With the development of the legal framework for electronic document workflow in Ukraine, several concepts denoting electronic signatures (EDS, QES, AES, etc.) have appeared. What is the difference between them and where they are used – let’s consider in the article.
Types of electronic signature
For a long time, only the concept of electronic digital signature (EDS) was common among users. However, with the enactment of the Law of Ukraine “On Electronic Trust Services” it lost its relevance. The adjusted concept of qualified electronic signature (QES) has replaced it.
Qualified electronic signature QES is an analog of a handwritten signature. Its legal force is confirmed by the Law of Ukraine “On Electronic Document Workflow and Electronic Documents”.
From a technical viewpoint, a QES is a set of electronic data that is formed from a document file, a signature key and a time stamp. Together they form a container (an archive that contains both the file and the signature at the same time) or a separate file that must be stored and verified together with the document. This data indicates that a particular signature key was applied to the document in the archive at a particular time and that the file (document) has not been modified. Thanks to the time stamp, it is possible at any moment to establish when the QES was applied to the document, and it is also proof that the document existed at a certain point in time.
QES and AES – what’s the difference?
The Law of Ukraine “On Electronic Trust Services” also allows the use of AES – advanced electronic signature. It has a lower level of information protection than the QES.
The storage medium on which QES and AES keys are formed are also different. A QES key is formed on a protected storage medium (in the device’s built-in memory). Externally, the storage medium looks like a regular USB flash drive, but has a high level of protection or the QES key can be located in a special secure server and, also, can be used as a “cloud key”. The AES key is formed into a file and stored on an ordinary storage medium – a flash drive, CD disk, etc.
The AES key can be copied, sent via email and other ways. A QES key is used only from the device on which it is generated.
The user cannot visually distinguish between QES and AES. The electronic signature can be verified on the website of the Central Certification Authority (CCA). To do this, you need to download any signed file. After verification, there will be an indication on the website which type of electronic signature – QES or AES – has been used in the document.
In what form are electronic signature keys issued?
Qualified providers shall issue electronic signature keys in the form of:
- A file stored on a computer, USB flash drive or other storage medium. Such a key is called a file key.
- A secure USB key (token) – a hardware key.
- A file stored in cloud storage – a cloud key.
- A file stored on a smartphone SIM card – Mobile ID.
File keys are used to create AES. They can be copied and stored anywhere. Hardware, cloud keys and Mobile IDs cannot be copied, so they are more secure.
To use a token, it must be connected to a computer and read. To use a Mobile ID, a phone number and PIN must be entered. The owner has access to the cloud key with two-factor authorization from any device with internet access.
How to get an electronic signature key?
The CCA website has a list of all qualified providers that issue QES keys (there are currently more than 20 of them). The website of each provider specifies the procedure for issuing keys. Namely, the procedure for obtaining Vchasno.KEP is described in detail in the instructions.
Legislation defines a list of documents required to obtain QES that is one for all service providers:
|For individuals and individuals-entrepreneurs
||For legal entities
The certificate for QES is issued for up to 2 years, after which it must be renewed. This protects the QES owner from compromising the key. You can renew the QES certificate online.
Vchasno.KEP electronic signature
Vchasno.KEP is a cloud-based electronic signature for individuals, individuals-entrepreneurs and legal entities. The personal signature key is stored in a secure cloud storage, which has a certificate of CIPS (Comprehensive Information Protection System).
With the Vchasno.KEP key you can sign a document from a personal computer, laptop, smartphone or tablet from anywhere in the world. The cloud key is available to the owner 24/7. It cannot be stolen, copied or lost.
For detailed consultation on obtaining Vchasno.KEP for you and your employees, please contact our experts.
FAQs about EDS, QES, AES, hardware key
What is an electronic digital signature (EDS)?
What does an electronic digital signature look like?
What is a QES?
Who needs QES on a secure storage medium and when?
What is a hardware key?
What is a cloud digital signature?
Thank you! We will contact youas soon as possible