Re-signing of signatures

The focus is again on the immutability of the data which are supposed to be archived in the long term. It must be considered that a signature which is still secure today might be regarded as invalid later on (e.g. due to a key length which is not sufficient anymore). In case  of a legal dispute, it therefore must be proven that the signature was valid at the time when the signature was created.
According to § 17 of the German Signatures Act the re-signing procedure is applied, i.e. re-signing before he defined expiration of the qualification of an encryption algorithm. For the re-signing process new, valid algorithms and qualified time stamps are used accordingly.

If, however, the encryption algorithm or the certificates which were used, have become invalid, the digital signature will become invalid, too. A signature card which has become invalid would have the consequence that the signed documents cannot be used anymore.

img


Sec-PKI-server

 

The SecPKI server

For this scenario the SecPKI server is used. The SecPKI server verifies the validity and can re-sign, if necessary. After verification of the signature, the SecPKI server enters the hash values of document and signature into a hash tree and requests a time stamp from the trust center for it on a daily basis. If necessary (before the expiration of an algorithm), SecPKI can create a renewal signature. Thus, the evident value will be kept for all documents and signatures.

Questions? Please contact us!More about SecPKI