Contact +34 93 606 49 16

Digital signature

Legislation and standards

Legislation and standards in electronic signature

Over and above the digital signature law, it is regulated by a series of laws and technical regulations which should ensure its proper implementation:

 

LISI

The law 56/2007, dated 29 December 2007, on measures to promoting Law 56/2007, published on 28 December, on Measures to Promote the Information Society, emerged with the purpose of encouraging the digital society. It lays out a series of mandatory steps in areas of great influence on economic activity, namely:

  • Electronic communications services to consumers, as set forth in Law 32/2003, published November 3, General of Telecommunications
  • Servicios financieros destinados a consumidores.
  • Water supply services to consumers
  • Gas supply services for retail sector
  • Electric supply services to end consumers
  • Travel agency services
  • Passenger transport services by road, rail, sea, or air
  • Commercial activities in retail sector.

LAECSP

The main objective of the Law 11/2007 of 22 June, related to electronic access of citizens to Public Service, is the development of a modern management, focused on delivering to citizens the most efficient service possible, taking advantage of the continuous advancement in information technology. The main impact lies in the fact that it makes the adoption of instruments for the development of eGovernment obligatory than optional. At Isigma, we offer advisory services to align your organization to the requirements of the LAECSP.

The law for digital signatures

The Law 59/2003 of December 19, 2003, for digital signatures, governs the validity of digital signatures in Spain and requirements to be met by certification service providers. Unlike the DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, dated 13 December 1999 that laid down a basic framework for digital signatures, law 59/2003 introduces the possibility to issue electronic certificates to lawful individuals and also regulates electronic ID card.

European directive for digital signatures

The DIRECTIVE 1999/93/EC of the EUROPEAN PARLIAMENT and COUNCIL, dated 13 December 1999, establishing a Community framework for digital signatures "is intended to facilitate the use of digital signatures and to contribute to their legal recognition. The present directive establishes a legal framework for digital signatures and certification services in order to ensure the correct functioning of the internal market.”

Order of the Treasury for the use of digital signatures on tax relations

ORDER HAC/1181/2003 dated 12 May, which is said to have laid down specific norms on the use of digital signatures in electronic tax relations over computer and telematics with the State Tax Administration Agency, is an example of how digital signatures can impact the automation of business processes.

Technical norms and standards

On the other hand, institutions such as CEN (European Centre for Standardisation), ETSI (European Telecommunications Standards Institute), the IETF-PKIX (Internet Engineering Task Force) or RSA Laboratories develop different standards, specifications and norms governing the technology, procedures and formats of information exchanged. Some of the most important ones are:

  • CEN-CWA Series 14 167: Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signature, which establishes requirements for software and hardware systems that manage the life cycle of certificates.
  • CEN-CWA 14169: Secure Signature Creation Devices" EAL 4 + ", which demands a protection profile for secure signature creation devices mentioned in the law 59/2003 dated 19 December 2003, for electronic signatures and the European directive.
  • ETSI TS 101 456 ESI: Policy Requirements for certification authorities issuing qualified certificates, which states a policy to be followed by certification service providers that issue recognised certificates.
  • ETSI TS 101 733 ESI: Electronic signature formats, which define the formats of the digital signatures. Each format presents more complete evidences than the previous format to be verifiable independently.
  • IETS-PKIXX: A long list of RFCs (Request For Comments) that try to ensure the interoperability of digital signature systems. As shown in the RFC 3280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC 3647 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework, the standards PKCS # (Public Key Cryptography Standards) of RSA Laboratories released now have laid the foundation for ensuring the interoperability of public key infrastructure (PKI - Public Key Infrastructure).

Digital signature requirements

What is required to sign digitally?

Requisitos_fe.png

The process to make digital signature requires four elements:

  • A digital certificate
  • A storage device for the certificates and their associated keys
  • An application to generate digital signatures
  • ... and finally, something to sign

Digital certificate

Gnome_Application_Certificate_64.png

The electronic ID is the certificate we need. In addition to the electronic ID card there are some organizations called Certification Service Providers such as Firmaprofesional which may also issue electronic certificates. A list of Certification Service Providers can be found on the website of the Ministry of Industry, Tourism and Trade. If you need an electronic certificate and do not have the electronic ID card, contact Firmaprofesional or any other of the above certification providers to get your certificate.

Certificate storage device

LTC31_04.jpg

The storage device for certificate and associated keys can be a hard drive (as has been usual with the certificates of the Fábrica Nacional de Moneda y Timbre - National factory of Coins and Stamps - for income declaration), a chip card (as in the case of electronic ID cards) or a USB token similar to the memory cards we generally use. If the device is a chip card, it will need a card reader.

Application to create digital signatures

banner_home_clicksign.png

There are many types of applications to generate digital signatures. It can be a simple email client, web form, or a program for the PC, such as the PADRE program of the Inland Revenue, which allows us to submit statement of income. Also, custom applications can be built for your business. Isigma offers a wide range of applications pertaining to digital signatures, including Clicksign Pro, desktop software that allows signing documents with ease (we offer a free version, Clicksign, which allows you to sign PDF documents.

Something to sign


The content you want to sign is data in electronic form. It can be an email, a PDF file, a photograph, a web form, a banking transaction or any information in electronic format.


Definitions

Spanish Law 59/2003 dated December 19, 2003, for digital signatures offers three types of digital signature:

  • Ordinary signatures: The law does not include the term "ordinary" but is often used to indicate that we are talking about a particular type of digital signatures. An ordinary digital signature is linked to "data in electronic form which is attached to or logically associated with other electronic data and which serves as a method of authentication."

  • Advanced digital signature: “Digital signatures that can identify the signer and detect any subsequent change in the signed data, linked only to the signatory and to the data that is created by means that the signatory can maintain under his exclusive control”

  • Qualified digital signature: “Advanced digital signature based on a qualified certificate and generated by a secure signature creation device." This definition has no equivalent in the European directive

Thus, each definition contains the previous and adds one more requirement.

From the above definitions it can be deduced that an appropriate system of user and password can generate ordinary digital signatures, while for the other two types more complex systems are needed based on message authentication code or public key cryptography.

What are digital signatures?

Relation to hand-written signatures

We are all familiar with the act of stamping our signature in paper documents. In fact we are fully confident in the legality of this mechanism. A digital signature is a computer-based system, with the same legal validity which allows us to affix our signature on a digital document.

Why is it necessary?

The computer has become an essential tool for us in both personal and professional surroundings. When we being to create a document, we always tend to produce it on a computer. Another fact to which we are so accustomed that we no longer consider important, is that email allows us to send these documents in their original format without having to turn it on paper. In this context, it was necessary to create a mechanism to allow us to replace the handwritten signature, applicable only to paper, with a digital form. This digital form is what we call digital signature.

Page 1 of 2

Digital signature for free!

Use ClickSign to sign any document with your personal digital certificates

Free download!

Blog electronic signature

16 October 2021

Our customers

Il·lustre Col·legi de Veterinaris de Barcelona
Consejo Andaluz de Veterinarios de Andalucía
Professional staff
DigiSign
Caixa d'Enginyers
FundeSalud
Ajuntament de Cornellà de Llobregat
Verificaciones Industriales de Andalucía
CCCB
AIDIMA
Ordesa
Universitat Ramon Llull
Ajuntament de Manresa
Esade
Universitat Rovira i Virgili
Chevrolet
Osborne
Seur
Cambra de Comerç de Barcelona
Barnatrans
Firmaprofesional
Mitsubishi Electric
apdcat
CatCert