A Digital or Electronic Signature is a wonderful thing. It enables us to digitally sign a document in an instant, reduces the amount of paper needed and allows us to speed up signing processes significantly. No more printing, documents, chasing whoever is responsible in your workplace to get a wet signature on multiple copies of a document, including an initial on every page.
That is all great, yet will that digital signature remain valid forever? Can it be trusted indefinitely and aren’t hackers able to tamper with digital signatures and create documents with a forged digital signature? These are all very valid and important questions to ask, and a particularly important aspect of this question is the “when?”. Immediately after signing a document digitally with your eID card for example, you can be sure everything is ok. But what with a document you sign today but which still has a legal purpose in 5, 10, 20 or even 50 years from now?
Therefore, not only the actual digital signature needs to be secure, but the security and storing a digital signature is possibly even more important.
In this article we’ll go more in depth on the technical implications and reasons why the preservation of a digital signature is of key importance.
How exactly does a Qualified electronic digital signature work?
We will use the example of signing a document with your eID. Assume you received a contract to be signed from your bank and you’ll sign it using your favorite pdf reader software. When you choose to sign the document:
- The software will calculate the cryptographic hash on the data to be signed.
- Next the software will ask to provide the eID card to generate a signature
- The software asks the user to put in the pin code (2-factor authentication)
- The card generates the digital signature on the cryptographic hash of the document
- The application collects the digital signature provided by the eID card
- The application stores the digital signature, for example embedded in the document (pdf)
The security and validity of the digital signature is provided using cryptographic solutions:
- The secure hash calculated on the document.
- The asymmetric encryption using PKI technology used by the eID card to generate a signature
- The use of certificates (e.g., X.509v3 qualified certificate) for generating a qualified advanced signature.
This also means all of these can be a reason for a signature to become invalid. If the hashing algorithm has been “broken” and becomes easy to generate fake documents with the same hash, it is theoretically possible to replace the original document with a forged one. If a certificate is revoked, the validity of the signature can no longer be validated etc. Which brings us to next question:
QeA: Why does preservation matter?
When receiving a digitally signed document, it is possible to check the validity of the document and digital signature. If the signature validation is successful, then we can assure ourselves that the document hasn’t been changed after the signature and that we can identify who has signed the document.
What will we do in 5 years, or 10 or 20 years? We can try to validate the signature again, however, there is a good chance that the certificate used in the signing process is expired. At this point we can no longer do a correct validation of the signature.
What if the document was signed with an eID which has been stolen after signing? The certificate will be revoked, and you can no longer validate the signature.
What if a cryptographic weakness was found in the cryptography used and it is now possible to create fake signatures. Can you still trust signatures making use of that technology? In this case you should assume that all signatures affected by that weakness are no longer valid. Anyone could generate fake signatures and provide you with so-called signed documents
Either way, no matter what technology used, there will be a time when the validity of a signature can no longer be validated.
This is where the preservation of digital signatures (and documents in general) becomes important. Fortunately, there are solutions to the problem.
As soon as you validate a digital signature you know you have a document that has been signed and can serve as legal evidence. As discussed, the act of validating the signature in the future will at some point become impossible. Either in the long term (certificate expiration) or in an unpredictable timeframe (cryptography algorithm broken or certificate revocation).
As such it is important to log the act of validating the signature itself. This means that at the time of validating the signature it is important to log the time of validation and storing this with the validated document and signature. Obviously, it is not enough to just write down a note saying the document and signature have been validated as this would easily be forged or added later. Again, it is needed to prove that this has been done. Proving that you have actually done the validation can be done using a Qualified Timestamp.
Timestamping a document is the process where a date and time (timestamp) are bound to that document. The date and time are requested from a qualified timestamp provider. This is a trusted service provider that guarantees providing an accurate and correct timestamp.
Similar to when signing a digital document, the steps are as follows:
- A cryptographic hash of the document is created
- The cryptographic hash of the document is provided to the timestamp authority
- The Timestamp authority signs the cryptographic hash including the actual time of signing
- The signed result is provided back to the submitter.
