The Decree On The Validation Of Advanced Electronic Signature

Original Language Title: vyhláška o ověřování platnosti zaručeného elektronického podpisu

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now

Read the untranslated law here: https://portal.gov.cz/app/zakony/download?idBiblio=77709&nr=212~2F2012~20Sb.&ft=txt

212/2012 Sb.



DECREE



of 13 October. June 2012



on the structure of the data, on the basis of which it is possible to uniquely

identify the signer, and the procedures for verification of the validity of the

advanced electronic signature, electronic tags, a qualified

a certificate of a qualified system certificate and qualified

time stamp (the Decree on the validation of the guarantee

electronic signature)



Ministry of the Interior, establishes, pursuant to section 20 (2). 4 of law No. 227/2000 Coll.

on electronic signature and amending some other acts (the Act on

electronic signature), as amended by Act No. 517/2002 Coll., Act No.

440/2004 Coll., Act No. 424/2010 Coll. and Act No. 167/2012 Coll.:



§ 1



The structure of the data, on the basis of which it is possible to uniquely identify

the signer Information, which enables the unambiguous identification of

of the signatory to be included in the structure of the numbers in the desetimístného

a decimal number in the range up to 1 100 100 100 4 294 967 295.



§ 2



The validation of the advanced electronic signature or electronic

tags



The validity of the advanced electronic signature, which is a signed data

message, or electronic tags, which is marked with a data message, the

validates cryptographic standard asymmetric algorithm

referred to in annex 1 to this notice and the cryptographic

hash function specified in annex 2 to this Decree, which

match the schema that was used when creating advanced electronic

signature or electronic tags.



Verify the validity of a qualified certificate or a qualified

System certificate



§ 3



(1) at the moment, to which it is verified the validity of a qualified

certificate or a qualified system certificate, is the moment of

delivery of a data message, where applicable, the earliest point in time at which the

already proven there was an advanced electronic signature, or

electronic certificate-based brand, whose validity is

validated.



(2) if the qualified certificate or a qualified system

at the time of certificate referred to in paragraph 1 is valid, and if the data report

signed by electronic signature or marked with an

connected a valid qualified time stamp, verifies the validity of the

a qualified certificate or a qualified system

certificate to the time referred to in a qualified time

stamp.



(3) the time to which it is verified the validity of a qualified

System certificate, on which it is based on electronic tag

indicating a qualified timestamp is the time the delivery of data

messages, possibly the earliest point in time at which the already proven

There was a qualified timestamp.



(4) if the qualified certificate, on which it is based

email mark indicating a qualified timestamp in

the time to which it is verified by its validity, valid, and if it was to

ověřovanému a qualified timestamp or the data report

bearing the authenticated by a qualified timestamp then connected

at the time of validity of this qualified system certificate for more

qualified time stamp marked electronic marker based

on a qualified system certificate, which was at the time under

paragraph 3 is a valid, verifies the validity of a qualified system

certificate on which is based the electronic marker that indicates

authenticated qualified time stamp to time referred to in

then connected a qualified timestamp.



(5) If a qualified timestamp to ověřovanému or to the data

message bearing the authenticated by a qualified timestamp attached

more other qualified time stamps, the procedure referred to in

paragraph 4 to verify the validity of a qualified timestamp of the time

the information referred to in the qualified time stamp appended after

the qualified timestamp.



§ 4



(1) verify the validity of a qualified certificate or a qualified

System certificate includes



and) to verify that the qualified certificate or a qualified

the system certificate in the expire interval,



(b)) the validation of the electronic tag indicating the qualified

certificate or a qualified certificate,



(c) verify that qualified) certificate or a qualified system

the certificate was not invalidated, and the verification of the electronic mark which

qualified certification services provider (hereinafter referred to as

"the provider") called the certificate revocation list or information

about the status of the certificate, and a qualified system certificate

the provider,



d) validation of all qualified system certificates and

electronic tags identifying the qualified system certificates

in the certification path and



(e)) to verify that the certificate was issued as a qualified certificate, or

as a qualified system certificate.



