<p>
As a general rule, if a certain level of electronic signature (e.g. advanced signature) is
required, a higher level will probably be accepted (e.g. advanced signature with a
qualified certificate, qualified electronic signature).
</p>
<p>
As laid down in eIDAS, a qualified electronic signature explicitly has the equivalent
legal effect of a handwritten signature.
</p>
<p>
Providers of qualified certificates for electronic signatures, as an eIDAS legal
obligation, are mandatorily listed in the corresponding national
<a
href="https://ec.europa.eu/digital-single-market/en/eu-trusted-lists-trust-service-providers"
class="external-link"
rel="nofollow"
>Trusted List</a
>. But providers of non-qualified certificates for electronic signatures
<strong>could be </strong>but are not mandatorily listed in these Trusted Lists.
</p>
<p>
Trusted Lists, and therefore the providers listed in it, can be browsed in a user-friendly
way using the
<a
href="https://eidas.ec.europa.eu/efda/home/#/screen/browse"
class="external-link"
rel="nofollow"
>Trusted List Browser</a
>. The actual content of these Trusted Lists is managed and published by each Member State
and Trusted List Browser is “merely” browsing these Trusted Lists.
</p>
<ul>
<li>
<strong>Choose your TSP using Trusted List Browser</strong>
</li>
</ul>
<p>
Using
<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/home"
class="external-link"
rel="nofollow"
>Trusted List Browser</a
>, go to “<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/search/type/1"
class="external-link"
rel="nofollow"
>Search by Type of service</a
>” (top left of the screen).
</p>
<p>
Select “Certificate for electronic signature” and/or “Qualified certificate for electronic
signature” and click “Next”.
</p>
<p>Then, select any country you may found appropriate and click “Search”.</p>
<p>
Finally, click on any TSP you may found appropriate and, via the “Electronic address”
multi-part field of the “Detailed information”, you will find a link to a website
providing more information about this provider and the products it provides.
</p>
<ul>
<li><strong>Sign your document</strong></li>
</ul>
<p>
Once you have a certificate for electronic signature, you will be able to sign documents.
TSPs might offer their own step-by-step process for signing digitally.
</p>
<p>
The European Commission also proposes a
<a
href="https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/sign-a-document"
class="external-link"
rel="nofollow"
>demo of DSS</a
>, a tool enabling, among other features, the signature of documents. This demo is based
on the open-source library Digital Signature Software (DSS). DSS supports the creation and
verification of interoperable and secure electronic signatures in line with the eIDAS
Regulation. More information is available in the <a
href="https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/Digital+Signature+Service+-++DSS#DigitalSignatureServiceDSS-Documentation"
rel="nofollow"
>documentation</a
>.
</p>
</div>
</div>
<div id="0c" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-0c"
role="button">
<p>How can I create an advanced or qualified electronic seal?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-0c" class="accordion-content" role="region" aria-labelledby="0c">
<p>
In the first place, in order to seal documents as a legal person, a certificate for
electronic seals is actually needed. And, using this certificate, electronic seals can be
created. As part of the eIDAS Regulation, these certificates can be purchased from
specific providers, named Trust Service Providers (TSP).
</p>
<p>
<strong>1. </strong>
<strong>Obtain a digital certificate from a TSP</strong>
</p>
<p>
In the case of an ‘advanced electronic seal’, the certificate can be or not qualified. In
the case of a ‘qualified electronic seal’, the certificate shall be qualified and the
private key related to the certificate shall be stored on a ‘qualified electronic seal
creation device’ (QSCD).
</p>
<p>
As a general rule, if a certain level of electronic seal (e.g. advanced seal) is required,
a higher level will probably be accepted (e.g. advanced seal with a qualified certificate,
qualified electronic seal).
</p>
<p>
As laid down in eIDAS, a qualified electronic seal explicitly enjoys the presumption of
integrity of the data and of correctness of the origin of that data to which the qualified
electronic seal is linked.
</p>
<p>
Providers of qualified certificates for electronic seals, as an eIDAS legal obligation,
are mandatorily listed in the corresponding national
<a
href="https://ec.europa.eu/digital-single-market/en/eu-trusted-lists-trust-service-providers"
class="external-link"
rel="nofollow"
>Trusted List</a
>. But providers of non-qualified certificates for electronic seals
<strong>could be </strong>but are not mandatorily listed in these Trusted Lists.
</p>
<p>
Trusted Lists, and therefore the providers listed in it, can be browsed in a user-friendly
way using the
<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/home"
class="external-link"
rel="nofollow"
>Trusted List Browser</a
>. The actual content of these Trusted Lists is managed and published by each Member State
and ‘Trusted List Browser’ is “merely” browsing these Trusted Lists.
</p>
<p>
<strong>2. </strong>
<strong>Choose your TSP using Trusted List Browser</strong>
</p>
<p>
Using
<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/home"
class="external-link"
rel="nofollow"
>Trusted List Browser</a
>, go to “<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/search/type/1"
class="external-link"
rel="nofollow"
>Search by Type of service</a
>” (top left of the screen).
</p>
<p>
Select “Certificate for electronic seal” and/or “Qualified certificate for electronic
seal” and click “Next”.
</p>
<p>Then, select any country you may found appropriate and click “Search”.</p>
<p>
Finally, click on any TSP you may found appropriate and, via the “Electronic address”
multi-part field of the “Detailed information”, you will find a link to a website
providing more information about this provider and the products it provides.
</p>
<p>
<strong>3. </strong>
<strong>Seal your document</strong>
</p>
<p>
Once you have a certificate for electronic seal, you will be able to seal documents. TSPs
might offer their own step-by-step process for sealing digitally.
</p>
<p>
The European Commission also proposes a
<a
href="https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/sign-a-document"
class="external-link"
rel="nofollow"
>demo of DSS</a
>, a tool enabling, among other features, the signature and seal of documents. This demo
is based on the open-source library Digital Signature Software (DSS). DSS supports the
creation and verification of interoperable and secure electronic signatures/seals in line
with the eIDAS Regulation. More information is available in the <a
href="https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/Digital+Signature+Service+-++DSS#DigitalSignatureServiceDSS-Documentation"
rel="nofollow"
>documentation</a
>.
</p>
</div>
</div>
<div id="0d" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-0d"
role="button">
<p>When signing/sealing a document, which format of signature should I use?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-0d" class="accordion-content" role="region" aria-labelledby="0d">
<p>
Three formats of advanced signature and one format of signature container are specified in
the European Telecommunications Standards Institute (ETSI) standards, namely:
</p>
<ul>
<li>XML advanced electronic signature (XAdES), based on XML signatures;</li>
<li>PDF advanced electronic signature (PAdES), based on PDF signatures;</li>
<li>
CMS advanced electronic signature (CAdES), based on Cryptographic Message Syntax (CMS);
</li>
<li>
Associated Signature Container (ASiC) based on ZIP format and supporting XAdES and CAdES
signature formats.
</li>
</ul>
<p>
Especially, following
<a
href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ%3AJOL_2015_235_R_0006"
class="external-link"
rel="nofollow"
>CID 2015/1506</a
>, these formats shall be recognised by European public sector bodies.
</p>
<p>
Advanced electronic signatures and advanced electronic seals being similar from the
technical point of view, the standards for formats of advanced electronic signatures apply
<em>mutatis mutandis </em>to formats for advanced electronic seals.
</p>
<p>
When signing/sealing a single document, the format of signature to choose typically
depends on the format of the document to sign:
</p>
<ul>
<li>
XML documents are suggested to be signed/sealed using XAdES signature format (either
with enveloped or enveloping packaging);
</li>
<li>PDF documents are suggested to be signed/sealed using PAdES signature format;</li>
<li>
Binary files are suggested to be signed/sealed with XAdES or CAdES signature formats
(with enveloping packaging).
</li>
</ul>
<p>When signing/sealing multiple documents, it is suggested to use ASiC containers.</p>
<p>
Above suggestions are intended for basic usage of the signature/seal of documents. Other
formats of signatures might be more appropriate in other specific contexts.
</p>
</div>
</div>
<div id="0e" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-0e"
role="button">
<p>What is an electronic time stamp, and do I need one?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-0e" class="accordion-content" role="region" aria-labelledby="0e">
<p>
An electronic time stamp is a data in electronic form which binds other data in electronic
form to a particular time establishing evidence that the latter data existed at that time.
</p>
<p>
For example, a signatory can use an electronic time stamp to bind a signed document to a
particular date and time and prove in the future that the signed document existed at this
particular date and time.
</p>
<p>
As part of eIDAS, a time stamp can be qualified. Following stricter requirements laid down
in eIDAS, a qualified electronic time stamp enjoys the presumption of the accuracy of the
date and the time it indicates and the integrity of the data (e.g. signed document) to
which the date and time are bound.
</p>
</div>
</div>
<div id="0f" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-0f"
role="button">
<p>What are the legal effects of an electronic time stamp?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-0f" class="accordion-content" role="region" aria-labelledby="0f">
<p>
Across all EU Member States, the legal effects of electronic time stamps are laid down in
Article 41 of eIDAS.
</p>
<p>
An electronic time stamp (qualified or not) shall not be denied legal effect and
admissibility as evidence in legal proceedings solely on the grounds that it is in an
electronic form or that it does not meet the requirements of the qualified electronic time
stamp.
</p>
<p>
Regarding qualified electronic time stamps, they enjoy the presumption of the accuracy of
the date and the time it indicates and the integrity of the data to which the date and
time are bound, across all EU Member States.
