Validation of signatures

The validation of an electronic signature is the process by which it is checked:

• La identity of the signatory
• La integrity of the signed document
• La temporary validity of the certificate used

We know that in the signing process, the signer uses his electronic certificate, specifically his private key, to obtain the electronic signature.

The first two verifications can be performed from an application without an internet connection simply by using the certificate included in the same signature.

But how do we know if that certificate is valid?, Was it revoked at the time of signing? Or if the authority that issued it is trusted?

The signature validation process cannot be separated from the certificate validation process used for the signature. And for that, the validation of the signature, also involves validation of the certificate.

The electronic certificate can only be validated while it is active, as once expired it disappears from the revocation lists of the Certification Authority and it is no longer possible to check what the status was at the time of signing.

If the certificate is not valid, or is expired or revoked, the signature cannot be validated correctly since we cannot know what the certificate was. certificate status at the time of signing.

Therefore, the three validations depend on the ability to validate the certificate, for which an Internet connection is necessary that allows access to a certificate. certificate validation platform.

Validation platforms are online systems that allow electronic certificates to be validated.

The Validation Authority is the component that provides information on the validity of electronic certificates that have been registered by a Registration Authority and certified by the Certification Authority. In general, the Certification Authority is also a Validation Authority, although both figures may be represented by different entities.

Information on revoked Electronic Certificates (not in force) is stored in the so-called certificate revocation lists (CRLs) maintained by the Validation Authorities.

Validation or verification of the status of a certificate can be done through the Internet by accessing the service provided by the Validation or Certification Authority that has issued the certificate. For example, for the case of Class 2 certificates issued by the FNMT you can check the status of the certificate by accessing the page Check Certificate Status.

As we have seen, the verification of each certificate must be done by accessing directly the services of the Validation or Registration Authority that has issued it. This can be a drawback when the number of certificates to be verified is high and, in addition, they have been able to be issued by different Certification Authorities.

Validation platforms arise to assist in these certificate verification operations. They centralize the validation services acting as fronts that receive each request and redirect it to the corresponding Validation Authority. In this way, the user of the service can forget the task of knowing the specific mechanisms of each of the Validation Authorities.

VALIDe (Application of Validation of Signature and Online Certificates of @signature) is the validation platform that the General Administration of the State makes available to the Administrations and citizens for the validation of certificates and, in addition, offers the following services:

• Validation of electronic signatures
• Generation of electronic signatures in multiple formats
• Display signatures with the help of the Viewer

The viewer is a tool that allows generate a report of the signature and see information of the electronic signature itself and of the signed document.

The document that is generated does not have the same legal value as the signature. In fact, it may be valid on terms that are determined for its use. In general, in this case, the printed document should contain a CSV or Secure Verification Code that allows the printed copy to be contrasted with the electronic original