Digital signatures are based on public/private keys and are only as secure as the signer’s private key. Sole control is the principle that ensures the signer – and no one else but the signer – has access to her/his signing key and can initiate a digital signature. This blog post takes a look at the details of sole control.

How signature activation ensures that only the owner of a key can access it for signing

For many centuries, paper signatures have been the method of choice to formally express consent, or declare a will, in a verifiable and persistent manner. Although paper signatures are still playing an important role in today’s economic and administrative interaction between individuals, businesses and public organizations, the handling of paper documents hampers the “digital transformation” of our society. To overcome this challenge, PKI-based qualified digital signatures have become an indispensable element in modern society. Not only do they allow more seamless digital interaction. They are also inherently more secure and cheaper than paper processes, if implemented properly.

Digital signatures rely on public/private key pairs

Digital signatures depend on a public/private key pair, where the signer uses a private key that is uniquely connected to his name, to sign a document. The recipient can always use the public key to verify the integrity and authenticity of the signed document.

Obviously, digital signatures are only as secure as the signer’s private key. If a private key gets compromised, anyone can potentially sign on the key owner’s behalf and cause substantial harm in doing so.

One way to protect the private signing key is to keep it in a smartcard or USB token which will only release it upon entry of a PIN. While this is considered secure and used for selected use cases, it is often not convenient, hence limiting the wide adoption of qualified digital signatures.

To make digital signatures ubiquitous and thereby fuel the digital economy in Europe, the European Commission has engaged in specifying a framework that allows qualified remote (cloud-based) digital signing: the eIDAS (“electronic IDentification, Authentication and trust Services”) regulation Nr. 910/2014.

eIDAS requirements for hardware security modules and signature activation modules

New call-to-actionThe eIDAS framework has set out clear requirements for the protection of private signing keys:

  • EN 419 221-5 is a protection profile for Hardware Security Modules (HSMs) which create and hold the private signing keys for eIDAS compliant digital signing.

  • EN 419 241-2 specifies a Signature Activation Module (“SAM”) to assure that only the owner of a key – and no one else – can access it for signing.

Initially, the SAM will allow users to register for qualified digital signing. In the registration process, the user’s private signing key is created inside the HSM and uniquely connected to a second key – the user’s key authorization key. The latter can be loaded into a dedicated mobile app or otherwise provisioned to the end-user. Now, the user is in sole control of her/his qualified signing key, as the authorization key is in his possession with no one else having access.

When a registered user now wishes to apply a qualified digital signature,

  1. she/he typically issues a signing request from a business application (e.g. a PDF reader, or a workflow system).

  2. the signing request is passed to the SAM.

  3. the SAM checks the signing request for validity and integrity in various ways.

  4. if the checks all come out positive, the SAM notifies the user (e.g. through a mobile app) that a signature has been requested in her/his name.

  5. the user confirms (or denies) the signing request (e.g. in the mobile app)

  6. by confirming, the user applies the key authorization key to unlock her/his private qualified signature key inside the HSM.

  7. this finally lets the HSM sign the document and return the signature to the business application.

Utimaco provides the first-to-market HSM that is certified against the stringent eIDAS requirements of EN 419 221-5, the “CryptoServer CP5 HSM”. The CP5 can host a custom SAM inside its secure hardware boundary, and it also supports side-by-side configurations, where an “external” SAM is running inside a different hardened and certified environment.

New call-to-action

 

An initial version of this blog was published on September 17, 2018