</p>
</div>
</div>
<div id="10" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-10"
role="button">
<p>How can I get a qualified electronic time stamp?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-10" class="accordion-content" role="region" aria-labelledby="10">
<p>
Qualified time stamps are provided as part of a service, provided by qualified trust
service providers (QTSP). QTSP, as an eIDAS legal obligation, are mandatorily listed in
the corresponding national
<a
href="https://ec.europa.eu/digital-single-market/en/eu-trusted-lists-trust-service-providers"
class="external-link"
rel="nofollow"
>Trusted List</a
>.
</p>
<p>
Trusted Lists, and therefore the providers listed in it, can be browsed in a user-friendly
way using the
<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/home"
class="external-link"
rel="nofollow"
>Trusted List Browser</a
>. The actual content of these Trusted Lists is managed and published by each Member State
and ‘Trusted List Browser’ is “merely” browsing these Trusted Lists.
</p>
<p>
Using
<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/home"
class="external-link"
rel="nofollow"
>Trusted List Browser</a
>, go to “<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/search/type/1"
class="external-link"
rel="nofollow"
>Search by Type of service</a
>” (top left of the screen):
</p>
<ol>
<li>Select “Qualified time stamp” and click “Next”.</li>
<li>Then, select any country you may found appropriate and click “Search”.</li>
<li>
Finally, click on any QTSP you may found appropriate and, via the “Electronic address”
multi-part field of the “Detailed information”, you will find a link to a website
providing more information about this provider and the products it provides.
</li>
</ol>
</div>
</div>
<div id="11" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-11"
role="button">
<p>What is the validation of a qualified electronic signature?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-11" class="accordion-content" role="region" aria-labelledby="11">
<p>
When a party needs to rely on signed electronic data (e.g. a signed document), it is very
often important that it can verify:
</p>
<p>- The integrity of the signed data;</p>
<p>- The authenticity of the signed data.</p>
<p>
The requirements for the validation of qualified electronic signatures are, in
particular, described in Article 32 of the eIDAS Regulation. In this context,
</p>
<p>
- Integrity means that no modification has been made to the signed data after it has
been signed;
</p>
<p>
- Authenticity means that the signature is supported by a qualified certificate
identifying the signatory, and that only the signatory can produce the signature.
</p>
<p>
A summary and non-exhaustive overview of the steps involved in the validation process for
qualified electronic signature would be:
</p>
<ul>
<li>The verification of the integrity of the data;</li>
<li>The verification of the validity of the certificate;</li>
<li>The verification of the qualified status of the certificate and;</li>
<li>
The verification of the signature was created by a qualified electronic signature
creation device.
</li>
</ul>
<p>
Finally, as numerous steps are involved in this validation process, the answer to a
validation request can take the form of a validation report that contains the set of
answers to the various verifications and steps involved during the validation process.
</p>
</div>
</div>
<div id="12" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-12"
role="button">
<p>How do I validate an electronic signature/seal as qualified?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-12" class="accordion-content" role="region" aria-labelledby="12">
<p><strong>Using DSS Demonstration WebApp</strong></p>
<p>
In order to easily validate on any format of document whether a signature/seal is
qualified, you might be interested in the “Validate a signature” feature of <a
href="https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/validation"
class="external-link"
rel="nofollow"
>DSS Demonstration WebApp</a
>. This demo is based on the open-source library Digital Signature Software (DSS). DSS
supports the creation and verification of interoperable and secure electronic
signatures/seals in line with the eIDAS Regulation. More information is available in
the <a
href="https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/Digital+Signature+Service+-++DSS#DigitalSignatureServiceDSS-Documentation"
rel="nofollow"
>documentation</a
>.
</p>
<p>
<strong>Using Adobe Acrobat Reader (for signatures only)</strong>
</p>
<p>
When the signed document is a PDF, you can also use the “Adobe Acrobat Reader” software.
If, via the Signature Panel, the software indicates “This is a Qualified Electronic
Signature according to EU Regulation 910/2014”, you can assume the signature is qualified.
</p>
<p><strong>Via a qualified trust service</strong></p>
<p>
Some qualified trust service providers (QTSP) also offer “qualified validation service for
qualified electronic signature/seal” services. When using this kind of service, users
ensure the validation service follows requirements laid down in eIDAS and benefit
therefore of higher legal certainty.
</p>
<p>
QTSP, as an eIDAS legal obligation, are mandatorily listed in the corresponding national
<a
href="https://ec.europa.eu/digital-single-market/en/eu-trusted-lists-trust-service-providers"
class="external-link"
rel="nofollow"
>Trusted List</a
>. Trusted Lists, and therefore the providers listed in it, can be browsed in a
user-friendly way using the
<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/home"
class="external-link"
rel="nofollow"
>Trusted List Browser</a
>. The actual content of these Trusted Lists is managed and published by each Member State
and ‘Trusted List Browser’ is “merely” browsing these Trusted Lists.
</p>
<p>
Using
<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/home"
class="external-link"
rel="nofollow"
>Trusted List Browser</a
>, go to “<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/search/type/1"
class="external-link"
rel="nofollow"
>Search by Type of service</a
>” (top left of the screen):
</p>
<ol>
<li>
Select “Qualified validation service for qualified electronic signature” or “Qualified
validation service for qualified electronic seal” and click “Next”.
</li>
<li>Then, select any country you may found appropriate and click “Search”.</li>
</ol>
<p>
Finally, click on any QTSP you may found appropriate and, via the “Electronic address”
multi-part field of the “Detailed information”, you will find a link to a website
</p>
</div>
</div>
<div id="13" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-13"
role="button">
<p>When validating a qualified certificate, what is the related Trust Anchor?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-13" class="accordion-content" role="region" aria-labelledby="13">
<p>
As defined by RFC 5280, a Trust Anchor is the end point of a certificate validation
process.
</p>
<p>
As part of the EU Trusted List, when validating a qualified certificate (i.e. QC for
electronic signatures, QC for electronic seals, QC for website authentication), the Trust
Anchor is the
<em>Service digital identity</em> (Sdi) of a trust service entry (cf. ETSI TS 119 612
v2.1.1). It means that, when validating a certificate, there is no need to chain up to the
Root CA of a qualified certificate but only to the related CA/QC issuer entry within the
<a
href="https://ec.europa.eu/digital-single-market/en/eu-trusted-lists-trust-service-providers"
class="external-link"
rel="nofollow"
>Trusted List</a
>.
</p>
<p>
In order to extract the certificate chain from a qualified certificate to its issuer,
you may find interesting the “certificate validation” feature of <a
href="https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/validation"
class="external-link"
rel="nofollow"
>DSS Demonstration WebApp</a
>. This demo is based on the open-source library Digital Signature Software (DSS). DSS
supports the creation and verification of interoperable and secure electronic signatures
in line with the eIDAS Regulation. More information is available in the <a
href="https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/Digital+Signature+Service+-++DSS#DigitalSignatureServiceDSS-Documentation"
rel="nofollow"
>documentation</a
>.
</p>
<p>
You will also find more document information about this certificate validation in the
“Introduction to the Qualified electronic signature (QES) validation algorithm”
<a href="https://ec.europa.eu/digital-building-blocks/sites/x/H4XXGw" rel="nofollow"
>webpage</a
>.
</p>
</div>
</div>
</div>
</div>
<div id="819857858" class="category-block">
<h3 class="category-title">Glossary</h3>
<div class="accordion">
<div id="14" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-14"
role="button">
<p>What does AdES mean?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-14" class="accordion-content" role="region" aria-labelledby="14">
<p>
AdES is the acronym for either an advanced electronic signature or an advanced electronic
seal. It is the second level of electronic signatures/seals defined in eIDAS.
</p>
<p>
More information <span>→ </span>
<a href="#eSignatureFAQ-2"
>What are the levels (simple, advanced and qualified) of electronic signatures?</a
>
+
<a href="#eSignatureFAQ-3"
>What are the levels (simple, advanced and qualified) of electronic seals?</a
>
</p>
</div>
</div>
<div id="15" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-15"
role="button">
<p>What does QES mean?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-15" class="accordion-content" role="region" aria-labelledby="15">
<p>
QES is the acronym for either qualified electronic signature or qualified electronic seal.
It is the third and most secure level of electronic signature/seal defined in eIDAS.
</p>
<p>
More information <span>→ </span>
<a href="#eSignatureFAQ-2">What are the levels of electronic signatures?</a>
+
<a href="#eSignatureFAQ-7">Do I need a qualified electronic signature?</a>
+
<a href="/digital-building-blocks/sites/display/DIGITAL/eSignature+FAQ" class="current"
>What are the levels (simple, advanced and qualified) of electronic seals?</a
>
+
<a href="#eSignatureFAQ-8">Do I need a qualified electronic seal?</a>
</p>
</div>
</div>
<div id="16" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-16"
role="button">
<p>What does (Q)TSP/(Q)TS mean?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-16" class="accordion-content" role="region" aria-labelledby="16">
<p>
A trust service provider (TSP) is a natural or a legal person who provides one or more
trust services (TS) either as a qualified or as a non-qualified trust service provider.
</p>
<p>
A qualified trust service provider (QTSP) is a TSP who provides one or more qualified
trust services (QTS) and is granted the qualified status by the national supervisory body.
The decision of the supervisory body to grant the qualified status is reflected in the
corresponding national
<a
href="https://ec.europa.eu/digital-single-market/en/eu-trusted-lists-trust-service-providers"
class="external-link"
rel="nofollow"
>Trusted List</a
>. In this respect, QTSPs are mandatorily listed in the corresponding national Trusted
List while TSP <strong>could be </strong>but are not mandatorily listed in these Trusted
Lists.
