Decree speeds up the certification of digital signatures

02:10, 31/10/2018

From November 15, the time limit for verifying and licensing digital signature-certification service provision will be shortened from current 60 days to 50 days.

 

From November 15, the time limit for verifying and licensing digital signature-certification service provision will be shortened from current 60 days to 50 days.

Such is one of the salient points of Decree 130, which replaces Decree 26 issued in 2007, detailing the Law on E-Transactions regarding digital signatures and digital signature certification service.

Accordingly, eligible digital signature certification service providers include the Root Certification Authority, public certification authorities, specialized certification authorities of the Government, and specialized certification authorities of organizations and individuals which possess a certificate of satisfaction of digital signature security conditions.

Compared to Decree 26, Decree 130 contains more specific provisions on digital signatures and certificates.

As defined in the Decree, the digital signature of a person will be created by using a private key corresponding to a public key stated in the digital certificate granted to such person by an eligible certification authority.

Regarding the legal validity of digital signatures, the Decree states that a data message will be considered valid if it is signed with a digital signature meeting safety requirements.

Decree 130 makes clear that to be regarded as meeting safety requirements, a digital signature must be created while the relevant digital certificate remains valid and is verified with the public key stated in such digital certificate. Also, it must be created with the use of a private key corresponding to the public key indicated in the digital certificate and at the time of signing the private key is subject to the control of the signer only.

Worthy of note, digital signatures and certificates granted by foreign authorities will have the same legal validity and effect like those granted by Vietnam’s public certification authorities, provided that they are still valid and licensed for use in Vietnam by the Ministry of Information and Communication (MIC) or permitted for use in international e-transactions.

 Particularly, those used for servers and software are not required to be licensed.
 
(Source:VLLF)