FutureTrust pilots portal presents eIDAS-related innovations – Signature Generation & Sealing Service and Validation Service

The EU-funded FutureTrust project today has released two important trust service components at pilots.FutureTrust.eu: The Signature Generation & Sealing Service (SigS) allows to create electronic signatures and seals in standardised formats using a large variety of signature or seal creation devices and the comprehensive Validation Service (ValS) can be used to validate electronic signatures, seals, certificates and evidence records.

FutureTrust pilots portal presents eIDAS-related innovations

To support the broad adoption of electronic identification (eID) and trusted services for electronic transactions in the internal market according to the eIDAS-Regulation (EU) No 910/2014, the EU-funded FutureTrust project has explored major parts of the “eIDAS-Ecosystem” in order to create innovative components, services and applications, which are expected to shape the “Future of Trust”. The recently launched FutureTrust Pilots Portal (https://pilots.FutureTrust.eu) continously presents eIDAS-related innovations, which will simplify the utilisation of eID and electronic signature technology in real world applications. After the initial release of the pan-European eID-Broker, which is powered by SkIDentity technology and supports electronic identification means and eID cards from Germany, Estonia, Luxembourg, Belgium, Portugal, Serbia and Georgia, the FutureTrust project has now released two important trust service components for the generation and validation of electronic signatures and related cryptographically protected data objects.

An important goal of ‘FutureTrust’ was to simplify the use of eIDAS-related technologies in

Jon Shamah-2 small
Jon Shamah

practice. Against this background it is a great pleasure to see how easy it is to use the Signature Generation & Sealing Service (SigS) for the creation of signatures and seals in standardised formats using a variety of signature creation devices,” explains Jon Shamah, Chair of EEMA and Leader of the FutureTrust Dissemination Work Package.

That it is now even possible to use the German eID card to create advanced electronic signatures is particularly nice for German citizens,” adds Dr. Detlef Hühnlein, CEO and founder of ecsec GmbH and leader of the FutureTrust Pilots Work Package. “The novel combination of eID and sealing technology to create smart advanced electronic signatures demonstrates that there are large intrinsic synergies between the various eIDAS services, which only need to be exploited.

FutureTrust Signature Generation & Sealing Service (SigS)

The FutureTrust Signature Generation & Sealing Service (SigS) makes it possible to generate advanced and qualified electronic signatures and seals using a large variety of signature and seal creation devices from different issuers across Europe. Among the supported signing tokens is the German eID card, the German Health Professional Card (HPC), the qualified signature cards issued by the German Chambers of Industry and Commerce (“IHK-Signaturkarte”) and various qualified signature creation devices from Luxembourg, Estonia, Belgium and Portugal for example. The SigS operates in a specially secured environment and supports standardised signature formats and the interface standards recently developed at ETSI ESI and OASIS DSS-X as well as the ChipGateway protocol jointly developed by ecsec GmbH and LuxTrust SA. A distinctive feature of the SigS is the close integration with the pan-European eID-Broker, which allows to create smart advanced electronic signatures based on a suitable electronic identification processes, which do not only enable advanced electronic signatures with the German eID card, but also smart signing processes based on arbitrary identity management systems. Depending on the signing or sealing device and the format of the provided document (PDF, XML or other format), SigS produces advanced or qualified electronic signatures and seals in standardised formats, such as CAdESXAdES or PAdES. In order to support a variety of application scenarios and compliance requirements, SigS allows to add time-stamps and supports the different baseline signature conformance levels standardised by ETSI (B – Basic Signature, T – Signature with Time, LT Signatures with Long-Term validation Material and LTA – Signatures providing Long Term Availability and Integrity of Validation Material).

FutureTrust Validation Service (ValS)

While most currently available components for validating advanced and qualified electronic signatures and seals are limited to specific document and signature formats, are not available as Open Source or even have been shown to be vulnerable, the FutureTrust project has developed the comprehensive FutureTrust Validation Service (ValS), which is able to validate electronic signatures, seals, certificates and evidence records and will become Open Source within the FutureTrust piloting phase.

Potentially the most important application of the FutureTrust Validation Service is the validation of Advanced and Qualified Electronic Signatures and Seals generated with the SigS or other signature generation and sealing services in standardised formats, such as CAdESXAdES or PAdES. Furthermore, the FutureTrust Validation Service is also able to validate related signature objects including X.509 Certificates, for which the revocation status and the trustworthiness according to a provided set of trust anchors in a Trusted List is checked, and Evidence Records (ERS), which enable efficient long-term preservation of digital signatures. The rules for validation are determined by configurable “Signature Validation Policies” and ValS returns the validation result in a machine-readable, XML- or JSON-based, validation report. Last but not least, the FutureTrust Validation Service is designed in an extensible manner, such that modules for other not (yet) standardised signature formats or validation policies can be easily plugged into the ValS in a well-defined manner.

URL:https://pilots.futuretrust.eu