</p>
<p>
Trusted Lists, and therefore the providers listed in it, can be browsed in a user-friendly
way using the
<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/home"
class="external-link"
rel="nofollow"
>Trusted List Browser</a
>. The actual content of these Trusted Lists is managed and published by each Member State
and ‘Trusted List Browser’ is “merely” browsing these Trusted Lists.
</p>
</div>
</div>
<div id="17" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-17"
role="button">
<p>What does QC mean?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-17" class="accordion-content" role="region" aria-labelledby="17">
<p>
QC stands for a qualified certificate. As part of eIDAS, a qualified certificate can
either be a:
</p>
<ul>
<li>Qualified certificate for electronic signature</li>
<li>Qualified certificate for electronic seal</li>
<li>Qualified certificate for website authentication</li>
</ul>
<p>
More information →
<a href="#eSignatureFAQ-4">What is a certificate for electronic signatures?</a> +
<a href="#eSignatureFAQ-5">What is a certificate for electronic seals?</a>
</p>
</div>
</div>
<div id="18" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-18"
role="button">
<p>What does QSCD mean?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-18" class="accordion-content" role="region" aria-labelledby="18">
<p>QSCD stands for a qualified electronic signature/seal creation device.</p>
<p>
More information <span>→ </span>
<a href="#eSignatureFAQ-6">What is a qualified signature/seal creation device?</a>
</p>
</div>
</div>
<div id="19" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-19"
role="button">
<p>What does AdES/QC mean?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-19" class="accordion-content" role="region" aria-labelledby="19">
<p>
AdES/QC is an advanced electronic signature/seal (AdES) based on a qualified certificate.
</p>
<p>
More information <span>→ </span>
<a href="#eSignatureFAQ-2">What are the levels of electronic signatures?</a> +
<a href="#eSignatureFAQ-2">What is a certificate for electronic signatures?</a> +
<a href="#eSignatureFAQ-3">What are the levels of electronic seals?</a> +
<a href="#eSignatureFAQ-5">What is a certificate for electronic seals?</a>
</p>
</div>
</div>
</div>
</div>
<div id="819857862a" class="category-block">
<h3 class="category-title">Trusted List Browser</h3>
<div class="accordion">
<div id="1a" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-1a"
role="button">
<p>What is the Trusted List Browser?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-1a" class="accordion-content" role="region" aria-labelledby="1a">
<p>
<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/home"
class="external-link"
rel="nofollow"
>Trusted List Browser</a
>
is a publicly available tool provided by the European Commission. It allows the user to
browse through the information present in the Member States national Trusted Lists (TLs),
as well as in the European Commission central list (named List of Trusted Lists (LOTL)).
It provides an intuitive interface that is user-friendly and human-readable.
</p>
<p>
Trusted List Browser should be taken as a tool to search for Trust Service Providers and
the services associated with them that are <em>listed </em>in a Member State national
Trusted List. It is not intended to provide sufficient information to be used in a
<em>validation</em> process.
</p>
</div>
</div>
<div id="1b" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-1b"
role="button">
<p>What is a Trusted List?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-1b" class="accordion-content" role="region" aria-labelledby="1b">
<p>
The eIDAS Regulation introduces the concept of Trusted List (TL) in the following
statement:
</p>
<p>
“<em>Each Member State </em>
<em
>shall establish, maintain and publish trusted lists, including information related to
the qualified trust service providers for which it is responsible, together with
information related to the qualified trust services provided by them.</em
>” (eIDAS article 22.1).
</p>
<p>
It may therefore be understood that all qualified trust services (QTSP’s) and the
qualified trust services (QTS) they provide are mandatorily listed in its national TL, and
that this is the main goal the TL’s serve. Nevertheless, while not mandatory in eIDAS,
Member States can also include in their TL’s information related to non-QTSP and non-QTS.
</p>
<p>
The information related to the trust services includes information about the status (e.g.
granted, withdrawn) and the status history of the trust services in compliance with the
applicable requirements and the relevant provisions of the eIDAS Regulation.
</p>
<p>
In addition to the legal definition provided by eIDAS, the
<a
href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32015D1505"
class="external-link"
rel="nofollow"
>Commission Implementing Decision (EU) 2015/1505</a
>
specifies the technical specifications and formats for Trusted List.
</p>
</div>
</div>
<div id="1c" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-1c"
role="button">
<p>
What is the List of Member States Trusted Lists, also named List of Trusted Lists (LOTL)?
</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-1c" class="accordion-content" role="region" aria-labelledby="1c">
<p>The eIDAS Regulation states that:</p>
<p>
“<em
>The Commission shall make available to the public, through a secure channel, the
information referred to in paragraph 3 [i.e. about Member States Trusted Lists] in
electronically signed or sealed form suitable for automated processing.</em
>” (eIDAS article 22.4)
</p>
<p>
In practice, the European Commission publishes an XML document called the List of Trusted
Lists (LOTL), which consists of a compiled list of links (pointers) towards all trusted
lists from the Member States, together with the certificates used to sign these trusted
lists.
</p>
<p>
The primary goals of the publication of the LOTL are to allow access to the trusted lists
of all Member States in an easy way and to provide a way to trust and authenticate those
lists.
</p>
<p>
More information on the LOTL can be found
<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/home"
class="external-link"
rel="nofollow"
>here</a
>.
</p>
</div>
</div>
<div id="1d" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-1d"
role="button">
<p>Which trust service providers can I find using Trusted List Browser?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-1d" class="accordion-content" role="region" aria-labelledby="1d">
<p>
Using the Trusted List Browser allows you to find any Trust Service Provider (TSP) listed
in a Member State national Trusted List. This means that you should be able to find any
Qualified<em> </em>Trust Service Providers (QTSP’s) and the qualified trust services it
provides, as it is mandatory for them to be listed in an EU MS national TL. Any other TSP
(i.e. non-qualified TSP) may or may not be found using Trusted List Browser, as they are
not required to be listed in a national TL.
</p>
<p>
Please keep mind that finding a TSP using Trusted List Browser does not mean that it is a
<em>Qualified</em> TSP. In order to verify that a TSP corresponds to your needs, you can
refer to the tags associated to it.
</p>
</div>
</div>
<div id="1e" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-1e"
role="button">
<p>What is a qualified trust service?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-1e" class="accordion-content" role="region" aria-labelledby="1e">
<p>
The eIDAS Regulation aims to deliver a comprehensive <em>cross-border</em> and
<em>cross-sector</em> framework for secure, trustworthy and easy-to-use electronic
transactions. Qualified trust services are a mean to this end, as their legal significance
is recognised at <em>European</em> level. They are subject to strict requirements that
consist of:
</p>
<p style="margin-left: 30px">
a) Issuing qualified certificates for:
</p>
<ol>
<li style="list-style-type: none; background-image: none">
<ol>
<li>Electronic signature</li>
<li>Electronic seal</li>
<li>Website authentication</li>
</ol>
</li>
</ol>
<p style="margin-left: 30px">b) Providing qualified validation of:</p>
<ol>
<li style="list-style-type: none; background-image: none">
<ol>
<li>Qualified electronic signature</li>
<li>Qualified electronic seal</li>
</ol>
</li>
</ol>
<p style="margin-left: 30px">
c) Providing qualified preservation of;
</p>
<ol>
<li style="list-style-type: none; background-image: none">
<ol>
<li>Qualified electronic signature</li>
<li>Qualified electronic seal</li>
</ol>
</li>
</ol>
<p style="margin-left: 30px">d) Issuing qualified time stamp</p>
<p style="margin-left: 30px">
e) Providing qualified electronic registered delivery.
</p>
</div>
</div>
<div id="1f" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-1f"
role="button">
<p>What is the difference between non-qualified and qualified trust service providers?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-1f" class="accordion-content" role="region" aria-labelledby="1f">
<p>
The eIDAS Regulation defines a <em>qualified</em> trust service provider (QTSP) as “<em
>[…] a natural or a legal person who provides one or more qualified trust services
[…]</em
>”.
</p>
<p>
As opposed to non-qualified trust service providers, QTSP’s are thus granted the right to
deliver one or more qualified trust services after undergoing a strict assessment process.
</p>
<p>
While it is mandatory for QTSP to be listed in an EU Member State Trusted List (TL),
member states may decide to include non-qualified trust service providers in their TL.
</p>
<p>
Trusted List Browser allows the user to search for QTSP by the type of qualified trust
services they provide, as well as easily identifying which trust services, qualified or
not, are provided by a particular TSP listed on a national TL, using explicit tags.
</p>
</div>
</div>
<div id="20" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-20"
role="button">
<p>Why is a qualified trust service provider tagged with non-qualified trust services?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-20" class="accordion-content" role="region" aria-labelledby="20">
<p>
A qualified trust service provider (QTSP) <em>must</em> provide at least one qualified
trust service, but <em>may</em> also provide non-qualified trust services. That is the
reason why some QTSP may be tagged with qualified and non-qualified trust services in the
Trusted List Browser.
</p>
</div>
</div>
<div id="21" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-21"
role="button">
<p>What are the tags “granted” and “withdrawn”?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-21" class="accordion-content" role="region" aria-labelledby="21">
<p>
These two tags only concern <em>qualified </em>trust services. The right for a Qualified
Trust Service Provider (QTSP) to provide a qualified trust service (QTS) is decided by the
national Supervisory Body (SB). The decision of the SB to allow the QTSP to provide the
QTS is reflected in the associated national Trusted List (TL). This is a field that
Trusted List Browser visually represents as a tag under the QTS.
