Dear users,
We would like to recommend verification of electronic signatures before submitting and sending message in your electronic mailbox. All the information why the verification of signatures is necessary is available in the text below.
How do I verify the validity of the electronic signature?
The validity of the electronic signature in the completed electronic form can be verified in “Signature detail” function or the electronic signatures in the “Attachments” section by pressing the “…” button and “Verify Signature” function (Figure 1) or by using qualified validation service.
Figure 1 - Verification of the validity of the electronic signature in the message constructor directly in the electronic mailbox
(document and attachments)
Why should I verify the validity of my signature before submitting and sending a message in electronic mailbox?
The D.Signer/XAdES application for creating a qualified electronic signature at slovensko.sk allows you to create a signature even if your qualified certificate has been revoked. Before signing, the application shows the date of the end period for which the certificate was issued (“valid until”), which does not take into account the revocation of the certificate before expiration. Neither the application nor the portal automatically verify the validity of signatures in the documents in the form before sending. The signatures shall be verified only by the public authority, which is the addressee of message.
If the electronic form is submitted and sent signed with the revoked qualified certificate, the authorities may reject or postpone it. In some procedures they are not obliged to inform you of the postponement. Thus, in some cases, the sender of the document can become aware of the invalidity of the signature only after the relevant time limits for filing (or appeal, application for financial contribution, etc.) so the sender is no longer able to remedy the error.
In case you attach documents signed with a qualified electronic signature created in third party applications in your electronic submission, the signature may be invalid, for example if it is created in an unsupported signature format or with an unqualified certificate.
We therefore recommend that you verify the validity of the signatures before submitting and sending the electronic form.
Collective cancellation of certificates in Slovakia in the near term:
- 15th of December 2021 — Collective revocation of mandate certificates issued by the Slovak National Certification Authority (also referred to as ‘SNCA’);
- 31st of December 2022 — Collective revocation of qualified certificates on identity cards with chip and residence permit documents with chip.
Examples of collective withdrawals of certificates in Slovakia in the previous period:
- 7th of August 2021 — Collective revocation of certificates on Smart Card Starcos SPK 3.0 chip cards due to the end of their chip certification;
- 30th of October 2017 — Collective revocation of qualified certificates on ID cards with chip and residence permit documents with chip.
A qualified certificate may be revoked, for example, for the following reasons:
- the applicant for a qualified certificate does not confirm the receipt of the issued certificate (in the case of remote issuance on the ID card, he will not sign the receipt electronically);
- the certificate holder requests the cancellation of the certificate, for example because of the theft of a secure device for the creation of the certificate or the invalidation of the data on the certificate;
- the collective cancellation by issuer due to the end of the validity of the certificates of a Security qualified electronic signature creation device (QSCD);
- the certificate issuer shall revoke the certificate because of the change or invalidity of the data entered in the qualified certificate;
- WSCD cannot be used to create a qualified electronic signature for technical reasons such as damage or blockage of the device.
How do I verify the validity of the qualified certificate?
The Central Government Portal currently provides the possibility to verify the validity of a qualified certificate by:
- Verification of the validity of an electronic signature created with a qualified certificate by a Signature Authentication Service, such as an Informative Verification Service (only in Slovak) or the “Verify signatures” function in an electronic mailbox.
Other options of verifying the validity of the certificate
- Verification for certificates in ID cards with an electronic chip and residence card documents with the electronic chip by the electronic service of the Ministry of the Interior of the Slovak Republic (only in Slovak).
- Verification of a qualified certificate inserted in the connected smart card reader in QES app, available free of charge on the website of the National Security Authority (also referred to as “NSA”), after selecting the certificate (Figure 2 number 1), if not already selected, will display a validation message — (Figure 2), where it is updated to CRL/OCSP at 11:59:42, but the validation took place 6 seconds later 11:59:48,
- After downloading the certificate in the file format (.cer) by verifying the validity of the certificate itself by the relevant certificate verification service (e.g. European Commission demo service, applications supporting OCSP, LockIt from NSAs, etc.).
Figure 2 — Signature validity check before sending a message
Related:
Last modified: 24. 11. 2021
Publication date: 18. 11. 2021