When a party needs to rely on signed electronic data (e.g. a signed document), it is very often important that it can verify:
- The integrity of the signed data;
- The authenticity of the signed data.
The requirements for the validation of qualified electronic signatures are, in particular, described in Article 32 of the eIDAS Regulation. In this context,
- Integrity means that no modification has been made to the signed data after it has been signed;
- Authenticity means that the signature is supported by a qualified certificate identifying the signatory, and that only the signatory can produce the signature.
A summary and non-exhaustive overview of the steps involved in the validation process for qualified electronic signatures would be:
- The verification of the integrity of the data;
- The verification of the validity of the certificate;
- The verification of the qualified status of the certificate and;
- The verification if the signature was created by a qualified electronic signature creation device.
Finally, as numerous steps are involved in this validation process, the answer to a validation request can take the form of a validation report that contains the set of answers to the various verifications and steps involved during the validation process.