At this point we have proof that the document itself has been recorded at a certain point in time. This allows us to prove that in the future the document hasn’t been changed since the timestamping.
By timestamping the documents and their signature validation results it is therefore possible to prove that a document hasn’t changed
Is a single timestamp enough?
No, it is not. Just like with the digital signature itself, the validity of a timestamp can be questioned over time. Again, it is making use of cryptographic algorithms which may be broken over time. The Qualified Time Stamp Provider is again using certificates to sign the hashes. As we know, certificates expire and can be revoked as well. Therefore it is needed to repeat this process over time and timestamp documents on a regular basis as time goes by.
If we keep timestamping the documents again, the additional information of previous timestamps we actually create a chain of evidence records that provide undeniable evidence that those documents haven’t changed over time.
It is critical to not just timestamp the document itself over and over again, but to always timestamp the previous result. Therefore, we create a hash over all previous information, including it in the evidence chain. With new timestamps in the future, we can upgrade the cryptographic algorithms and make sure all certificates used by all parties involved have an expiration date sufficiently in the future we can protect ourselves against the problems that we already discussed. i.e., the cryptographic algorithms being compromised, or certificates expiring or being revoked.
Compiling this kind of evidence chain allows us to prove that at every point in time we can prove the document hasn’t changed over time and we have used cryptographic algorithms that were state of the art at the time of creating the evidence record.
Qualified electronic Archiving
It is clear that all the steps discussed to correctly preserve a digital signature is a process that is not trivial. This is where a QeA solution shines. As the receiver of a digitally signed document, it is important to have the document ingested into the archive as quickly as possible. As soon as a digital signature is preserved by the archive, you can rest assured that:
- The document is stored correctly
- The signatures in the document are validated
- All relevant information is timestamped correctly upon ingest
- Timestamps are renewed at regular intervals before problems with encryption or expiring certificates become an issue.
As a result, digital signature in a QeA remain valid forever because the following information is stored:
- The digitally signed data
- The digital signature on the data
- A proof of validity of the signature (timestamped signature validation report)
- Timestamp renewals before the validity of earlier timestamps can be questioned.
The integrity of all this data should be protected at all times. And this is exactly what a QeA solution provides.
A QeA is not only a technological solution but is also backed and defined by a strong legal framework to guarantee the authenticity, integrity, and then trust for all the preserved records.
The need for long-term preservation is acknowledged amongst others in Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market [i.2], as can be seen in recital (61):
“This Regulation should ensure the long-term preservation of information to ensure the legal validity of electronic signatures and electronic seals over extended periods and guarantee that they can be validated irrespective of future technological changes. “
In general, qualified preservation of digital signatures is implemented in the EU and worldwide laws, standards, and regulations. The most common and proven standards are the following:
- ETSI TS 119 511: Policy and security requirements for trust service providers providing long-term preservation of digital signatures or general data using digital signature techniques.
- ETSI EN 319 401: Electronic signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers.
- eIDAS Regulation:
- Article 34: Qualified preservation service for qualified electronic signatures
- Article 40: Validation and preservation of qualified electronic seals
Not only a technological solution
A QeA is not only a technical solution to a problem, but it also has the legal basis that it is building on. And it also imposes strict requirements on the supplier of the archive as well. To operate a QeA it is required to be a Qualified Trust Service Provider (QTSP). To become a Qualified Trust Service, the service must meet the legal requirements (Belgian Digital Act and upcoming eIDASv2 regulation). Before becoming a ‘Qualified’ Trust Service Provider the organization goes through a rigorous and independent assessment and undergoes regular audits to ensure that they continue to adhere to the QTSP requirements. This includes, but is not limited to providing regular training to all personnel, undergo an independent assessment and regular audits, have a business continuity plan in place etc.
Digital signatures are a full replacement of traditional wet signatures. Not only do they provide the same legal evidence, but they actually provide you with much more information and are virtually impossible to forge. Combined with a correct preservation of the signatures in a QeA, the signatures remain valid forever.