212/2012 Sb.
DECREE
of 13 October. June 2012
on the structure of the data, on the basis of which it is possible to uniquely
identify the signer, and the procedures for verification of the validity of the
advanced electronic signature, electronic tags, a qualified
a certificate of a qualified system certificate and qualified
time stamp (the Decree on the validation of the guarantee
electronic signature)
Ministry of the Interior, establishes, pursuant to section 20 (2). 4 of law No. 227/2000 Coll.
on electronic signature and amending some other acts (the Act on
electronic signature), as amended by Act No. 517/2002 Coll., Act No.
440/2004 Coll., Act No. 424/2010 Coll. and Act No. 167/2012 Coll.:
§ 1
The structure of the data, on the basis of which it is possible to uniquely identify
the signer Information, which enables the unambiguous identification of
of the signatory to be included in the structure of the numbers in the desetimístného
a decimal number in the range up to 1 100 100 100 4 294 967 295.
§ 2
The validation of the advanced electronic signature or electronic
tags
The validity of the advanced electronic signature, which is a signed data
message, or electronic tags, which is marked with a data message, the
validates cryptographic standard asymmetric algorithm
referred to in annex 1 to this notice and the cryptographic
hash function specified in annex 2 to this Decree, which
match the schema that was used when creating advanced electronic
signature or electronic tags.
Verify the validity of a qualified certificate or a qualified
System certificate
§ 3
(1) at the moment, to which it is verified the validity of a qualified
certificate or a qualified system certificate, is the moment of
delivery of a data message, where applicable, the earliest point in time at which the
already proven there was an advanced electronic signature, or
electronic certificate-based brand, whose validity is
validated.
(2) if the qualified certificate or a qualified system
at the time of certificate referred to in paragraph 1 is valid, and if the data report
signed by electronic signature or marked with an
connected a valid qualified time stamp, verifies the validity of the
a qualified certificate or a qualified system
certificate to the time referred to in a qualified time
stamp.
(3) the time to which it is verified the validity of a qualified
System certificate, on which it is based on electronic tag
indicating a qualified timestamp is the time the delivery of data
messages, possibly the earliest point in time at which the already proven
There was a qualified timestamp.
(4) if the qualified certificate, on which it is based
email mark indicating a qualified timestamp in
the time to which it is verified by its validity, valid, and if it was to
ověřovanému a qualified timestamp or the data report
bearing the authenticated by a qualified timestamp then connected
at the time of validity of this qualified system certificate for more
qualified time stamp marked electronic marker based
on a qualified system certificate, which was at the time under
paragraph 3 is a valid, verifies the validity of a qualified system
certificate on which is based the electronic marker that indicates
authenticated qualified time stamp to time referred to in
then connected a qualified timestamp.
(5) If a qualified timestamp to ověřovanému or to the data
message bearing the authenticated by a qualified timestamp attached
more other qualified time stamps, the procedure referred to in
paragraph 4 to verify the validity of a qualified timestamp of the time
the information referred to in the qualified time stamp appended after
the qualified timestamp.
§ 4
(1) verify the validity of a qualified certificate or a qualified
System certificate includes
and) to verify that the qualified certificate or a qualified
the system certificate in the expire interval,
(b)) the validation of the electronic tag indicating the qualified
certificate or a qualified certificate,
(c) verify that qualified) certificate or a qualified system
the certificate was not invalidated, and the verification of the electronic mark which
qualified certification services provider (hereinafter referred to as
"the provider") called the certificate revocation list or information
about the status of the certificate, and a qualified system certificate
the provider,
d) validation of all qualified system certificates and
electronic tags identifying the qualified system certificates
in the certification path and
(e)) to verify that the certificate was issued as a qualified certificate, or
as a qualified system certificate.
(2) verify that qualified or qualified system certificate
the certificate was not, at the time, to which it is verified by its entry into force,
invalidated, in accordance with the certification policy
the provider that issued the certificate. It is used to verify that the list of
certificate revocation, for the verification of the applicable list of last
the list, which was released within 24 hours from the time that the
the certificate is validated, where appropriate, each of the following list of
issued before the end of the validity interval of the certificate being validated. If
the time limit of 24 hours exceeds the interval of validity of the certificate being verified,
all lists are lists, record released since the last list
the issued certificate's validity interval after the last list that
was released within 24 hours from the time that the validity of
the certificate is validated.
