Electronic signature

How to do it?
Instructions for electronic signature.

An electronic signature, based on PKI (Public Key Infrastructure) technology, is the use of a pair of cryptographic keys to identify communicating partners in the electronic world. A key pair is a generic name for a private key, also referred to as electronic signature creation data, and a public key, also referred to as electronic signature verification data.

The ownership of a given key pair and its identity is then proven by the communicating partner through the appropriate certificate. Certificates are issued by a so-called Certification Authority, an independent trusted entity.

The task of the Certification Authority is to verify the identity of the certificate applicant and to uniquely bind his/her identification to the data for the creation of the electronic signature through the certificate it issues to the applicant. The issued certificate then constitutes a kind of "electronic identity card" during communication.

Similarly to ID cards, certificates have a certain validity, usually 1 year. Before the expiry of this period, it is possible to apply electronically for the issue of subsequent certificates if the data on the basis of which the initial certificate was issued have not changed.

In case the owner of the certificate suspects misuse or theft of its data for the creation of an electronic signature, he/she has the possibility to immediately apply for the invalidation of the respective certificate, as in the case of an ID card.

The detailed procedures for the provision of individual services of Certification Authorities are elaborated in the Certification Policy document published by each Certification Authority.

Certification Authorities usually provide several types of certificates. Certificates intended for normal communication of commercial entities are referred to as "commercial certificates" and are used for the creation of electronic signatures.

In case you want to communicate electronically with state and local governments, "qualified certificates" are usually required, which are certificates that can only be issued by Accredited Certification Authorities and their issuance is subject to the requirements of the relevant legislation - Act No. 297/2016 Coll., on electronic signature. A qualified certificate is used to create a guaranteed electronic signature or a recognised electronic signature.