</p>
<p>
If the tag under the qualified trust service states “Granted”, this means that the QTSP
has been granted by the SB the right to currently provide the QTS.
</p>
<p>
If the tag under the qualified trust service is “Withdrawn”, this means that the QTSP was,
at one time, given the right to provide this qualified trust service, but this right has
been currently withdrawn.
</p>
<p>
The history of this status can be found in Trusted List Browser under the banner
“History”, accessible by clicking on a qualified trust service.
</p>
</div>
</div>
<div id="22" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-22"
role="button">
<p>What are the tags “Non-Regulatory” and “Undefined”?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-22" class="accordion-content" role="region" aria-labelledby="22">
<p>
These two tags only concern <em>non</em>-qualified trust services and have to do with a
refinement of their type:
</p>
<p>
- The tag “Undefined” is associated with trust services whose type has
been defined in the eIDAS Regulation, but for which there is a lack of additional
information in the TL to further specify its use.
</p>
<p>
- The tag “Non-Regulatory” on the other hand is associated with trust
services whose type has <em>not </em>been defined in the eIDAS Regulation and are
country-specific.
</p>
</div>
</div>
<div id="23" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-23"
role="button">
<p>What are the tags “Recognised at national level” and “Deprecated at national level”?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-23" class="accordion-content" role="region" aria-labelledby="23">
<p>
These two tags only concern <em>non</em>-qualified<em> </em>trust services and have to do
with a refinement of their type:
</p>
<p>
- The tag “Recognised at national level” means that the trust service to which
it refers as well as the relevant TSP have been granted an “approved” status, as
recognized at national level.
</p>
<p>
- The tag “Deprecated at national level” means that the trust service to which
it refers as well as the relevant TSP had their “approved” status withdrawn.
</p>
</div>
</div>
<div id="24" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-24"
role="button">
<p>I can’t find a trust service provider in your Trusted List Browser, why so?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-24" class="accordion-content" role="region" aria-labelledby="24">
<p>
According to the eIDAS Regulation, only the <em>Qualified</em> Trust Service Providers
(QTSP’s) have to be listed in a Trusted List:
</p>
<p>
“<em
>Each Member State shall establish, maintain and publish trusted lists, including
information related to the qualified trust service providers for which it is
responsible, together with information related to the qualified trust services provided
by them.</em
>” (eIDAS article 22.1)
</p>
<p>
As such, each national Trusted List may or may not include non-qualified TSPs. It is up to
the Member State’s Supervisory Body to decide which non-qualified TSP will be listed.
</p>
<p>
The absence of a particular TSP from the Trusted List Browser should not be interpreted as
a TSP not being compliant with the eIDAS definition. It only means that it does not
provide <em>qualified</em> trust services.
</p>
</div>
</div>
<div id="25" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-25"
role="button">
<p>Where can I find the Trusted List Browser API?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-25" class="accordion-content" role="region" aria-labelledby="25">
<p>
The Trusted List Browser API can be found
<a
href="https://eidas.ec.europa.eu/efda/swagger-ui.html"
class="external-link"
rel="nofollow"
>here</a
>.
</p>
<p>Before using the API, please be aware of the following facts:</p>
<ul>
<li>
The main purpose of the Trusted List Browser and its API is to browse the content of
Trusted Lists, not validating certificates nor signatures. The actual content of Trusted
Lists is managed and published by each Member States;
</li>
<li>
This API is available on a "best effort" basis. The API should usually be available, but
it shall be noted that some downtime might occur;
</li>
<li>
The signature on a Trusted List (TL) is validated when the TL is first loaded (i.e. when
the TL is published) and every day at midnight (e.g. when a TL signing certificate
expires, the validity status of the signature will only be updated at midnight).
</li>
</ul>
</div>
</div>
<div id="26" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-26"
role="button">
<p>The trusted list is shown in transparent hue, what does it mean?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-26" class="accordion-content" role="region" aria-labelledby="26">
<p>
A trusted list (TL) shown in a transparent hue means that Trusted List Browser was, for
some reason, unable to download and validate the content of this TL. This
<em>could</em> therefore mean that this TL is currently unavailable.
</p>
</div>
</div>
<div id="27" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-27"
role="button">
<p>How can I get a qualified certificate?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-27" class="accordion-content" role="region" aria-labelledby="27">
<p>
If you are looking for a qualified certificate for electronic signature, you might be
interested in:
<a href="#eSignatureFAQ-Anchor9"
>How can I create an advanced or qualified electronic signature?
</a>
</p>
<p>
If you are looking for a qualified certificate for electronic seal, you might be
interested in:
<a href="#eSignatureFAQ-Anchor10"
>How can I create an advanced or qualified electronic seal?</a
>
</p>
<p>
If you are looking for a qualified certificate for website authentication, a similar
process to the two below entries applies.
</p>
</div>
</div>
<div id="28" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-28"
role="button">
<p>
Can I validate that an electronic signature/seal or a certificate is qualified using
Trusted List Browser?
</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-28" class="accordion-content" role="region" aria-labelledby="28">
<p>
Trusted List Browser should be taken as a tool to search for trust service providers and
the services associated with that are <em>listed </em>in a Member State national Trusted
List. It is not intended to provide sufficient information to be used in a
<em>validation</em> process.
</p>
<p>
Instead, you might be interested in the answer provided in:
<a href="#eSignatureFAQ-Anchor11"
>How do I validate an electronic signature/seal is qualified?</a
>
</p>
</div>
</div>
<div id="29" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-29"
role="button">
<p>Why are there non-EU countries listed by Trusted List Browser?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-29" class="accordion-content" role="region" aria-labelledby="29">
<p>
There are currently three non-EU countries appearing in Trusted List Browser, belonging to
the European Economic Area (EEA).
</p>
<p>
The reason they appear here is because the EEA Joint Committee
<a
href="https://www.efta.int/sites/default/files/documents/legal-texts/eea/other-legal-documents/List-Adopted-Joint-Committee-Decisions/2018%20List%20of%20Adopted%20Joint%20Committee%20Decisions.pdf"
class="external-link"
rel="nofollow"
>adopted</a
>
the decision to insert eIDAS (i.e. Regulation No 910/2014) in the EEA Agreement
<a
href="https://www.efta.int/media/documents/legal-texts/eea/the-eea-agreement/Annexes%20to%20the%20Agreement/annex11.pdf"
class="external-link"
rel="nofollow"
>Annex XI</a
>
(<a
href="https://www.efta.int/sites/default/files/documents/legal-texts/eea/other-legal-documents/adopted-joint-committee-decisions/2018%20-%20English/022-2018.pdf"
class="external-link"
rel="nofollow"
>EEA JCD No 22/2018</a
>). Consequently, the Commission is to be notified of the information referred in eIDAS
Article 22.3, applied to the EEA Contracting Parties <em>mutatis mutandis</em> with
respect to the EEA Agreement
<a
href="https://www.efta.int/sites/default/files/documents/legal-texts/eea/the-eea-agreement/Protocols%20to%20the%20Agreement/protocol1.pdf"
class="external-link"
rel="nofollow"
>protocol</a
>:
</p>
<p>
“<em
>Member States shall notify to the Commission, without undue delay, information on the
body responsible for establishing, maintaining and publishing national trusted lists,
and details of where such lists are published, the certificates used to sign or seal the
trusted lists and any changes thereto.</em
>” (eIDAS article 22.3)
</p>
<p>
Furthermore, eIDAS Article 22.4 applies as well, and the Commission uses the LOTL to make
this information available. As Trusted List Browser is a tool made to browse through the
Trusted Lists referenced in the LOTL, the presence of the non-EU EEA countries Trusted
Lists location in the LOTL is shown in this tool.
</p>
</div>
</div>
<div id="2a" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-2a"
role="button">
<p>What are “Currently active trust service providers”?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-2a" class="accordion-content" role="region" aria-labelledby="2a">
<p>
Displayed under the banner “Currently active trust service providers” are all the Trust
Services Providers (TSP) for which there is at least one listed trust service they provide
that has as its status either “Granted” or “Recognised at national level”.
</p>
<p>More information about these statuses can be found on the corresponding FAQ entry:</p>
<p>
- <a href="#eSignatureFAQ-Anchor12"
>What are the tags “granted” and “withdrawn”?</a
>
</p>
<p>
<a href="#eSignatureFAQ-Anchor13"
>- What are the tags “Recognised at national level” and “Deprecated at national
level”?</a
>
<a
href="file:///C:/Users/egoncearuc/Desktop/FAQs%20eSignature/eSignature-FAQ_proposal3%20v1.0.docx#_msocom_1"
class="external-link"
rel="nofollow">
<br
/></a>
</p>
</div>
</div>
<div id="2b" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-2b"
role="button">
<p>What are “Trusted service providers without currently active trust services”?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-2b" class="accordion-content" role="region" aria-labelledby="2b">
<p>
Displayed under the banner “Trusted service providers without currently active trust
services” are all the Trust Service Providers for which the status of every trust services
listed under them in the Trusted List is either “Withdrawn” or “Deprecated at national
level”.
