Skip to main content

e-Seal in IgniSign

This documentation provides a detailed guide on enabling and using the eSeal functionality within IgniSign. It covers the steps to create an eSeal application, configure settings, manage approvers, utilize Machine-to-Machine (M2M) e-Seals, and understand the trustability chain associated with eSeals.

Enabling eSeals

Creating an eSeal Application

To enable eSeal functionality, you need to create a new application specifically designed for eSeals. Follow these steps:

  1. Access the Application Creation Section: Navigate to the applications dashboard in your IgniSign console.

  2. Create a New Application:

    • Click on "Create Application".
    • Provide a name for your application.
    • Select the application type as eSeal.

  3. Initialize the Application:

    • Upon creation, the system will initialize the application with default settings.
    • It will generate default seal signers for different eIDAS levels (Simple, Advanced, Qualified).

Requirements

  • Know Your Business (KYB) Verification: Before creating seals in Staging and Production environments, your organization must complete the KYB process.
  • Development Environment: In the development environment, eSeal rights are granted without verification for testing purposes.
  • Legal Representative: A legal representative must be associated with your organization to approve certain eSeal operations.

Configuring eSeal Settings

After creating the eSeal application, you can configure its settings to match your organization's needs.

eIDAS Levels

eIDAS levels determine the legal value of the eSeal:

  • Simple Electronic Signature (SES)
  • Advanced Electronic Signature (AES)
  • Qualified Electronic Signature (QES)

To set the eIDAS level:

  1. Go to the eSeal Settings section in your application.
  2. Select the desired eIDAS level.
    • Note: Changing the eIDAS level impacts rights delegation and may require additional verification.

Organizational Unit

You can specify an organizational unit that will be included in the eSeal certificate:

  1. In the eSeal Settings section, input the Organizational Unit.
  2. If you need different organizational units, create separate eSeal applications for each.

Approver Validation Parameters

Define the parameters for approvers who will validate eSeal requests:

  1. Go to Approvers Validation Parameters within the eSeal Settings.
  2. Configure settings such as required authentication methods and validation steps.
    • Approvers must sign at the same eIDAS level as the eSeal.

Managing eSeal Approvers

eSeal approvers are responsible for approving eSeal requests and managing M2M emitters.

Delegation of Rights

Delegating rights allows administrators to grant permissions to other users:

  1. Navigate to Manage eSeal Approvers.
  2. Click on Delegate Rights.
  3. Select the user and specify the rights to delegate:
    • Create eSeal Approvers
    • Create M2M Secrets
    • Delegate Rights to Others

Approval Process

For certain delegations, an approval process is required:

  • Automatic Approval: Some rights may be automatically approved based on the eIDAS level or if the receiver is the legal representative.
  • Signed Delegation: In other cases, a legally binding document must be signed by both parties.

Steps for signed delegation:

  1. A delegation request is created, including the rights to be granted.
  2. Both the right giver and receiver sign the Authorization to Emit e-Seal Agreement Document.
  3. Once signed, the rights are granted to the receiver.

Managing Rights

To view and manage current rights:

  1. Go to eSeal Trustability in your application.
  2. View Your Current Rights and Rights of Other Administrators.
  3. Revoke or update rights as necessary.

Machine-to-Machine (M2M) e-Seals

Overview

M2M e-Seal emitters allow for the creation of eSeals without human intervention, enabling programmatic sealing of documents.

  • An M2M emitter is associated with an approver who is responsible for the eSeal.
  • Creating an eSeal through an M2M session extends the approver's session.

Creating M2M e-Seal Emitters

To create an M2M e-Seal emitter:

  1. Ensure you have the Create M2M right.
  2. Navigate to the M2M e-Seal section in your application.
  3. Click on Create M2M Secret.
  4. Provide necessary details and configure settings.

Rights Required

  • Create M2M: You must have this right to create M2M emitters.
  • Approver Association: An approver with the appropriate rights must be associated with the M2M emitter.

Trustability Chain

How It Works

The trustability chain ensures that eSeals are issued following a responsible delegation of rights:

  • Rights to emit seals must be granted with the approval of the organization’s legal representative.
  • This process maintains the legally binding value of the eSeal as per regulatory requirements.

Responsibilities

  • Legal Representative: Holds the ultimate responsibility and can delegate rights to administrators.
  • Administrators: Can manage approvers and create M2M secrets based on their delegated rights.
  • Approvers: Responsible for approving eSeal requests and associated with M2M emitters.

Delegation Process

  1. Initial Delegation: The legal representative delegates rights to administrators.
  2. Further Delegation: Administrators can further delegate rights based on their permissions.
  3. Approval: Delegations may require signing an agreement document by involved parties.
  4. Effective Date: Rights have an effective and expiration date, managing the validity period.