Digital signatures are based on public/private keys and are only as secure as the signer’s private key. Sole control is the principle that ensures the signer – and no one else but the signer – has access to her/his signing key and can initiate a digital signature. This blog post takes a look at the details of sole control.
Digital signatures depend on a public/private key pair, where the signer uses a private key that is uniquely connected to his name, to sign a document. The recipient can always use the public key to verify the integrity and authenticity of the signed document.
Obviously, digital signatures are only as secure as the signer’s private key. If a private key gets compromised, anyone can potentially sign on the key owner’s behalf and cause substantial harm in doing so.
One way to protect the private signing key is to keep it in a smartcard or USB token which will only release it upon entry of a PIN. While this is considered secure and used for selected use cases, it is often not convenient, hence limiting the wide adoption of qualified digital signatures.
To make digital signatures ubiquitous and thereby fuel the digital economy in Europe, the European Commission has engaged in specifying a framework that allows qualified remote (cloud-based) digital signing: the eIDAS (“electronic IDentification, Authentication and trust Services”) regulation Nr. 910/2014.
Initially, the SAM will allow users to register for qualified digital signing. In the registration process, the user’s private signing key is created inside the HSM and uniquely connected to a second key – the user’s key authorization key. The latter can be loaded into a dedicated mobile app or otherwise provisioned to the end-user. Now, the user is in sole control of her/his qualified signing key, as the authorization key is in his possession with no one else having access.
When a registered user now wishes to apply a qualified digital signature,
Utimaco provides the first-to-market HSM that is certified against the stringent eIDAS requirements of EN 419 221-5, the “CryptoServer CP5 HSM”. The CP5 can host a custom SAM inside its secure hardware boundary, and it also supports side-by-side configurations, where an “external” SAM is running inside a different hardened and certified environment.
An initial version of this blog was published on September 17, 2018