FAQ (Frequent Asked Questions)
“The US National Institute of Standards and Technology (NIST) has issued NIST Special Publication 800-57, Recommendation for Key Management. In 800-57, NIST advises that 1024-bit RSA keys will no longer be viable after 2010 and advises moving to 2048-bit RSA keys. NIST advises that 2048-bit keys should be viable until 2030.
Based on the NIST recommendations, the CAB Forum and Microsoft have implemented requirements to move from 1024-bit to 2048-bit RSA.
CAB Forum requirements for Extended Validation Certificates
- Requires a minimum of 2048-bit RSA keys for Root and Subordinate CAs.
- Requires a minimum of 1024-bit RSA keys for end entity certificates and 2048-bit keys for end entity certificates that expire after 31 December 2010. “
It is possible to request On-Site installation and testing from us, read the service section. However below you have a short explanation:
1) Appointing "Signature Issuer Responsible" (SIR) and obtaining certificate.
Minimum one "Signature Issuer Responsible" (SIR) or "company quality responsible" needs to be appointed in your company/organization. Their responsibility is to to approve the identity of an employee or member of organization and certify their digital signature using the official company certificate. The SIR (Signature Issuer Responsible) can certify the digital identification/signature using an official certificate.
It is possible to apply for an official certificate from Easy Signature, or use the demo certificate under the Signature/certificate Maintenance tab. (See below)
2) Create personal un-certified signature information.
Everyone in your company can create personal un-certified signature information and send it to the Signature issuer responsible to obtain a private signature (*.SIG).
This can be done under the signature maintenance tab. (see below)
3) Certify Digital signature/Identification.
The "Signature Issuer Responsible" (SIR) can generate a valid private signature (*.SIG) for everyone, for intra document signing proposes. This can be done under the signature/certificate maintenance tab. (See below)
You can apply for an official certificate from Easy Signature certificate, under the Signature/certificate Maintenance tab.
You need to fill in all the fields and create an unsigned certificate info file *.UCI. Then you send this file to Easy signature
Once a file is signed, it will always be signed and validated. However, the company certificate has a certain validity time depending on the public key size to ensure cryptography safety. The standard time is 3-15 years for a 2048 bit key size. Essentially there are no limitations, so bigger key size means that your certificate is valid longer. Easy signature can create certificate on any key size.
When you apply for an official Easy signature certificate, you will be given an opportunity to inform how many years your company prefers to have a valid certificate.
Easy signature files contains all the information (and more) specified in the standard, but does not follow the formatting of PKCS#7. It may do in the future.
The reason for this is that PKCS#7 format does not support:
- Customized signatures (Graphical presentation of the signature , title, etc).
- Embedded files. (ensures that the original file that was signed is always available).
Easy Signature is designed to be completely independent on external services (Easysoft included). It is a PKI solution that is for free and an alternative to In-House Development and expensive solutions. This is a big benefit compared to competitive solutions.
If you have incorporated Easy Signature software in your routines and procedures, you can actively use it during the time limit for your certificate. When your certificate has expired you can always reapply for a new certificate. Your old digitally signed documentation is always valid and can be checked with a notice that your certificate has expired. Hence it is important to apply for a certificate duration that fulfills your documentation needs.
Guideline on date and time for compliance (example 21CFR Part 11) states that:
“You should implement time stamps with a clear understanding of what time zone reference you use. Systems documentation should explain time zone references as well as zone acronyms or other naming conventions.” Read more here.
Easy signature version 1.01 is using the local time on the computer during signature. This means that the signer need to make sure that the local time in the computer is correct. Furthermore Easy Signature 1.01 does not record the time zone in the signature file.
The latest easy signature software (1.02) and the future versions records time zone in the digital signature format. In addition the end-user is prompted to confirm the date and time zone.