Line 29: |
Line 29: |
| Notice that both digital signatures and secure electronic signatures are considered to be a form of an e-signature. | | Notice that both digital signatures and secure electronic signatures are considered to be a form of an e-signature. |
| | | |
− | In the context of the GC the earliest definitions for digital signature date back over two decades with the introduction of the [https://laws-lois.justice.gc.ca/eng/regulations/sor-98-130/index.html Payments and Settlements Requisitioning Regulation] and the [https://laws-lois.justice.gc.ca/eng/regulations/sor-98-129/index.html Electronic Payments Regulation]. Both regulations define a digital signature exactly the same as follows: “the result of the transformation of a message by means of a cryptosystem using keys such that a person having the initial message can determine: | + | In the context of the GC the earliest definitions for digital signature date back over two decades with the introduction of the [https://laws-lois.justice.gc.ca/eng/regulations/sor-98-130/index.html Payments and Settlements Requisitioning Regulation] and the [https://laws-lois.justice.gc.ca/eng/regulations/sor-98-129/index.html Electronic Payments Regulation]<sup><small>2</small></sup>. Both regulations define a digital signature exactly the same as follows: “the result of the transformation of a message by means of a cryptosystem using keys such that a person having the initial message can determine: |
| *whether the transformation was created using the key that corresponds to the signer’s key, and | | *whether the transformation was created using the key that corresponds to the signer’s key, and |
| *whether the message has been altered since the transformation was made.” | | *whether the message has been altered since the transformation was made.” |
Line 36: |
Line 36: |
| “a cryptographic transformation of data which provides the service of authentication, data integrity, and signer non-repudiation.” | | “a cryptographic transformation of data which provides the service of authentication, data integrity, and signer non-repudiation.” |
| | | |
− | In essence, a digital signature is a type of e-signature based on asymmetric cryptography. The signer of the message, document or transaction uses their private signing key to create a digital signature and anyone with access to the signed data and the signer’s public key verification certificate can verify the digital signature | + | In essence, a digital signature is a type of e-signature based on asymmetric cryptography. The signer of the message, document or transaction uses their private signing key to create a digital signature and anyone with access to the signed data and the signer’s public key verification certificate can verify the digital signature<sup><small>3</small></sup>. |
| | | |
| However, not all digital signatures are created equal and some are more reliable or robust than others. For example, the manner in which a signer’s identity is verified before issuing their public key verification certificate, the type of token used to store the signer’s private signing key, the trustworthiness of the Certification Authority (CA) that issues the public key verification certificate and the digital signature algorithm and key length (among other things) collectively determine the reliability of the digital signature. | | However, not all digital signatures are created equal and some are more reliable or robust than others. For example, the manner in which a signer’s identity is verified before issuing their public key verification certificate, the type of token used to store the signer’s private signing key, the trustworthiness of the Certification Authority (CA) that issues the public key verification certificate and the digital signature algorithm and key length (among other things) collectively determine the reliability of the digital signature. |
Line 49: |
Line 49: |
| | | |
| In addition, the SES Regulations: | | In addition, the SES Regulations: |
− | *prescribe a specific asymmetric algorithm to support digital signatures | + | *prescribe a specific asymmetric algorithm to support digital signatures<sup><small>4</small></sup> |
| *specify that the issuing Certification Authority (CA) must be recognized by the Treasury Board of Canada Secretariat by verifying that the CA has “the capacity to issue digital signature certificates in a secure and reliable manner” | | *specify that the issuing Certification Authority (CA) must be recognized by the Treasury Board of Canada Secretariat by verifying that the CA has “the capacity to issue digital signature certificates in a secure and reliable manner” |
| *include a presumption that, in the absence of evidence to the contrary, the electronic data has been signed by the person who is identified in the digital signature certificate or who can be identified through that certificate. | | *include a presumption that, in the absence of evidence to the contrary, the electronic data has been signed by the person who is identified in the digital signature certificate or who can be identified through that certificate. |
Line 62: |
Line 62: |
| | | |
| Although not defined within Canadian legislation, there are some additional terms that you may encounter when deploying these solutions. | | Although not defined within Canadian legislation, there are some additional terms that you may encounter when deploying these solutions. |
− | For example, digitally signed MS Office documents conform to the [https://www.etsi.org/standards#page=1&search=XAdES&title=1&etsiNumber=1&content=1&version=0&onApproval=1&published=1&historical=1&startDate=1988-01-15&endDate=2020-06-01&harmonized=0&keyword=&TB=&stdType=&frequency=&mandate=&collection=&sort=1 XML Advanced Electronic Signature (XAdES) standards]. When you examine the digital signature details of a digitally signed MS Office document, you may see the signature type identified as “XAdES-EPES”. This is one of the variants of the XAdES specification and according to Microsoft documentation is the default digital signature type for MS Office products. In addition, digitally signed PDF documents conform to the [https://www.etsi.org/standards#page=1&search=PAdES&title=1&etsiNumber=1&content=1&version=0&onApproval=1&published=1&historical=1&startDate=1988-01-15&endDate=2020-06-01&harmonized=0&keyword=&TB=&stdType=&frequency=&mandate=&collection=&sort=1 PDF AdES (PAdES) standards] so you may encounter variants of PAdES when working with PDF documents. However, please note that users are typically not required to understand this level of detail. | + | For example, digitally signed MS Office documents conform to the [https://www.etsi.org/standards#page=1&search=XAdES&title=1&etsiNumber=1&content=1&version=0&onApproval=1&published=1&historical=1&startDate=1988-01-15&endDate=2020-06-01&harmonized=0&keyword=&TB=&stdType=&frequency=&mandate=&collection=&sort=1 XML Advanced Electronic Signature<sup><small>5</small></sup> (XAdES) standards]. When you examine the digital signature details of a digitally signed MS Office document, you may see the signature type identified as “XAdES-EPES”. This is one of the variants of the XAdES specification and according to Microsoft documentation is the default digital signature type for MS Office products. In addition, digitally signed PDF documents conform to the [https://www.etsi.org/standards#page=1&search=PAdES&title=1&etsiNumber=1&content=1&version=0&onApproval=1&published=1&historical=1&startDate=1988-01-15&endDate=2020-06-01&harmonized=0&keyword=&TB=&stdType=&frequency=&mandate=&collection=&sort=1 PDF AdES (PAdES) standards] so you may encounter variants of PAdES when working with PDF documents. However, please note that users are typically not required to understand this level of detail. |
| | | |
| <div style="line-height: 1.5em; font-size: 175%; color:navy; font-family:'Helvetica Neue', 'Lucida Grande', Tahoma, Verdana, sans-serif;">'''Summary'''</div> | | <div style="line-height: 1.5em; font-size: 175%; color:navy; font-family:'Helvetica Neue', 'Lucida Grande', Tahoma, Verdana, sans-serif;">'''Summary'''</div> |