Commercio Developers Guide

# 5.1 Electronic signatures Primer

Commercio.network mission is to bring the Blockchain technology to give companies the freedom to sign any document with their own electronic signature. We believe in the principle that an electronic document should not be denied legal effect on the grounds that it is in a paper form.

From CEF website

# What is an electronic signature

An electronic signature is an electronic indication of a person’s intent to agree to the content of a document or a set of data to which the signature relates. Like its handwritten counterpart in the offline world, an electronic signature is a legal concept capturing the signatory's intent to be bound by the terms of the signed document.

## Three types of electronic signatures The eIDAS Regulation defines three levels of electronic signature: 'simple' electronic signature, advanced electronic signature and qualified electronic signature. The requirements of each level build on the requirements of the level below it, such that a qualified electronic signature meets the most requirements and a 'simple' electronic signature the least.

# 'Simple' Electronic Signatures

An electronic signature is defined as "data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign" (eIDAS Article 3) . Thus, something as simple as writing your name under an e-mail might constitute an electronic signature.

### Advanced Electronic Signatures (AdES) An advanced electronic signature (eIDAS Article 3) is an electronic signature which is additionally:

  • uniquely linked to and capable of identifying the signatory;
  • created in a way that allows the signatory to retain control;
  • linked to the document in a way that any subsequent change of the data is detectable. The most commonly used technology able to provide these features is the use of a public-key infrastructure (PKI), which involves the use of certificates and cryptographic keys.

# Qualified Electronic Signatures (QES)

A qualified electronic signature (eIDAS Article 3) is an advanced electronic signature which is additionally:

  • created by a qualified signature creation device;
  • and is based on a qualified certificate for electronic signatures. Signature creation devices come in many forms to protect the electronic signature creation data of the signatory, such as smartcards, SIM cards, USB sticks. "Remote signature creation devices" can also be used where the device is not in the physical possession of the signatory, but managed by a provider. Those remote qualified signature solutions offer an improved user experience while maintaining the legal certainty offered by qualified electronic signatures. Qualified certificates for electronic signatures are provided by (public and private) providers which have been granted a qualified status by a national competent authority as indicated in the national 'trusted lists' of the EU Member State. Those lists can be accessed through the Trusted List Browser. Many providers of qualified certificates will deliver the corresponding private key on a qualified signature creation device. While different levels of electronic signatures may be appropriate in different contexts, only qualified electronic signatures are explicitly recognized to have the equivalent legal effect of hand-written signatures all over the EU.

# When to use an electronic signature

Electronic signatures can be used in a variety of situations. As their legal effects are equivalent to the ones of handwritten signatures, qualified electronic signatures can be used in any situation, even cross-border, where handwritten signatures are used, such as:

  • Contracts (sales, employment, lease, insurance, etc.)
  • Transactions (e-commerce, online banking, etc.)
  • Administrative procedures (tax declarations, requests for birth certificates, etc.)

5.2 Simple Electronic Signature with a Self Signed Certificate in your DDO