</p>
<p>More information about these statuses can be found on the corresponding FAQ entry:</p>
<p>
<span>- </span>
<a href="#eSignatureFAQ-Anchor12">What are the tags “granted” and “withdrawn”?</a>
</p>
<p>
<a href="#eSignatureFAQ-Anchor13"> <span>- </span> </a>
<a href="#eSignatureFAQ-Anchor13"> </a>
<a href="#eSignatureFAQ-Anchor13"
>What are the tags “Recognised at national level” and “Deprecated at national level”?</a
>
</p>
</div>
</div>
<div id="2c" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-2c"
role="button">
<p>What are “Trusted service providers currently taken over”?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-2c" class="accordion-content" role="region" aria-labelledby="2c">
<p>
The banner “Trust service providers currently taken over” indicates that a service was
formerly under the legal responsibility of a Trust Service Provider (TSP) and is now taken
over by another TSP. This doesn’t mean that those trust services have ceased nor that they
lost their qualified status : As long as their status is ‘granted’, they are still
recognised as qualified.
</p>
</div>
</div>
<div id="2d" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-2d"
role="button">
<p>What is the list of features of Trusted List Browser?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-2d" class="accordion-content" role="region" aria-labelledby="2d">
<p>Trusted List Browser allows users to:</p>
<p style="margin-left: 30px">a) Search for a trust service:</p>
<ul>
<li style="list-style-type: none; background-image: none">
<ul>
<li>By the type of service</li>
<li>By the name of the service</li>
<li>By a signed file</li>
</ul>
</li>
</ul>
<p style="margin-left: 30px">
b) Display the content of a Member State national Trusted List (TL)
</p>
<p style="margin-left: 30px">
c) Display the content of the European Commission List of the
Trusted Lists (LOTL)
</p>
<p>
It should be noted that Trusted List Browser is not intended to provide a way to
<em>acquire</em> a product nor to <em>subscribe</em> to a trust service. It merely gives
information to the user on whether or not a Trust Service and the associated Trust Service
Provider (TSP) is listed in a national Trusted List. Subscribing to a Trust Service or
acquiring a product should be done by directly contacting the TSPs.
</p>
<p><strong>Search for a trust service</strong></p>
<p>
- Searching by the type of service allows the user to look for all the
TSP’s listed in a Member State Trusted List that provide the trust service(s) he is
interested in.
</p>
<p>
- Searching by the name of a service allows the user to check if a
particular trust service is listed in a Member State TL, in which case the service along
with some information would be displayed.
</p>
<p>
- Searching by a signed file (either a PDF, XML or a certificate) allows
the user to check if the trust service that issued the certificate for the signature used,
is listed in a Member State Trusted List, in which case the service along with some
information would be displayed.
</p>
<p>
Also please keep in mind that this would by no means constitute a <em>validation</em> of
an electronic signature.
</p>
<p><strong>Display the content of a national Trusted List</strong></p>
<p>
When displaying the content of a national TL, what you will observe that a TL is a list of
TSP grouped in a maximum of three categories (“<a href="#eSignatureFAQ-Anchor14"
>Currently active TSP</a
>”, “<a href="#eSignatureFAQ-Anchor16">TSP currently taken over</a>”, “<a
href="#eSignatureFAQ-Anchor15"
>TSP without currently active trust services</a
>”) and displayed this way:
</p>
<p>
<span class="confluence-embedded-file-wrapper confluence-embedded-manual-size"
><img
class="confluence-embedded-image"
draggable="false"
alt="image explaining how trust service provider is displayed"
height="75"
src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_20-4-19.png?version=1&modificationDate=1639417236997&api=v2"
data-image-src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_20-4-19.png?version=1&modificationDate=1639417236997&api=v2"
data-unresolved-comment-count="0"
data-linked-resource-id="467109159"
data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="image2019-10-10_20-4-19.png"
data-base-url="https://ec.europa.eu/digital-building-blocks/sites"
data-linked-resource-content-type="image/png"
data-linked-resource-container-id="467109156"
data-linked-resource-container-version="9"
title="eID Trusted list browser"
/></span>
</p>
<p>
Where “Trust Service Provider Name” is the name of the TSP, the tag(s) in yellow represent
the qualified trust service(s) it provides, and the tag(s) in grey represent the
non-qualified trust service(s) appearing in the TL that it provides. Hovering over a tag
will produce a short text clarifying its name, whereas clicking on the name of the TSP
will bring you to a new page further describing those services by listing them in one of
the two following manners, depending on whether they are qualified or not:
</p>
<ul>
<li><strong>Qualified trust service</strong>:</li>
</ul>
<p>
<span class="confluence-embedded-file-wrapper confluence-embedded-manual-size"
><img
class="confluence-embedded-image"
draggable="false"
alt="how is eID qualified trust service displayed"
height="156"
src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_20-4-39.png?version=1&modificationDate=1639417237005&api=v2"
data-image-src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_20-4-39.png?version=1&modificationDate=1639417237005&api=v2"
data-unresolved-comment-count="0"
data-linked-resource-id="467109160"
data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="image2019-10-10_20-4-39.png"
data-base-url="https://ec.europa.eu/digital-building-blocks/sites"
data-linked-resource-content-type="image/png"
data-linked-resource-container-id="467109156"
data-linked-resource-container-version="9"
title="eID qualified trust service" /></span
>
</p>
<p>
Where “Qualified trust service A” is the type of the QTS, “QTS type” is the service type
identifier of the QTS, and “QTS name under the QTSP” is the name of the QTS.
</p>
<p>
More information on the tags “granted” and “withdrawn” can be found in
<a href="#eSignatureFAQ-Anchor12">What are the tags “granted” and “withdrawn”?</a>
</p>
<ul>
<li><strong>Non-qualified trust service</strong>:</li>
</ul>
<p>
<span class="confluence-embedded-file-wrapper confluence-embedded-manual-size"
><img
class="confluence-embedded-image"
draggable="false"
height="154"
src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_20-5-0.png?version=1&modificationDate=1639417237014&api=v2"
data-image-src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_20-5-0.png?version=1&modificationDate=1639417237014&api=v2"
data-unresolved-comment-count="0"
data-linked-resource-id="467109161"
data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="image2019-10-10_20-5-0.png"
data-base-url="https://ec.europa.eu/digital-building-blocks/sites"
data-linked-resource-content-type="image/png"
data-linked-resource-container-id="467109156"
data-linked-resource-container-version="9"
alt=""
/></span>
</p>
<p><br /></p>
<p>
Where “Non-Qualified trust service A” is the qualifier used in the TL to further describe
the type of the TS, “TS type” is the type of the TS, and “TS name under the QTSP” is the
name under which the TSP provides the service.
</p>
<p>
More information on the tags “Recognised at a national level” and “Deprecated at a
national level” can be found in
<a href="#eSignatureFAQ-Anchor13"
>What are the tags “Recognised at a national level” and “Deprecated at a national
level”?</a
>
</p>
<p><strong>Display the content of the LOTL: </strong></p>
<p>
By default, the Trusted List Browser home interface actually displays the countries that
have the location to their national Trusted List referenced in the LOTL. Clicking on the
icon “European Union” will then only provide you with the detailed information about the
LOTL (e.g. scheme information, signature).
</p>
</div>
</div>
<div id="2e" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-2e"
role="button">
<p>
The qualified trust service that issued my qualified certificate is now “withdrawn”. What
does this status change entail?
</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-2e" class="accordion-content" role="region" aria-labelledby="2e">
<p>
If a Qualified Trust Service Provider (QTSP) for qualified certificates provisions loses
its qualified status, the qualified certificates already issued do not lose automatically
their qualified status as well.
</p>
<p>
Nevertheless, the TSP that no longer exists as a QTSP cannot provide new qualified
certificates. The qualified certificates already issued by such a QTSP might be used to
create a qualified electronic signature/seal, unless they have unambiguously been revoked,
either as direct implementation of the QTSP's termination plan or at the request of the
supervisory body.
</p>
<p>
Trusted Lists provide such information on whether the TSP and an identified trust service
it provides were qualified both at the time of issuing the certificate, as well as at the
time at which it is believed a signature/seal was created, in the history of the given
trust service.
</p>
</div>
</div>
<div id="2f" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-2f"
role="button">
<p>If I get a certificate in an EU Member State, is it valid in another EU Member State?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-2f" class="accordion-content" role="region" aria-labelledby="2f">
<p>
It is important to differentiate between the validity of a certificate and its qualified
status.
</p>
<p>
When a certificate is delivered by a Trust Service Provider (TSP), it comes with a
specified timeframe during which it can be considered valid. The TSP may furthermore
decide to revoke the certificate during this timeframe for various reasons. Checking the
validity of a certificate may thus be taken as equivalent to checking whether the
certificate has expired or been revoked.
</p>
<p>
The qualified status of a certificate, on the other hand, means that it has been
issued by a qualified trust service provider with the statement ‘qualified’. As one of the
aims of the eIDAS regulation is to achieve cross-border interoperability and recognition
of qualified certificates, a qualified certificate delivered in any Member State will be
recognised as such in every Member State.
</p>
<p>
Finally, please note that the certificate would also be recognised in all EEA Member
States, as further detailed in
<a href="#eSignatureFAQ-Anchor17"
>Why are there non-EU countries listed by Trusted List Browser?</a
>
</p>
</div>
</div>
<div id="30" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-30"
role="button">
<p>
Is a QTSP listed in the Trusted List Browser recognized as a QTSP in all Member States?
</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-30" class="accordion-content" role="region" aria-labelledby="30">
<p>
One of the goals of the ‘qualified’ status is to achieve cross-border interoperability and
recognition of electronic products and trust services across all Member States. As such, a
qualified product delivered by a qualified trust service under a Qualified Trust Service
Provider (QTSP) based in any Member State will be considered as qualified in every Member
States.
