What is an electronic signature?

An electronic signature is an electronic mechanism that allows the equivalent of a handwritten signature to be appended to an electronic document. This is done by means of cryptography, which involves using a PKI system (a signature certificate ) with a public key and a private key that belong to the signatory. The signature mechanism takes the digital 'fingerprint' of the document to be signed. This 'fingerprint', which is itself a file, is encrypted by the signatory's private key following a predetermined algorithm. For signatures of PDF documents, this encrypted fingerprint is inserted, along with proof of the time (a timestamp issued by a certified authority), and proof of the the certificate signature’s validity (issued by the certificate authority).

The result of an electronic signature can be compared to a hand-stamped wax seal. The wax seal prevents the signed document from being subsequently altered in any way (if it has been changed, the user can see that the seal has been broken). The stamp is the mark of the person who applied it and guarantees the sources authenticity. Therefore, you can be certain about who has signed the document.

Is an electronic signature legally equivalent to a handwritten signature?

In the context of European and Belgian law, an electronic signature, provided certain conditions are adhered to when the signature is applied, is equivalent to a handwritten signature.

In Europe, the 1999 directive on electronic signatures aims to set out the legal framework and the conditions that must be met in order for the electronic signature to be equivalent to a handwritten signature. In Belgium, this directive has been passed into law (9 July 2001).

Identity cards, most notably, were developed from the outset to produce electronic signatures that are legally equivalent to handwritten signatures. Because of the European context, the electronic signature can be used in all of the member states that recognise it by law (each country has created its own national laws, which apply the same European directive of 1999).

What is authentication?

Authentication is the certification of an identity and is verified in real time. Identification is the collection of information about an individual’s identity, linked to the eID card inserted into the reader.

What is a certificate?

An electronic certificate, just like a paper certificate, links the identity of the bearer to his/her personal key. The certificate bearer's public key is written into this certificate. Since the certificate is a piece of public information, it enables third parties to verify with whom a remote connection has been made (authentication), or to find out who generated and signed the document (electronic signature). A certificate can also be used as a container for a public key for encryption/decryption in an asymmetric two-key system.

What is an eID card?

An eID card is an electronic identity card, i.e. first and foremost an identity document that is secure, mainly due to the presence of a chip enabling a number of functions and controls to be conducted.

This chip contains data about the bearer’s identity (everything that is visible on the card, like the address and the photo). This data can be viewed by anyone and are not protected by a PIN code. In addition, the chip contains the certificates and keys that enable two functions: authentication and electronic signature. These functions are protected by a PIN code (in the current version of the Belgian card, the code is the same for both functions).

There are no other functions or any other data on the card, contrary to popular belief: no Schengen Information System data, no medical data, no secret or hidden data, no GPS and no biometric data.

Primarily, the card is only used as a tool for validating a person's identity both in the physical world (by presenting his/her card), and in the electronic world (by authenticating and reading the identity data via a reader). In the electronic world, thanks to authentication, the card also serves as an access key to State sources described as 'authentic'. Authentic sources are State databases containing personal information about an individual. For example: the national register, central databank, national bank, tax-on-web file, social security details, etc.

How is an identity verified with the eID card?

To be read (locally or remotely via the web), an eID card requires the bearer to have a reader and a software package. By using locally installed reading software or an applet executed by a website, the content of an identity card that is not protected by a PIN code can be read. This content can then be used for the appropriate task. Data accessors (a local application or website that reads cards) must of course adhere to personal data protection rules (i.e. have de facto authorisation to process this type of data – for example government authorities, banks, mutual benefit associations, schools, insurance companies, hospitals, etc …or else they must request authorisation).

What is an electronic original?

An electronic original is the electronic equivalent of a hard copy original. As soon as an electronic original exists, the hard copy original is rendered useless or simply ceases to exist. The electronic original, just like a hard copy original, provides the necessary proof of integrity and authenticity. Electronic originals allow the cost of paper, along with the costs of processing and storing it, to be reduced.