Digital signature: enhanced safety because of LuxTrust’s licensed validation service

Today, more than ever, electronic signatures are at the heart of the exchange of electronic documents and many dematerialized processes. But apart from the convenience of use, the ability to validate an electronic signature is equally important to avoid any dispute. Anne Reuland, Legal and Regulatory Director of LuxTrust, shares her expertise in this area.

Signature validation primarily answers security and compliance issues that are well known to companies. We remind you that in order to be used as evidence, an electronic signature must make it possible to prove:

  1. identity of the signatory;
  2. the consent of the signatory to the content of the document (or to the obligations contained in it, if it is a contract);
  3. the link between the signed document and the signatory (s);
  4. document integrity.

“If necessary, it will be necessary to provide proof that all these requirements have been met. To do this, it may be wise to use a signature validation service, ”says Anne Reuland.

A rigorous process in the service of security

Electronic signature validation is primarily carried out in order to address the risks associated with the validity of the certificate (whose validity is limited and which, in fact, can be revoked), cryptographic obsolescence, as well as the level of Trusted Certification. Authorities. Also, in order to be valid in the eyes of French regulations (Decree of 22 March 2019), the verification procedure must take into account at least:

  1. identity of the signatory;
  2. the certificate of signatory belongs to one of the categories recognized by the decree of March 22, 2019 (issued by a qualified trust service provider or by a certification body, French or foreign, which meets equivalent requirements);
  3. compliance with the signature format (XAdES, CADES or PAdES);
  4. unexpired and irrevocable nature of the certificate on the day of signing;
  5. the integrity of the signed document.

Although this process is already very complete, LuxTrust, which provides a validation service certified at the highest (qualified) level, goes beyond this framework by offering validation that is as rigorous as it is easy to set up.

“We check the integrity of documents, the validity of certificates and the level of trust. This service is fully automatic. The user only needs to load the document, send it for signature, receive the signed document, and then click on the validation button integrated into the platform to start the process, ”says Anne Reuland.

The electronic signature has been examined

In detail, validation performs a set of checks that are both technical and reliable. To perform all the necessary checks, LuxTrust mainly relies on the information present in the electronic certificate embedded in the signed document. The validator will thus have access to multiple data:

  • algorithms used to calculate and encrypt fingerprints;
  • OID (unique number) Certification policies and the name of the Certification Body on which it depends;
  • certificate validity dates;
  • signature of the Certification Authority;
  • a public key corresponding to the private key used to sign the document;
  • use (or use) intended for a certificate (Authentication, Signature or Confidentiality).

“Several technical elements are systematically checked, such as the integrity and validity of the certificate: calculating the document’s fingerprint, decrypting the signature with a public key, which provides the origin of the document’s fingerprint, calculated at the time of signing, and comparing two fingerprints that must be identical.

This is followed by a two-stage validation of the certificate. The first step is to verify that the date of signature (which can be verified by time stamp) is indeed within the validity period of the certificate, and the second ensures that the certificate is not revoked at the time of signing, mainly via OCSP (Online Certificate Status Protocol). issued this certificate “, explains the legal and regulatory director of LuxTrust.

Unique easy-to-use platform

Automatic and fully transparent electronic signature validation is a LuxTrust service directly integrated into COSI, their eIDAS certified platform for trust services. Adhering to ETSI European Validation Standards, this qualified validation service generates an XML file containing the verification results.

Sealed as qualified by LuxTrust, the latter is therefore enforceable in the event of a dispute before a court. COSI also generates a simplified validation report in PDF format with both the final validation result and details of the results of the verified elements in color code (green, orange or red) depending on the validation result obtained. A quick and understandable way to visualize the results of this test.

Choose a service with many benefits

This validation service has many other benefits, starting with accessibility via a web application (the user only needs to load a document to get a signature validation result) or via an API call (validation is then automatically integrated into the workflow). Specific certificates and certification authorities that do not appear in European trust repositories may also be considered by the validation service to signal to a group of users that the signatures, stamps and timestamps in question are reliable.

“In short, LuxTrust provides a complete validation service that enables users and companies to validate electronic signatures produced across Europe through a simple, intuitive and automated experience and through harmonized and understandable reports,” concludes Anne Reuland.


Leave a Comment