</p>
</div>
</div>
<div id="31" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-31"
role="button">
<p>What legal certainty is there when using non-qualified Trust Service Providers?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-31" class="accordion-content" role="region" aria-labelledby="31">
<p>
From a legal point of view, both qualified and non-qualified trust services benefit
from a non-discrimination clause as evidence in courts. In other words, trust
services cannot be discarded by the judge only on the grounds that they are in an
electronic form.
</p>
<p>
However, because of the more stringent requirements applicable to Qualified Trust Service
Providers, qualified trust services provide a stronger specific legal
effect than non-qualified ones as well as a higher technical security. Qualified
trust services, therefore, provide higher legal certainty and higher
security of electronic transactions.
</p>
</div>
</div>
</div>
</div>
<div id="819857901" class="category-block">
<h3 class="category-title">Digital Signature Services (DSS)</h3>
<div class="accordion">
<div id="32" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-32"
role="button">
<p>What is DSS?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-32" class="accordion-content" role="region" aria-labelledby="32">
<p>
DSS (Digital Signature Services) is an open-source software library for digital signature
creation, validation, and extension, designed to help digital solutions achieve compliance
with the eIDAS Regulation.
</p>
<p> Among the features it offers are:</p>
<ul>
<li>
A large panel of formats being supported for the signed documents (XML, PDF, ODT, TXT,
ZIP, …);
</li>
<li>
The three main formats for digital signature XAdES, CAdES, and PAdES, as well as their
four levels of baseline signatures profile being supported in compliance with the ETSI
standards;
<ul>
<li>
Along with the packaging structures enveloping, enveloped, detached and
internally-detached;
</li>
<li>And the ASIC-S or ASIC-E containers;</li>
</ul>
</li>
<li>The management of authenticating and trusting the Trusted Lists;</li>
<li>Building certificate chains up to a trust anchor;</li>
<li>Handling revocation data from OCSP and CRL sources;</li>
<li>ETSI compliant signature validation processes;</li>
<li>Certificate validation, including the determination of the qualified status.</li>
</ul>
<p>
This list is not exhaustive and more information about DSS and the features it offers is
available by following the links given in “<strong>
<a href="#eSignatureFAQ-Anchor18">Which are the DSS useful links?</a> </strong
>"
</p>
</div>
</div>
<div id="33" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-33"
role="button">
<p>Which are the DSS useful links?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-33" class="accordion-content" role="region" aria-labelledby="33">
<p>The DSS useful links are:</p>
<ul>
<li>DSS maven repository:</li>
</ul>
<p>
<span
class="confluence-embedded-file-wrapper confluence-embedded-manual-size"
><img
class="confluence-embedded-image image-left"
draggable="false"
height="132"
src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_20-46-4.png?version=1&modificationDate=1639417237022&api=v2"
data-image-src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_20-46-4.png?version=1&modificationDate=1639417237022&api=v2"
data-unresolved-comment-count="0"
data-linked-resource-id="467109162"
data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="image2019-10-10_20-46-4.png"
data-base-url="https://ec.europa.eu/digital-building-blocks/sites"
data-linked-resource-content-type="image/png"
data-linked-resource-container-id="467109156"
data-linked-resource-container-version="9"
alt=""
/></span>
</p>
<p><br /></p>
<p><br /></p>
<p><br /></p>
<p><br /></p>
<p>
<pre><repository><br />
<id>cefdigital</id><br />
<name>cefdigital</name><br />
<url><a href="https://ec.europa.eu/digital-building-blocks/artifact/content/repositories/esignaturedss/" rel="nofollow">https://ec.europa.eu/digital-building-blocks/artifact/content/repositories/esignaturedss></a>/</url><br />
</repository>
</pre>
<ul>
<li>
“Start using DSS” webpage:
<a href="https://ec.europa.eu/digital-building-blocks/sites/x/84TXGw" rel="nofollow"
>https://ec.europa.eu/digital-building-blocks/sites/x/84TXGw</a
>
</li>
<li>
DSS JIRA:
<a
href="https://ec.europa.eu/digital-building-blocks/tracker/projects/DSS/issues/"
class="external-link"
rel="nofollow"
>https://ec.europa.eu/digital-building-blocks/tracker/projects/DSS/issues/</a
>
</li>
<li>
DSS GitHub:
<a href="https://github.com/esig/" class="external-link" rel="nofollow"
>https://github.com/esig/</a
>
</li>
<li>
DSS documentation:
<a
href="https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html"
class="external-link"
rel="nofollow"
>https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html</a
>
</li>
</ul>
<p>
You might be also interested in the DSS demonstration WebApp, providing a concrete
example of DSS usage:
<a
href="https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/"
class="external-link"
rel="nofollow"
>https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/</a
>.
</p>
<p>
A bundle of the DSS demonstration WebApp bundle can be downloaded in the DSS
webpage. <br />More information about this WebApp is given in
<strong>
<a href="#eSignatureFAQ-Anchor19">What is the DSS demonstration WebApp?</a>
</strong>
</p>
</div>
</div>
<div id="34" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-34"
role="button">
<p>What is the DSS demonstration WebApp?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-34" class="accordion-content" role="region" aria-labelledby="34">
<p>
The DSS demonstration Web Application is an integration of the DSS framework providing a
concrete example of DSS usage. It can be used to:
</p>
<ul>
<li>
<a href="#eSignatureFAQ-Anchor20">Sign documents</a> (a qualified signature can be
created provided that the signing private key resides in a QSCD such as a smartcard and
is supported by a qualified certificate for eSignature);
</li>
<li><a href="#eSignatureFAQ-Anchor21">Extend a signature</a>;</li>
<li>
<a href="#eSignatureFAQ-Anchor22">Validate a signature</a> (this service can in no
case be considered as qualified);
</li>
<li><a class="unresolved" href="#">Validate a certificate</a>;</li>
<li>
<a
href="https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/tsl-info"
class="external-link"
rel="nofollow"
>Get information about the Trusted Lists</a
>
(for a user-friendly view of the Trusted Lists, the
<a
href="https://eidas.ec.europa.eu/efda/tl-browser/#/screen/home"
class="external-link"
rel="nofollow"
>Trusted List Browser</a
>
is a more adequate tool).
</li>
</ul>
<p>
<strong
>This Web Application only provides an insight of what can be achieved by using DSS and
cannot be taken as a faithful representation of all the possibilities the DSS framework
offers.</strong
>
</p>
<p>
In particular, this Web Application has been designed to fit in the context of the eIDAS
Regulation, but DSS can equivalently be used to validate signatures and certificates in
other trust schemes.
</p>
</div>
</div>
<div id="35" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-35"
role="button">
<p>How can I sign a document via the “Sign a document” webpage?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-35" class="accordion-content" role="region" aria-labelledby="35">
<p>
In order to sign a document with the WebApp demonstration, the first step is to access the
adequate webpage named “<a
href="https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/sign-a-document"
class="external-link"
rel="nofollow"
>Sign a document</a
>”.
</p>
<p>
The DSS WebApp demo uses NexU to access the signing keys needed to sign the document, and
you will therefore need to install it. If NexU is not installed or not launched, you will
see this notification:
</p>
<p align="center">
<span
class="confluence-embedded-file-wrapper image-center-wrapper confluence-embedded-manual-size"
><img
class="confluence-embedded-image image-center"
draggable="false"
height="117"
src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_21-5-55.png?version=1&modificationDate=1639417237050&api=v2"
data-image-src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_21-5-55.png?version=1&modificationDate=1639417237050&api=v2"
data-unresolved-comment-count="0"
data-linked-resource-id="467109165"
data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="image2019-10-10_21-5-55.png"
data-base-url="https://ec.europa.eu/digital-building-blocks/sites"
data-linked-resource-content-type="image/png"
data-linked-resource-container-id="467109156"
data-linked-resource-container-version="9"
alt=""
/></span>
</p>
<p>
For additional information about NexU and its installation, please refer to the entry
“<strong>
<a href="#eSignatureFAQ-Anchor24">What is NexU and how to install it?</a> </strong
>”.
</p>
<p>
After launching NexU, you might need to refresh the page for the WebApp demo to detect it.
If the WebApp has properly detected NexU, you should see the following notification:
</p>
<p align="center">
<span class="confluence-embedded-file-wrapper confluence-embedded-manual-size"
><img
class="confluence-embedded-image"
draggable="false"
height="114"
src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_21-6-7.png?version=1&modificationDate=1639417237059&api=v2"
data-image-src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_21-6-7.png?version=1&modificationDate=1639417237059&api=v2"
data-unresolved-comment-count="0"
data-linked-resource-id="467109166"
data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="image2019-10-10_21-6-7.png"
data-base-url="https://ec.europa.eu/digital-building-blocks/sites"
data-linked-resource-content-type="image/png"
data-linked-resource-container-id="467109156"
data-linked-resource-container-version="9"
alt=""
/></span>
</p>
<p>Once NexU is launched, the following steps will allow you to sign a document:</p>
<ul>
<li>Select the document to be signed;</li>
<li>
Configure the right parameters:
<ul>
<li>
Suggestions regarding the ‘<strong>Container</strong>’, ‘<strong
>Signature format</strong
>’, and ‘<strong>Packaging</strong>’ are given in the FAQ entry “<a
href="#eSignatureFAQ-Anchor28"
>When signing/sealing a document, which format of signature should I use</a
>?” . More information about the ‘<strong>Packaging</strong>’ is also available
via “<a href="#eSignatureFAQ-Anchor26"
>What is the packaging enveloped, detached, enveloping, and internally detached of
a signature</a
>?”.
