The eIDAS-regulation, which came fully into force in July 2016, provides a Europe wide mandatory legal framework for digital identities and trust services. It enables trustworthy digital transaction between public administrations, companies and citizens of the European Member States. In this context, eIDAS contains two main parts: digital identities and trust services.
This publication focuses on these trust services, introduced by eIDAS and explains in detail:
- the legal framework on the eIDAS-Regulation (EU) No 910/2014 [(EU)910/2014],
- the eIDAS/ETSI- framework based on [M460] of the European Commission for standardisation of electronic signatures, seals and timestamps and trust services,
- the technical principles concerning the cryptographic foundations of digital signature techniques,
- the formats of signatures, seals, timestamps and evidence records on base of the eIDAS/ETSIframework for standardisation and the RFC-Standards [RFC3161, RFC4998, RFC6283],
- the trust services in practice, based on the eIDAS-Regulation.
Concerning the trust services, this publication deals in detail with the generation and validation of (qualified) electronic signatures, seals and timestamps as well as with preservation services and additionally mentions further trust services and the trusted lists. (Qualified) electronic signatures or seals make the authenticity and integrity of electronic records evident against 3rd parties, a (qualified) time stamp gives a valid Proof of Existence (PoE) and evidence for the time of transactions.
Therefore, digital signature techniques and trust services are of particular importance here because they make any manipulation or falsification of the original electronic data immediately recognisable and therefore represent the technical basis for the secure and legally binding execution of electronic business transactions.
Source: Federal Office for Information Security, Germany