Line 3: |
Line 3: |
| {| class="FCK__ShowTableBorders" style="border-right: 0px; border-top: 0px; border-left: 0px; border-bottom: 0px; background-color: #404041" width="100%" align="center" | | {| class="FCK__ShowTableBorders" style="border-right: 0px; border-top: 0px; border-left: 0px; border-bottom: 0px; background-color: #404041" width="100%" align="center" |
| |- | | |- |
− | | style="border-right: white 1px solid; padding-right: 0px; padding-left: 0px; padding-bottom: 10px; padding-top: 10px; text-align: center; font-family: (blue); font-size: 12pt" width="11%" | '''[[E-Signatures in the GC|<span style="color: red">Home</span>]] | + | | style="border-right: white 1px solid; padding-right: 0px; padding-left: 0px; padding-bottom: 10px; padding-top: 10px; text-align: center; font-family: (blue); font-size: 12pt" width="11%" | '''[[E-Signatures in the GC|<span style="color: red">Home</span>]] ''' |
| |} | | |} |
| | | |
Line 9: |
Line 9: |
| | | |
| <div style="line-height: 1.5em; font-size: 175%; color:navy; font-family:'Helvetica Neue', 'Lucida Grande', Tahoma, Verdana, sans-serif;">'''Introduction'''</div> | | <div style="line-height: 1.5em; font-size: 175%; color:navy; font-family:'Helvetica Neue', 'Lucida Grande', Tahoma, Verdana, sans-serif;">'''Introduction'''</div> |
− | Jurisdictions throughout the world have adopted laws and regulations that recognize the validity of electronic documents and electronic signatures. Some jurisdictions are very technology specific, others are much more general and technology neutral. In addition, the terms and definitions surrounding electronic signatures tend to differ from one jurisdiction to another and this can lead to some degree of confusion. A more thorough examination of the terms and definitions used in other jurisdictions is provided in Annex A of the Government of Canada Guidance on using Electronic Signatures. | + | Jurisdictions throughout the world have adopted laws and regulations that recognize the validity of electronic documents and electronic signatures. Some jurisdictions are very technology specific, others are much more general and technology neutral. In addition, the terms and definitions surrounding electronic signatures tend to differ from one jurisdiction to another and this can lead to some degree of confusion. A more thorough examination of the terms and definitions used in other jurisdictions is provided in Annex A of the [https://www.canada.ca/en/government/system/digital-government/online-security-privacy/government-canada-guidance-using-electronic-signatures.html Government of Canada Guidance on using Electronic Signatures]. |
| | | |
− | At the Canadian federal government level, the terms electronic signature, digital signature and secure electronic signature are all present in Government of Canada (GC) legislation. The purpose of this post is to help clarify these terms so that they can be used consistently throughout the GC. This post is primarily based on the Government of Canada Guidance on using Electronic Signatures but provides a more condensed tutorial on the terminology. | + | At the Canadian federal government level, the terms electronic signature, digital signature and secure electronic signature are all present in Government of Canada (GC) legislation. The purpose of this post is to help clarify these terms so that they can be used consistently throughout the GC. This post is primarily based on the [https://www.canada.ca/en/government/system/digital-government/online-security-privacy/government-canada-guidance-using-electronic-signatures.html Government of Canada Guidance on using Electronic Signatures] but provides a more condensed tutorial on the terminology. |
− | <br></br> | + | <br><br> |
| <div style="line-height: 1.5em; font-size: 175%; color:navy; font-family:'Helvetica Neue', 'Lucida Grande', Tahoma, Verdana, sans-serif;">'''GC e-signature legislation and terminology'''</div> | | <div style="line-height: 1.5em; font-size: 175%; color:navy; font-family:'Helvetica Neue', 'Lucida Grande', Tahoma, Verdana, sans-serif;">'''GC e-signature legislation and terminology'''</div> |
− | Part 2 of the Personal Information Protection and Electronic Documents Act (PIPEDA) defines an electronic signature as follows: | + | Part 2 of the [https://laws-lois.justice.gc.ca/eng/acts/p-8.6/FullText.html Personal Information Protection and Electronic Documents Act (PIPEDA)] defines an electronic signature as follows: |
| | | |
| “a signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an electronic document.” | | “a signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an electronic document.” |
Line 29: |
Line 29: |
| Notice that both digital signatures and secure electronic signatures are considered to be a form of an e-signature. | | Notice that both digital signatures and secure electronic signatures are considered to be a form of an e-signature. |
| | | |
− | In the context of the GC the earliest definitions for digital signature date back over two decades with the introduction of the Payments and Settlements Requisitioning Regulation and the Electronic Payments Regulation. Both regulations define a digital signature exactly the same as follows: “the result of the transformation of a message by means of a cryptosystem using keys such that a person having the initial message can determine: | + | In the context of the GC the earliest definitions for digital signature date back over two decades with the introduction of the [https://laws-lois.justice.gc.ca/eng/regulations/sor-98-130/index.html Payments and Settlements Requisitioning Regulation] and the [https://laws-lois.justice.gc.ca/eng/regulations/sor-98-129/index.html Electronic Payments Regulation]. Both regulations define a digital signature exactly the same as follows: “the result of the transformation of a message by means of a cryptosystem using keys such that a person having the initial message can determine: |
