Electronic signature for companies
Introduction to electronic signature
Within the framework of the Plan de Transformation Numérique de la Commande Publique (PTNCP), the AIFE provides public and private entities with a free electronic signature solution. This solution, accessible either by API or by a dedicated utility, will allow everyone to create or control electronic signatures free of charge. This tool will thus facilitate the access of the greatest number of people to public procurement, which has been dematerialized since October 1, 2018. Since this date, it is mandatory to respond in a dematerialized way (i.e. digitally) to public contracts over €40,000. This implies being able to sign electronically rather than handwritten a certain number of contract documents. To date, only the electronic signature verification functionality is available.
The electronic signature
Like a signature on a handwritten document, an advanced electronic signature is used to identify the author of an electronic document and to guarantee that the document has not been altered between the time the author signed it and the time the reader consults it. To meet these objectives of identification and integrity in a digital context, the qualified electronic signature relies on a specific technology based on the principles of asymmetric cryptography. A scanned handwritten signature can in no way replace it. Indeed, it is always possible to modify a scanned document or to usurp the handwritten signature appearing on a digital document by copy/paste. For a given user, the electronic signature of a document results in the integration into this document of a code encrypted by the "private key" of the issuer as well as a "Certificate" of qualified level (containing a "public key" of deciphering) which identifies the signatory while making it possible to decipher the code (signature) of the transmitted document. Any subsequent modification of the document will result in the inability of the Certificate to decode it correctly. The electronic signature system therefore makes it possible to ensure the integrity of the latter. Each electronic "certificate" is nominal (it is specific to a single individual or legal entity). It is only considered "trusted" if it has been issued by a qualified "trusted authority" within the meaning of the eIDAS regulation. In addition, it has a limited period of validity. The challenge of an electronic signature verification service is therefore also to verify whether the signature was issued during the validity period of the certificate and while the issuing trusted authority was recognized by the national supervisory bodies.