FAQ - Signatur

A qualified signature creation device is a signature creation device that meets the requirements specified in Articles 29 and 30 and in Annex II of the eIDAS Regulation. Implementing Decision (EU) 2016/650 and the technical standards laid down in this legislation specify these requirements in detail. The key concern of these provisions is to ensure that the signatory is the only person with access to the signature creation data.

The simplest way to meet the requirements is to store the signature creation data (i.e. the private keys) in a device used only for this purpose. For this reason, qualified signature creation devices are frequently found in the form of smart cards. The private keys are only on the smart card and never leave it. (With some cards, the keys are generated on the smart card itself. With others the keys are generated in a secure environment and then transferred to the smart card, while at the same time the keys outside of the smart card are deleted.) The signature is created within the smart card, after the smart card is unlocked, for instance by entering a PIN code.