ETSI releases three specifications for cloud-based digital signatures

Sophia Antipolis, 2 April 2019

The ETSI technical committee on Electronic Signature Infrastructure (TC ESI) has just released a set of three Technical Specifications for cloud-based digital signatures supporting mobile devices: ETSI TS 119 431-1, ETSI TS 119 431-2 and ETSI TS 119 432. This new set of standards supports the creation of digital signatures in the cloud, facilitating digital signature deployment by avoiding the need for specialized user software and secure devices.

The signer relies on a third-party trust service to manage its signing key and digitally sign documents under its control. To guarantee that the cloud-based signature creation environment is reliable and that the signing key is used under the control of the signer, the provider of the remote digital signature service has to apply specific management and administrative security procedures and use trustworthy systems and products, including secure electronic communication channels.

This is an important step forward for security in deploying digital signatures which takes into account the move to cloud-based services and mobile devices. These standards enable a new way of implementing Trust Services which greatly simplifies their use and provides an important toolset to counter growing Internet fraud targeting online business and government”, says Nick Pope, ETSI TC ESI Vice Chair.

ETSI TS 119 431 parts 1 and 2 define those policy and security requirements which can be used by Conformity Assessment Bodies to certify that a trust service provider follows best practices for the operation of such cloud-based signature creation services, in particular in the context of the eIDAS Regulation (EU) 910/2014. ETSI’s work complements the CEN publications EN 419241-1:2018 (general requirements for trustworthy systems supporting server signing) and EN 419241-2:2019 (protection profile for a qualified electronic signature creation device (QSCD) for server signing), which provide the essential core of secure signing in the cloud.

ETSI TS 119 432 specifies the protocol allowing a client application to request the creation of a digital signature to a server. This specification establishes a protocol for secure communication between the different components needed to create a secure digital signature in the cloud, in line with the security standards laid down in the eIDAS Regulation. Two bindings are specified for this protocol: XML, which builds on the OASIS DSS-v2.0 specification, and JSON, which builds on the Cloud Signature Consortium (CSC) specification. ETSI collaborated with OASIS and CSC to produce its protocol specification.

About ETSI
ETSI provides members with an open and inclusive environment to support the timely development, ratification and testing of globally applicable standards for ICT-enabled systems, applications and services across all sectors of industry and society. We are a not-for-profit body with more than 850 member organizations worldwide, drawn from 64 countries and five continents. Members comprise a diversified pool of large and small private companies, research entities, academia, government and public organizations. ETSI is one of only three bodies officially recognized by the EU as a European Standards Organization (ESO).

For more information please visit:

Claire Boyer
Mob: +33 (0)6 87 60 84 40