What is an electronic signature?

With the development of the legal framework for electronic document workflow in Ukraine, several concepts denoting electronic signatures (EDS, QES, AES, etc.) have appeared. What is the difference between them and where they are used – let’s consider in the article.

Types of electronic signature

For a long time, only the concept of electronic digital signature (EDS) was common among users. However, with the enactment of the Law of Ukraine “On Electronic Trust Services” it lost its relevance. The adjusted concept of qualified electronic signature (QES) has replaced it.

Qualified electronic signature QES is an analog of a handwritten signature. Its legal force is confirmed by the Law of Ukraine “On Electronic Document Workflow and Electronic Documents”.

From a technical viewpoint, a QES is a set of electronic data that is formed from a document file, a signature key and a time stamp. Together they form a container (an archive that contains both the file and the signature at the same time) or a separate file that must be stored and verified together with the document. This data indicates that a particular signature key was applied to the document in the archive at a particular time and that the file (document) has not been modified. Thanks to the time stamp, it is possible at any moment to establish when the QES was applied to the document, and it is also proof that the document existed at a certain point in time.

QES and AES – what’s the difference?

The Law of Ukraine “On Electronic Trust Services” also allows the use of AES – advanced electronic signature. It has a lower level of information protection than the QES.

The storage medium on which QES and AES keys are formed are also different. A QES key is formed on a protected storage medium (in the device’s built-in memory). Externally, the storage medium looks like a regular USB flash drive, but has a high level of protection or the QES key can be located in a special secure server and, also, can be used as a “cloud key”. The AES key is formed into a file and stored on an ordinary storage medium – a flash drive, CD disk, etc.

The AES key can be copied, sent via email and other ways. A QES key is used only from the device on which it is generated.

The user cannot visually distinguish between QES and AES. The electronic signature can be verified on the website of the Central Certification Authority (CCA). To do this, you need to download any signed file. After verification, there will be an indication on the website which type of electronic signature – QES or AES – has been used in the document.

In what form are electronic signature keys issued?

Qualified providers shall issue electronic signature keys in the form of:

  1. A file stored on a computer, USB flash drive or other storage medium. Such a key is called a file key.
  2. A secure USB key (token) – a hardware key.
  3. A file stored in cloud storage – a cloud key.
  4. A file stored on a smartphone SIM card – Mobile ID.

File keys are used to create AES. They can be copied and stored anywhere. Hardware, cloud keys and Mobile IDs cannot be copied, so they are more secure.

To use a token, it must be connected to a computer and read. To use a Mobile ID, a phone number and PIN must be entered. The owner has access to the cloud key with two-factor authorization from any device with internet access.

Instantly sign documents in 1 click on your smartphone

How to get an electronic signature key?

The CCA website has a list of all qualified providers that issue QES keys (there are currently more than 20 of them). The website of each provider specifies the procedure for issuing keys. Namely, the procedure for obtaining Vchasno.KEP is described in detail in the instructions.

Legislation defines a list of documents required to obtain QES that is one for all service providers:

For individuals and individuals-entrepreneurs

  • Application for registration, which can be formed in the personal cabinet
  • A document certifying the identity
  • Taxpayer card (identification code)
For legal entities

  • Application for registration, which can be formed in the personal cabinet
  • A document certifying the identity
  • Extract from the Unified State Register
  • Original or certified copies of documents confirming the signatory’s affiliation with a legal entity and his/her powers (identity document, certificate, order of appointment, license, etc.)
  • Taxpayer card (identification code)

The certificate for QES is issued for up to 2 years, after which it must be renewed. This protects the QES owner from compromising the key. You can renew the QES certificate online.

Vchasno.KEP electronic signature

Vchasno.KEP is a cloud-based electronic signature for individuals, individuals-entrepreneurs and legal entities. The personal signature key is stored in a secure cloud storage, which has a certificate of CIPS (Comprehensive Information Protection System).

With the Vchasno.KEP key you can sign a document from a personal computer, laptop, smartphone or tablet from anywhere in the world. The cloud key is available to the owner 24/7. It cannot be stolen, copied or lost.

For detailed consultation on obtaining Vchasno.KEP for you and your employees, please contact our experts.

Get your Vchasno.KEP

Order secure cloud electronic keys from the qualified provider of electronic trust services Vchasno

The author's latest articles:

FAQs about EDS, QES, AES, hardware key

What is an electronic digital signature (EDS)?

An electronic digital signature (EDS) represents data in electronic form, obtained by cryptographic transformation, which is added to other data or documents and ensures their integrity and identification of the author.

What does an electronic digital signature look like?

Visually, an electronic digital signature looks like a set of digits. Its encryption and decryption is done with special software and performed in key certification centers.

What is a QES?

According to the Law of Ukraine “On Electronic Trust Services”, a qualified electronic signature (QES) is an advanced electronic signature that is created using a qualified electronic signature tool and is based on a qualified public key certificate. In other words, it is an electronic signature with a high level of security.

Who needs QES on a secure storage medium and when?

The current legislation requires state authorities, local governments and state-owned enterprises, notaries and state registrars to use QES on a secure storage medium.

What is a hardware key?

A hardware key (token) is a secure device for storing a QES. The token protects the data it contains from copying, illegal use, and unauthorized distribution.

What is a cloud digital signature?

A cloud digital signature is a digital signature that is stored on a provider's server using cloud software solutions.