FAQ - Signatur

Electronic signature security depends on a variety of factors.

The cryptographic technique used in creating the signature plays a key role to prevent modification of the signed message during transmission via the network or by the message recipient. The techniques supported by qualified signature creation devices usually provide adequate protection against later modification.

To ensure that no third party can sign a message in the signatory’s name, it is important for the signatory to securely store the signature creation data (the private keys). It is common to store such data in encrypted form on a hard drive or a smart card. When the data is stored on a hard drive, it could potentially be accessed by others such as hackers who intrude into PCs via the internet. Signature smart cards are designed in such a way as to prevent the signature creation data from ever leaving the smart card. The signature is determined mathematically within the smart card itself, when the smart card is unlocked using an authorisation mechanism (e.g. PIN code entry). The eIDAS Regulation and Implementing Decision (EU) 2016/650 define stringent requirements governing the storage of signature creation data for qualified electronic signatures.

Critical aspects include the program for generating the signature and the data format of the signed document. With some mail clients, users have an option to “Sign all outgoing messages”. In such a case the signatory could easily sign messages unintentionally, or during a brief absence a colleague could send signed messages from the signatory’s workplace.