</li>
<li>
The ‘<strong>Level</strong>’, together with suggestions, is explained in the FAQ
entry “<a href="#eSignatureFAQ-Anchor25"
>What are the B, T, LT, and LTA level of an electronic signature?</a
>”
</li>
<li>
The ‘<strong>Digest algorithm</strong>’ is the cryptographic algorithm used when
generating the value of the signature. The algorithms proposed by the demo are
sorted from the weakest (SHA1 that is not recommended) to the strongest (SHA512).
</li>
<li>
The option ‘<strong>Allow expired certificate</strong>’ will allow you to create a
signature whose supporting certificate has expired
</li>
<li>
The option ‘<strong>Add a content timestamp</strong>’ will add a non-qualified time
stamp (when using the bundle, a fake time stamp is generated) on the content of the
document before it is signed.
</li>
</ul>
</li>
<li>Click on the ‘Submit’ button.</li>
</ul>
<p>
More detailed and technical information about choosing the appropriate options when
creating a signature can be found in the technical report
<a
href="https://www.etsi.org/deliver/etsi_tr/119100_119199/119100/"
class="external-link"
rel="nofollow"
>ETSI TR 119 100 section 8.</a
>
</p>
<p>
Alternatively, if the document to be signed is a PDF file, you can use the “<a
href="https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/sign-a-pdf,"
class="external-link"
rel="nofollow"
>Sign a PDF</a
>” webpage and simply drag and drop the document. No customization is needed in this case,
and the result will be a signature with no container, PAdES signature format, enveloped
packaging, -B level and SHA256 as digest algorithm.
</p>
</div>
</div>
<div id="36" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-36"
role="button">
<p>What is the “Extend a signature” webpage and how to use it?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-36" class="accordion-content" role="region" aria-labelledby="36">
<p>
In the DSS WebApp demonstration,
<a
href="https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/extension"
class="external-link"
rel="nofollow"
>extending a signature</a
>
is used when a user wishes to augment the level of a signature. The goal of the
augmentation is to extend the time-period during which the signature can successfully be
validated. For instance, when the certificate supporting a XAdES-B-B signature is soon to
expire (or the certificate is about to be revoked), one can augment the signature to a
XAdES-B-T signature allowing the validation to survive the expiration of the certificate.
</p>
<p>
More information about the levels of an electronic signature can be found in the FAQ entry
<strong>
<a href="#eSignatureFAQ-Anchor25"
>What are the B, T, LT, and LTA levels of an electronic signature?</a
>
<br
/></strong>
</p>
</div>
</div>
<div id="37" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-37"
role="button">
<p>How can I validate a signature/seal via the “Validate a signature” webpage?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-37" class="accordion-content" role="region" aria-labelledby="37">
<p>
In order to validate a signature/seal with the WebApp demonstration, the first step is to
access the adequate webpage named “<a
href="https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/validation"
class="external-link"
rel="nofollow"
>Validate a signature</a
>”.
</p>
<p>Once on the webpage, the next steps are to:</p>
<ul>
<li>Select the signed file;</li>
<li>
If the signature is detached, select the detached signature with “Signed file” then
select the documents to which this signature refers with “Original file(s)”.
</li>
<li>
Optionally specify the validation level. Changing the default setting will only reduce
the set of signatures the WebApp can validate considering that:
<ul>
<li>
The validation process for Basic Signatures only consider B-level attributes and
does a basic validation of timestamps;
</li>
<li>
The validation process for Signature with Long-Term Validation Data is a validation
process for Basic Signature that also validate the revocation data;
</li>
<li>
The validation process for Signature with Archival Data (recommended) is built from
the previous level by also allowing the validation of the signature in the past with
all collected data.
</li>
</ul>
</li>
</ul>
<p style="margin-left: 30px">
For instance, selecting the validation process for basic signature when trying to validate
a qualified XAdES-B-LTA signature for which the signing certificate has expired will
result in the WebApp demo being unable to validate the signature, even though the
signature should still be considered qualified and valid;
</p>
<ul>
<li>
Optionally chose to use a custom validation constrains file. The default validation
constrains file is available in the
<a
href="https://github.com/esig/dss/blob/5.4.3/validation-policy/src/main/resources/policy/constraint.xml"
class="external-link"
rel="nofollow"
>GitHub</a
>
and can be used to build custom files;
</li>
<li>Click on the ‘Submit’ button.</li>
</ul>
<p>
The simple validation report will then give you a quick overview of the validation results
by providing:
</p>
<ul>
<li>
The qualification level of the signature taking the values
<ul>
<li style="list-style-type: none; background-image: none">
<ul>
<li>‘QESig’ for a qualified signature;</li>
<li>‘QESeal’ for a qualified seal;</li>
<li>
‘AdESig-QC’ for an advanced signature based on a qualified certificate for
electronic signatures. The signature is therefore not qualified;
</li>
<li>
‘AdESeal-QC’ for an advanced seal based on a qualified certificate for
electronic seals. The seal is therefore not qualified;
</li>
<li>‘N/A’ for a signature with no qualification.</li>
</ul>
</li>
</ul>
</li>
</ul>
<p>
An enumeration of all possible values can be found in the
<a
href="https://github.com/esig/dss/blob/master/dss-enumerations/src/main/java/eu/europa/esig/dss/enumerations/SignatureQualification.java"
class="external-link"
rel="nofollow"
>GitHub</a
>;
</p>
<ul>
<li>The format and the level of the signature as specified in ETSI standards;</li>
<li>
An indication of whether and which problems were encountered during the validation
process, according to the standards ETSI EN 319 102-1 and ETSI TS 119 172-4. Such
problems could be:
<ul>
<li style="list-style-type: none; background-image: none">
<ul>
<li>The integrity of the signed data has been compromised;</li>
<li>
The assurance level of the cryptographic means used for the signature format is
not deemed acceptable;
</li>
<li>The certificate supporting the signature has expired or been revoked;</li>
<li>
The certificate supporting the signature is not qualified for electronic
signature (the signature may be valid but not qualified);
</li>
<li>
The signature has not been created by a Qualified Signature Creation Device
(QSCD) (the signature may be valid but not qualified).
</li>
<li>
The signature format is not recognised by the WebApp demo (This does not
automatically mean that the signature is not valid nor that is not qualified as
the eIDAS Regulation does not impose any restriction on the format).
</li>
</ul>
</li>
</ul>
</li>
<li>The chain of trust of the signing certificate</li>
<li>The time at which the signature claims to have been created</li>
<li>
The best time at which there exists proof of the existence of the signature: If there is
no time stamp on the signature, the best time is the time at which the current
validation is performed.
</li>
</ul>
<p>
More information about the validation of an electronic signature is given in
<strong>
<a href="#eSignatureFAQ-Anchor29"
>What is the validation of an electronic signature?</a
> </strong
> , and you might also be interested in
<strong>
<a href="#eSignatureFAQ-Anchor27"
>How to understand the detailed validation report?<br
/></a>
</strong>
</p>
</div>
</div>
<div id="38" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-38"
role="button">
<p>How can I validate a certificate via the “Validate a certificate” webpage?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-38" class="accordion-content" role="region" aria-labelledby="38">
<p>
In order to validate a signature/seal with the WebApp demonstration, the first step is to
select the adequate webpage named “<a
href="https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/certificate-validation"
class="external-link"
rel="nofollow"
>Validate a certificate</a
>”.
</p>
<p>
Then, you need to select the certificate you wish to validate. The format of this
certificate needs to be DER or Base64 encoded.
</p>
<p>
As some certificates do not contain information processable in an automated manner for
retrieving the certificate of the issuing authority, you may manually specify the
certificate chain leading to a trust anchor.
</p>
<p>
The simple validation report will give you a quick overview of the validation results by
providing:
</p>
<ul>
<li>
The qualification level of the certificate at both the time it has been issued and the
time of the validation, taking the values:
<ul>
<li>
‘QC for eSig with QSCD’ and ‘QC for eSeal with QSCD’ for a qualified certificate for
electronic signature/seal supporting a private signing key residing in a QSCD;
</li>
<li>
‘QC for eSig’, ‘QC for eSeal’, and ‘QC for WSA’ for a qualified certificate for
electronic signature/seal/website authentication. A signature based on such a
certificate would not be qualified;
</li>
<li>
‘cert for eSig’, ‘cert for eSeal’, and ‘cert for WSA’ for a non-qualified
certificate for electronic signature/seal/website authentication delivered by a
trust service provider listed in an EU Member State Trusted List;
</li>
<li>‘N/A’ for a certificate with no qualification.</li>
</ul>
</li>
</ul>
<p style="margin-left: 30px">
An enumeration of all possible values can be found in the
<a
href="https://github.com/esig/dss/blob/master/dss-enumerations/src/main/java/eu/europa/esig/dss/enumerations/CertificateQualification.java"
class="external-link"
rel="nofollow"
>GitHub</a
>.
</p>
<ul>
<li>The name of the entity to which it has been issued;</li>
<li>The name of the organization of the entity to which it has been issued;</li>
<li>The locality, state and country of the entity to which it has been issued;</li>
<li>The information about the usages for which the key has been certified;</li>
<li>The validity period of the certificate</li>
<li>The information about whether it has been revoked;</li>
<li>
The resources needed for its validation that are provided in the certificate (e.g.
KeyUsage, AuthorityInfoAccess).
</li>
</ul>
<p>
More information about the validation process can be found in the DSS documentation:
<a
href="https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html#_certificate_validation"
class="external-link"
rel="nofollow"
>https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html#_certificate_validation</a
>.
