E-Signature: What about advanced electronic signature? 3/3

Advanced electronic signature

In order to explain the benefits of blockchain based digital signature with Woleet, we answered three questions :
– Is Woleet e-signature eIDAS compliant?
– What are the benefits of a signature with bitcoin evidence?
– You are here : What about advanced electronic signature?

eIDAS regulation defines three levels of signatures from the most basic to the most valuable:

  • Simple signature: any form of electronic signature.
  • Advanced electronic signature: see definition below. It is this level of digital signature that is most commonly used today.
  • Qualified signature: applicable to signatures made with X.509 V3 certificates delivered by qualified Trust Service Providers. This level of signature is used in the area of banks and by notaries.

Advanced digital signatures are defined in Article 26 of eIDAS regulation, as follows:

An advanced electronic signature shall meet the following requirements:

(a) it is uniquely linked to the signatory;

(b) it is capable of identifying the signatory;

(c) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and

(d) it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.”

This definition is supplemented by ETSI European Norms that define standard formats of digital signatures, depending on the format of the signed data : PAdES for PDF, XAdES for XML, CAdES for binary data.

This format is not compatible with bitcoin signatures as it considers that the signature is made with X.509 certificates.

Beyond this, eIDAS regulatory package does not define how to meet the definition of advanced electronic signature, contrary to qualified signatures, for which conformity criteria are precisely defined and subject to a qualification procedure (you need to use a qualified certificate and a qualified electronic signature creation device). So the provider of an advanced digital signature shall demonstrate by its own means how it meets the definition.

We can demonstrate how Woleet signature can meet advanced digital signature definition, to be completed in some cases, as described in the following:

  1. This requirement is fulfilled by the use of asymmetric key pairs. By design, Woleet.ID Server prevents that a key pair is linked with more than one user.
  2. Woleet provides a basic identification solution, that needs to be completed with other solutions providing relevant level of identity evidence according to the business risks.
  3. Woleet provides various solutions to protect the private key, the more secure being the use of Ledger. Such a hardware offers good guarantee level that the key is under the sole control of the user.
  4. This requirement is fulfilled by the use of hash function.