(2) verify that qualified or qualified system certificate

the certificate was not, at the time, to which it is verified by its entry into force,

invalidated, in accordance with the certification policy

the provider that issued the certificate. It is used to verify that the list of

certificate revocation, for the verification of the applicable list of last

the list, which was released within 24 hours from the time that the

the certificate is validated, where appropriate, each of the following list of

issued before the end of the validity interval of the certificate being validated. If

the time limit of 24 hours exceeds the interval of validity of the certificate being verified,

all lists are lists, record released since the last list

the issued certificate's validity interval after the last list that

was released within 24 hours from the time that the validity of

the certificate is validated.



(3) a certification path means a hierarchically organized sequence of

certificates, which includes being validated by a qualified certificate, or

qualified system certificate being validated and qualified system

the certificate provider, which is based on electronic tag

being a qualified certificate or authenticated

qualified system certificate for each additional qualified

the system provider certificate, on which it is based, electronic

make a qualified system certificate provider that was

recently included in the certification path, and ends with a qualified

the system certificate provider marked with an electronic tag,

that is based on himself.



(4) to verify that the certificate on which is based the advanced electronic

signature or electronic brand, was issued as a qualified

certificate or a qualified certificate, as the system is carried out

qualified system certificate validation providers on

which is based on an electronic certificate, the verification tag

Register of issued qualified system certificates that

the provider uses, led by the Ministry of the Interior. If the certificate was

issued by a certification services provider established in another State

It is considered a qualified, if it was issued within the service issue

qualified certificates held in the trust list.

certification services as a service, for which the provision is

accredited certification services provider, and as a service, over the

the provision of supervised by directly applicable

Regulation of the European Union).



§ 5



A qualified timestamp validation



(1) verify the validity of a qualified time stamps includes



and the links between) the verification of a data message and connected by a qualified

the time stamp



(b)) the validation of the electronic tag indicating the qualified

time stamp and



(c)) the validation of the qualified system certificate on which the

is based electronic mark indicating a skilled time

stamp.



(2) verify the binding between a data message and connected by a qualified

the time stamp is carried out according to the standard cryptographic hash

function of the corresponding function used in the calculation of fingerprint data messages

referred to in a qualified timestamp.



§ 6



The effectiveness of the



This Decree shall enter into force on 1 January 2000. July 2012.



Minister:



Kubice in r.



Annex 1



Cryptographic standards of asymmetric algorithms

-----------------------------------------------------------------------------------------------

The index of an asymmetric cryptographic standards, shortened name

the asymmetric algorithm algorithm

-----------------------------------------------------------------------------------------------

1.01 rsa [1]

-----------------------------------------------------------------------------------------------

1.02 dsa [2]

-----------------------------------------------------------------------------------------------

1.03 ecdsa-Fp [2.3]

-----------------------------------------------------------------------------------------------


1.04-ecdsa F2m [2.3]

-----------------------------------------------------------------------------------------------

1.05 ecgdsa-Fp [4]

-----------------------------------------------------------------------------------------------

ecgdsa-1.06 F2m [4]

-----------------------------------------------------------------------------------------------



Standards:



[1] ISO/IEC 14888-3: Information technology-Security techniques-Digital signatures with appendix--Part 3: Certificate-based mechanisms.



[2] NIST: FIPS Publication 186-2: Digital Signature Standard (DSS).



[3] Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), ANSI X 9.62-1998.



[4] ISO/IEC FCD 15946-2: Information technology-Security techniques-Cryptographic techniques based on elliptic curves-Part 2: Digital signatures.



Annex 2



Standards for cryptographic hash functions

-----------------------------------------------------------------------------------------------

The index of the abbreviated name of the cryptographic hash Standards

function hash function

-----------------------------------------------------------------------------------------------

2.01 sha-1 [5,6]

-----------------------------------------------------------------------------------------------

sha-256 2.02 [6]

-----------------------------------------------------------------------------------------------

2.03 the sha-384 [6]

-----------------------------------------------------------------------------------------------

2.04 the sha-512 [6]

-----------------------------------------------------------------------------------------------

2.05 ripemd160 [5]

-----------------------------------------------------------------------------------------------



Standards:



[5] ISO/IEC 10118-3: Information technology-Security techniques-Hash functions

-Part 3: Dedicated hash functions.



[6] NIST: FIPS Publication 180-3: Secure Hash Standard (SHS).