(3) a certification path means a hierarchically organized sequence of
certificates, which includes being validated by a qualified certificate, or
qualified system certificate being validated and qualified system
the certificate provider, which is based on electronic tag
being a qualified certificate or authenticated
qualified system certificate for each additional qualified
the system provider certificate, on which it is based, electronic
make a qualified system certificate provider that was
recently included in the certification path, and ends with a qualified
the system certificate provider marked with an electronic tag,
that is based on himself.
(4) to verify that the certificate on which is based the advanced electronic
signature or electronic brand, was issued as a qualified
certificate or a qualified certificate, as the system is carried out
qualified system certificate validation providers on
which is based on an electronic certificate, the verification tag
Register of issued qualified system certificates that
the provider uses, led by the Ministry of the Interior. If the certificate was
issued by a certification services provider established in another State
It is considered a qualified, if it was issued within the service issue
qualified certificates held in the trust list.
certification services as a service, for which the provision is
accredited certification services provider, and as a service, over the
the provision of supervised by directly applicable
Regulation of the European Union).
§ 5
A qualified timestamp validation
(1) verify the validity of a qualified time stamps includes
and the links between) the verification of a data message and connected by a qualified
the time stamp
(b)) the validation of the electronic tag indicating the qualified
time stamp and
(c)) the validation of the qualified system certificate on which the
is based electronic mark indicating a skilled time
stamp.
(2) verify the binding between a data message and connected by a qualified
the time stamp is carried out according to the standard cryptographic hash
function of the corresponding function used in the calculation of fingerprint data messages
referred to in a qualified timestamp.
§ 6
The effectiveness of the
This Decree shall enter into force on 1 January 2000. July 2012.
Minister:
Kubice in r.
Annex 1
Cryptographic standards of asymmetric algorithms
-----------------------------------------------------------------------------------------------
The index of an asymmetric cryptographic standards, shortened name
the asymmetric algorithm algorithm
-----------------------------------------------------------------------------------------------
1.01 rsa [1]
-----------------------------------------------------------------------------------------------
1.02 dsa [2]
-----------------------------------------------------------------------------------------------
1.03 ecdsa-Fp [2.3]
-----------------------------------------------------------------------------------------------
1.04-ecdsa F2m [2.3]
-----------------------------------------------------------------------------------------------
1.05 ecgdsa-Fp [4]
-----------------------------------------------------------------------------------------------
ecgdsa-1.06 F2m [4]
-----------------------------------------------------------------------------------------------
Standards:
[1] ISO/IEC 14888-3: Information technology-Security techniques-Digital signatures with appendix--Part 3: Certificate-based mechanisms.
[2] NIST: FIPS Publication 186-2: Digital Signature Standard (DSS).
[3] Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), ANSI X 9.62-1998.
[4] ISO/IEC FCD 15946-2: Information technology-Security techniques-Cryptographic techniques based on elliptic curves-Part 2: Digital signatures.
Annex 2
Standards for cryptographic hash functions
-----------------------------------------------------------------------------------------------
The index of the abbreviated name of the cryptographic hash Standards
function hash function
-----------------------------------------------------------------------------------------------
2.01 sha-1 [5,6]
-----------------------------------------------------------------------------------------------
sha-256 2.02 [6]
-----------------------------------------------------------------------------------------------
2.03 the sha-384 [6]
-----------------------------------------------------------------------------------------------
2.04 the sha-512 [6]
-----------------------------------------------------------------------------------------------
2.05 ripemd160 [5]
-----------------------------------------------------------------------------------------------
Standards:
[5] ISO/IEC 10118-3: Information technology-Security techniques-Hash functions
-Part 3: Dedicated hash functions.
[6] NIST: FIPS Publication 180-3: Secure Hash Standard (SHS).