This website has been translated by machine translation software and has not been subsequently revised by translators. Further information at: link. Hide

El Componente Central recupera el PKCS

PAe - CTT - Additional Information - Cl@ve Signature
the accesskey _ mod _ content

Cl@ve Signature

  • Functional description

    El sistema Cl@ve es la plataforma común del Sector Público Administrativo Estatal para la identificación, autenticación y firma electrónica. Nace con el objetivo de facilitar el acceso y la firma electrónica de los ciudadanos en los servicios públicos electrónicos de las Administraciones Públicas.

    This platform was adopted by agreement of council of ministers of 19 September 2014, and began to operate, providing the service of electronic identification, on 17 November 2014.

    The system Cl@ve also includes the signature centralized, with certificates in the cloud, which seeks to overcome definitively problems of use of electronic certificates on the computers of users. Certificates of citizens are guarded with strong security measures centralized servers administration, in particular the overall direction of the police (DGP) and supported in the Computer Management of Social security (GISS). to access them the incumbent you need to authenticate with username and password for your Permanent Cl@ve and introduce a code of a single use sent by telephone (dual-factor authentication). The signature is performed on the server and not in the user's computer, so that the citizen does not have to worry about the management of certificates and can also sign from any device.

    La firma se realiza siempre en el sistema HSM y “utilizando datos de creación de la firma electrónica que el firmante puede utilizar, con un alto nivel de confianza, bajo su control exclusivo”, por lo que ésta podrá considerarse como firma electrónica reconocida, equivalente por tanto a la firma manuscrita.

    In this way, with Cl@ve - Signature is achieved gather in the same technical solution ease of use posed to the citizen using a username, password and code sent to your phone with the high level of security that provide electronic certificates. Additionally, the use of electronic certificates ensures that the signed documents are directly interoperable, thereby facilitating their post-treatment in systems of electronic administration.

    Technical Description

    The signing process is as follows:

    Signing key

    • The user logs before the system and requests the signature of some form/document (1). Querying the platform of signature of the GISS/DGP to know if the citizen identified with this NIF possesses certificates in the cloud.
    • