top of page
  • Writer's pictureLukas Pelcman

Advanced Electronic Signatures (AES) under the Microscope: Certificates

Updated: Feb 14

How is the authenticity of the signatory ensured in Advanced Electronic Signatures (AES)?

Short answer: By a certificate. Let us dive into more detail.

Introducing, the certificate

AES in itself does not say anything about the identity of the signer. Therefore, some connection needs to be established between the signatory in the analog world and the person holding the corresponding private key in the digital world.

That is what certificates are for. The certificate connects the identification of a specific person with the public key.

Certificates serve for the purposes of electronic confirmation connecting the data for verifying the validity of electronic signatures (public key) with a particular physical person, by way of confirming at least the name or pseudonym of this person.1

Next up: Trusted entity

At this stage, a trusted certification authority enters the process, the so-called qualified trust service providers, in Czech Republic, for example, Postsignum or I.CA.

The role of the certification authority is that of a trusted entity which guarantees that the information about the relatedness of a specific public key and a person's personal data are true.

The credibility of the certification authority is derived from the authorisation to act as one granted by the state.

Die-hard libertarians or crypto-anarchists most likely will not agree to this but it is probably a fact that our complex society would not survive without an elementary display of trust in third parties. At least in this instance, there will always have to be a way to verify a person's identity in the analog world in order to authenticate their actions in the world of ones and zeros.

It is possible to speculate whether this system could not be circumvented by a credible entry, for example, in a public blockchain, where the authenticity of entered data would be attested, for example, by paying a fee of a certain amount; but more on that another time.

What is in the certificate

From a technical point of view, a certificate is a file that contains identification data of a specific person and a public key. The certificate is also e-signed by the certification authority.

The fact that the certificate was actually signed by the certification authority can be verified thanks to the publicly available public key that is associated with the certification authority which had issued the certificate.

Public keys of certification authorities are publicly available precisely so that it is possible to verify the validity of certificates issued by such authorities.

The signatory will therefore send a certificate to the addressee of the message together with the unencrypted document and the e-signature (remember, e-signature is a document in its own right, not something that is being added or stamped to the original document).

Verification of advanced electronic signatures and more

The addressee can then verify that the original document delivered to her was signed by the person with whom the corresponding public key is also associated.

Thanks to the attached certificate, the addressee can subsequently verify that the person who signed the document was really the signatory, the identity of whom was verified by the certification authority.

And last but not least, the addressee will verify that the certificate was actually issued by the certification authority.

Advanced Electronic Signatures
Advanced Electronic Signatures

3 views0 comments


bottom of page