The legal significance of the electronic signature is regulated by the Electronic Document and Electronic Certification Services Act (EDECSA).
B-trust electronic signatures provide a high level of security. Any change, after signing a document, makes the signature invalid and the recipient will be warned that the document has not retained its original content. It is not possible another person to sign a document on your behalf with an electronic signature.
Private and public key
The electronic signature is a unique pair of digital keys. The first key is private and secret. It combines something you have with something you know. It is generated and stored on a smart card (something you have). Only you, the owner of the signature, have access to the card and the key in it by PIN code (something you know). You sign with the private key. The other key from the key pair is public. It is required in order to be read the signature, signed with the private key. Every issued signature’s public key is available on the B-trust website, if not restricted by its owner, and can be viewed and downloaded by anyone. This allows verification of the documents, signed by the respective owner of the private key. If a public key other than the key in the pair is used, the signature cannot be verified.
Storing the QES
The Holder is obliged to store/safeguard the private key at any time of the certificate’s validity in a manner that protects it from any discredit, loss, disclosure, modification and unauthorized use. From the very creation of the key pair, the Holder shall be personally and solely liable for the confidentiality and integrity of the private key. Each use of the private key shall be deemed as an action of the certificate’s owner.
We, in our capacity as CSP, advise:
- Store your QES in the same way as your personal documents
- Insert the smart card and the card reader in the computer only when you use them
- Every time when you leave your electronic signature connected to your computer, you create conditions for malicious access to the signature’s PIN code and malicious actions with negative consequences for the signature’s Holder
- Notify us of any suspicion of improper use of the signature
The CSP does not store and does not have access to information about who and where uses their signature.
Certification Services Provider
The Qualified Certification Services Provider (QCSP) is a legal entity, accredited within the meaning of the EDECSA that provides the technologies and infrastructure for the provision of certification services.
BORICA AD is registered Certification Service Provider under a decision No 994/09.09.2010 of the CRC (Communications Regulation Commission).
BORICA AD is certification service provider that has successfully passed an audit for compliance with Regulation (EU) No 910/2014 of the European Parliament and of the Council of Europe on “Electronic identification and trust services for electronic transactions in the internal market”. The LSTI EAST EUROPE Accreditation Body - accredited in compliance with the Regulation, found out full compliance with the requirements of the Regulation.
BORICA AD, as a registered CSP, performs the following legally regulated activities:
- issuing QCQES
- maintenance and management of QCQES
- keeping records
- verification (validation) of electronic signatures
- providing QSCD for generation and storing cryptographic keys and for creation of.....
- QCQES time verification
Qualified Certification Services Providers are subject to control over the reliability and security of the certification services by the CRC. Only they can issue Qualified Electronic Signature Certificates as they meet strict technical infrastructure requirements and are obliged to follow strict rules and procedures for issuance of electronic signature.
BORICA AD is personal data administrator, registered by the Commission for Personal Data Protection pursuant to Art. 14, para. 4 of the Law for Protection of Personal Data in the Register of the personal data administrators with Certificate No. 0000044 of 27.04.2004.
The provider develops, operates and maintains a national PKI infrastructure for issuance of electronic certificates and certification services with B-trust as a certification authority.
The Certification Authority is organized management unit within the Certification Services Provider. Performs functions of provision and maintenance of certification services.
In order to carry out their activity, certification service providers should:
Maintain available funds or have insurance, which enable them to perform the activities in accordance with the requirements of this Act, as well as cover the damages for failure to fulfill their obligations under this Act.
Possess technical equipment and technologies that ensure the reliability of the systems used and the technical and cryptographic security of the executed processes.
Have personnel with the necessary expertise, experience and qualifications to carry out the activity, in particular in the field of qualified electronic signatures, as well as good knowledge of security procedures; staff shall carry out their duties by observing administrative and management procedures established in accordance with the generally accepted standards.
Provide conditions for accurate determining the time of issuance, suspension, resumption and termination of certificates.
Ensure measures against counterfeiting certificates, and when the SCPs offer the service creating a private and public key, they ensure confidentiality of the data creation process.
Use reliable systems for storing and managing certificates that provide:
- only duly authorized employees to be able to make changes in the certificates’ status;
- authentication of the information;
- possibility for restricted access to the published certificates;
- technical problems related to security to be immediately reported to the servicing staff.
Ensure the maintenance of secure and reliable register and ability to immediately suspend and terminate the operation of the certificates.
Keep all the information related to qualified signature certificates from the moment of its receipt for a period of 10 years.
The Certification Service Provider cannot use the stored information for purposes other than those related to their activity. The CSP may provide to third parties only the information kept in the certificates.
Features and structure
The qualified electronic signature is equivalent to a handwritten signature.
It ensures credibility and irrevocability of the signed electronic documents. The signed document remains signed no matter whether you store it on magnetic, optical or other media and whether you send it by an e-mail, or access it via the Internet. Signing by electronic signature means that you:
- identify yourself as author of the electronic document
- agree with the content of the document
- protect the document from subsequent changes
Qualified electronic signature is an electronic signature within the meaning of Art. 3, p. 12 of Regulation (EU) No 910/2014.
"Qualified Electronic Signature" means an advanced electronic signature, created by a qualified electronic signature creation device, based on a Qualified Electronic Signature Certificate.
"Qualified Electronic Signature Certificate" means an electronic signature certificate issued by a Qualified Certification Services Provider.
The Qualified Electronic Signature Certificate contains information about the Signatory (Holder) and the legal entity with which it is associated, such as:
- Name / name of company or organization
- Personal No (or Personal Identification Number of a Foreigner)
- Unified Identification Code - UIC (The Holder is related to the legal entity)
- Other data
The parties, associated with the electronic signature, are:
- Qualified Certification Services Provider (QCSP)
- Relying Parties
“Holder of an electronic signature“ means an individual who creates an electronic signature.
“Holder” of electronic signature is an individual who makes electronic statement (signs). In case you are going to make electronic statements by yourself (you will represent yourself) as an individual, only your personal data will be entered in the electronic signature.
If you make an electronic statement on behalf of another individual or legal entity, data about them will be also entered in the electronic signature.
Only the Holder has access to the private key of the electronic signature!
You can check the validity of an electronic signature in the Public Register of Electronic Signatures B-Trust.
What type of electronic signature do I need?
Where electronic signatures are used?