</p>
</div>
</div>
<div id="39" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-39"
role="button">
<p>What is NexU and how to install it?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-39" class="accordion-content" role="region" aria-labelledby="39">
<p>
NexU is an open-source signature tool that enables web applications to interact with local
smartcard readers. It also allows the use of signing keys locally stored on a computer.
</p>
<p>
The latest release of the compiled bundle for Windows OS can be downloaded on the
associated
<a
href="https://github.com/nowina-solutions/nexu/releases"
class="external-link"
rel="nofollow"
>GitHub</a
>.
</p>
<p>Once downloaded, you need to extract it:</p>
<p align="center">
<span class="confluence-embedded-file-wrapper confluence-embedded-manual-size"
><img
class="confluence-embedded-image"
draggable="false"
height="125"
src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_21-20-48.png?version=1&modificationDate=1639417237067&api=v2"
data-image-src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_21-20-48.png?version=1&modificationDate=1639417237067&api=v2"
data-unresolved-comment-count="0"
data-linked-resource-id="467109167"
data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="image2019-10-10_21-20-48.png"
data-base-url="https://ec.europa.eu/digital-building-blocks/sites"
data-linked-resource-content-type="image/png"
data-linked-resource-container-id="467109156"
data-linked-resource-container-version="9"
alt=""
/></span>
</p>
<p>You can then use NexU by running the <em>NexU-Startup</em> file:</p>
<p align="center">
<span class="confluence-embedded-file-wrapper confluence-embedded-manual-size"
><img
class="confluence-embedded-image"
draggable="false"
height="104"
src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_21-20-57.png?version=1&modificationDate=1639417237076&api=v2"
data-image-src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_21-20-57.png?version=1&modificationDate=1639417237076&api=v2"
data-unresolved-comment-count="0"
data-linked-resource-id="467109168"
data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="image2019-10-10_21-20-57.png"
data-base-url="https://ec.europa.eu/digital-building-blocks/sites"
data-linked-resource-content-type="image/png"
data-linked-resource-container-id="467109156"
data-linked-resource-container-version="9"
alt=""
/></span>
</p>
</div>
</div>
<div id="3a" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-3a"
role="button">
<p>What are the B, T, LT, and LTA levels of an electronic signature?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-3a" class="accordion-content" role="region" aria-labelledby="3a">
<p>
Four levels of baseline signatures have been defined by ETSI standards for the CAdES,
XAdES, and PAdES formats. They are the:
</p>
<p>
- <strong>B-B level</strong>, which is the level of a
<strong> <em>Basic Signature</em> </strong> meaning that it is a signature that can be
validated as long as the signing certificate is valid (not revoked or expired).
</p>
<p>
- <strong>B-T level</strong>, which is the level of a
<strong> <em>Signature with Time</em> </strong>, meaning that it is a signature that
proves that the signature existed at a given point in time. It is built from the previous
level by adding a time stamp token on the signature as unsigned properties.
</p>
<p>
- <strong>B-LT level</strong>, which is the level of a
<strong> <em>Signature with Long-Term Validation Material</em> </strong>, meaning that it
is a signature that provides the long-term availability of the validation material by
incorporating all the material or references to material required for validating the
signature. It is built from the previous level by adding this material, that is: the
complete certificate and revocation data on the signature and the time stamp(s) as
unsigned properties.
</p>
<p>
- <strong>B-LTA level</strong>, which is the level of a
<strong>
<em
>Signature providing Long Term Availability and Integrity of Validation Material</em
> </strong
>. It is built from the previous level by adding a time stamp token on the validation
material as unsigned properties, thereby establishing evidence that the validation data
existed at the indicated time. This level targets the long-term availability and integrity
of validation material, and if appropriate measures are put in place (e.g. periodical
timestamping), a signature at this level could still be validated long after the
cryptographic algorithms used for its creation are no longer considered secure enough, or
more simply after the expiration of the validation data.
</p>
<p>
The appropriate level to use when creating an electronic signature depends on the intended
usage of the signature:
</p>
<p>
- If the signature only needs to be validated in the short term (e.g. when
signing invoices), a basic signature at the B-B level would usually be enough;
</p>
<p>
- On the other hand, if there is a need for a signature (and its eventual
qualification level) to be able to be validated in the long term, a preservation process
of periodical B-LTA level augmentation should be considered. Such a preservation
process is however usually much heavier to put in place than the simple generation of an
electronic signature and its application should be duly justified.
</p>
<p>
More information about these levels can be found in the standards ETSI EN 319 102-1
(section 4.3), 122-1, 132-1, and 142-1 (section 6).
</p>
</div>
</div>
<div id="3b" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-3b"
role="button">
<p>
What is the packaging enveloped, detached, enveloping, and internally detached of a
signature?
</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-3b" class="accordion-content" role="region" aria-labelledby="3b">
<p>
A signature can be enveloped or detached, whether it is included as an element of the file
containing the signed data or a separate signature file is created, that refers to the
data upon which it bears:
</p>
<p>
<span
class="confluence-embedded-file-wrapper image-center-wrapper confluence-embedded-manual-size"
><img
class="confluence-embedded-image image-center"
draggable="false"
height="250"
src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_21-34-43.png?version=1&modificationDate=1639417237110&api=v2"
data-image-src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_21-34-43.png?version=1&modificationDate=1639417237110&api=v2"
data-unresolved-comment-count="0"
data-linked-resource-id="467109171"
data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="image2019-10-10_21-34-43.png"
data-base-url="https://ec.europa.eu/digital-building-blocks/sites"
data-linked-resource-content-type="image/png"
data-linked-resource-container-id="467109156"
data-linked-resource-container-version="9"
alt=""
/></span>
</p>
<p>
It can also be enveloping when the signed data are included as a sub-element of the
signature, and in special cases where the signature is detached but both the signed data
and the signature data are included in another file, it is called internally detached.
(Internally detached signatures are very rarely used).
</p>
<p>
<span
class="confluence-embedded-file-wrapper image-center-wrapper confluence-embedded-manual-size"
><img
class="confluence-embedded-image image-center"
draggable="false"
height="250"
src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_21-35-0.png?version=1&modificationDate=1639417237123&api=v2"
data-image-src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_21-35-0.png?version=1&modificationDate=1639417237123&api=v2"
data-unresolved-comment-count="0"
data-linked-resource-id="467109172"
data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="image2019-10-10_21-35-0.png"
data-base-url="https://ec.europa.eu/digital-building-blocks/sites"
data-linked-resource-content-type="image/png"
data-linked-resource-container-id="467109156"
data-linked-resource-container-version="9"
alt=""
/></span>
</p>
<p>
Not all signature formats support these different locations and positionings of a
signature and a simplified overview can be given by the following:
</p>
<ul>
<li>Enveloped signatures can be created using XAdES or PAdES formats</li>
<li>Detached signatures can be created using XAdES or CAdES formats</li>
<li>Enveloping signatures can be created using XAdES or CAdES formats</li>
<li>Internally detached signatures can only be created using XAdES format.</li>
</ul>
</div>
</div>
<div id="3c" class="qa-item">
<button
class="accordion-title"
aria-expanded="false"
aria-controls="content-3c"
role="button">
<p>How to understand the detailed validation report?</p>
<img
src="/digital-building-blocks/sites/download/attachments/879493538/ico-arrow-down-primary.svg"
alt=""
aria-hidden="true" />
</button>
<div id="content-3c" class="accordion-content" role="region" aria-labelledby="3c">
<p>
Understanding this report requires a good knowledge of the validation processes and the
standards involved.
</p>
<p>
The detailed report has a structure that is composed of three types of blocks: The
signature block, the basic building blocks, and the Trusted Lists blocks.
</p>
<p>
<span
class="confluence-embedded-file-wrapper image-center-wrapper confluence-embedded-manual-size"
><img
class="confluence-embedded-image image-center"
draggable="false"
width="700"
src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_21-40-9.png?version=1&modificationDate=1639417237134&api=v2"
data-image-src="/digital-building-blocks/sites/download/attachments/467109156/image2019-10-10_21-40-9.png?version=1&modificationDate=1639417237134&api=v2"
data-unresolved-comment-count="0"
data-linked-resource-id="467109173"
data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="image2019-10-10_21-40-9.png"
data-base-url="https://ec.europa.eu/digital-building-blocks/sites"
data-linked-resource-content-type="image/png"
data-linked-resource-container-id="467109156"
data-linked-resource-container-version="9"
alt=""
/></span>
</p>
<p>
Under the eIDAS Regulation, a new dimension has been added to the classical validation of
an electronic signature: the determination of its qualification level.
</p>
<p>That is why the signature block is composed of two types of sub-blocks:</p>
<ul>
<li>
The first sub-blocks that summarize the result of “classic eSignature validation
processes” (cf. ETSI EN 319 102-1). The detailed information about those processes is
found in the building blocks.
</li>
<li>
The last sub-block with detailed information about the qualification level of the
signature (cf. ETSI TS 119 172-4).
</li>
</ul>
<p>
Each building block addresses a specific validation process, and contains extensive
information about it, such as cryptographic and format conformance checks, while the
Trusted Lists blocks provide the information used for accepting or rejecting a Trusted
List.
</p>
<p>
More information about the validation processes can be found in the DSS documentation:
<a
href="https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html#_the_signature_validation"
class="external-link"
rel="nofollow"
>https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html#_the_signature_validation</a
>.
</p>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="col-3 side-wrapper-section" id="faq-sidebar-nav"></div>
</div>
</div>
</section> |