| *whether the transformation was created using the key that corresponds to the signer’s key, and | | *whether the transformation was created using the key that corresponds to the signer’s key, and |
| *whether the message has been altered since the transformation was made.” | | *whether the message has been altered since the transformation was made.” |
| | | |
− | The Canadian Centre for Cyber Security also provides a definition for digital signature in ITSP.40.111: | + | The Canadian Centre for Cyber Security also provides a definition for digital signature in [https://cyber.gc.ca/en/guidance/cryptographic-algorithms-unclassified-protected-and-protected-b-information-itsp40111 ITSP.40.111]: |
| “a cryptographic transformation of data which provides the service of authentication, data integrity, and signer non-repudiation.” | | “a cryptographic transformation of data which provides the service of authentication, data integrity, and signer non-repudiation.” |
| | | |
Line 62: |
Line 62: |
| | | |
| Although not defined within Canadian legislation, there are some additional terms that you may encounter when deploying these solutions. | | Although not defined within Canadian legislation, there are some additional terms that you may encounter when deploying these solutions. |
− | For example, digitally signed MS Office documents conform to the XML Advanced Electronic Signature (XAdES) standards. When you examine the digital signature details of a digitally signed MS Office document, you may see the signature type identified as “XAdES-EPES”. This is one of the variants of the XAdES specification and according to Microsoft documentation is the default digital signature type for MS Office products. In addition, digitally signed PDF documents conform to the PDF AdES (PAdES) standards so you may encounter variants of PAdES when working with PDF documents. However, please note that users are typically not required to understand this level of detail. | + | For example, digitally signed MS Office documents conform to the [https://www.etsi.org/standards#page=1&search=XAdES&title=1&etsiNumber=1&content=1&version=0&onApproval=1&published=1&historical=1&startDate=1988-01-15&endDate=2020-06-01&harmonized=0&keyword=&TB=&stdType=&frequency=&mandate=&collection=&sort=1 XML Advanced Electronic Signature (XAdES) standards]. When you examine the digital signature details of a digitally signed MS Office document, you may see the signature type identified as “XAdES-EPES”. This is one of the variants of the XAdES specification and according to Microsoft documentation is the default digital signature type for MS Office products. In addition, digitally signed PDF documents conform to the [https://www.etsi.org/standards#page=1&search=PAdES&title=1&etsiNumber=1&content=1&version=0&onApproval=1&published=1&historical=1&startDate=1988-01-15&endDate=2020-06-01&harmonized=0&keyword=&TB=&stdType=&frequency=&mandate=&collection=&sort=1 PDF AdES (PAdES) standards] so you may encounter variants of PAdES when working with PDF documents. However, please note that users are typically not required to understand this level of detail. |
| | | |
| <div style="line-height: 1.5em; font-size: 175%; color:navy; font-family:'Helvetica Neue', 'Lucida Grande', Tahoma, Verdana, sans-serif;">'''Summary'''</div> | | <div style="line-height: 1.5em; font-size: 175%; color:navy; font-family:'Helvetica Neue', 'Lucida Grande', Tahoma, Verdana, sans-serif;">'''Summary'''</div> |
| | | |
− | This post addresses electronic signature definitions relevant to the GC. In summary, an “electronic signature” or “e-signature” should be thought of as an umbrella term that applies to any type of signature that can be represented electronically and associated with a document, record or transaction. A “digital signature” is a type of e-signature that is created and verified using asymmetric cryptography and supporting PKI. A “secure electronic signature” is a digital signature that meets the specific requirements defined in PIPEDA Part 2 and the SES Regulations. | + | This post addresses electronic signature definitions relevant to the GC. In summary, an “electronic signature” or “e-signature” should be thought of as an umbrella term that applies to any type of signature that can be represented electronically and associated with a document, record or transaction. A “digital signature” is a type of e-signature that is created and verified using asymmetric cryptography and supporting PKI. A “secure electronic signature” is a digital signature that meets the specific requirements defined in PIPEDA Part 2 and the SES Regulations. |
| | | |
− | The Government of Canada Guidance on Using Electronic Signatures document provides additional guidance regarding the use of e-signatures within the GC. Annex A of that document addresses e-signature terminology found in other jurisdictions including Provincial, the US and the European Union. | + | The [https://www.canada.ca/en/government/system/digital-government/online-security-privacy/government-canada-guidance-using-electronic-signatures.html Government of Canada Guidance on Using Electronic Signatures] document provides additional guidance regarding the use of e-signatures within the GC. Annex A of that document addresses e-signature terminology found in other jurisdictions including Provincial, the US and the European Union. |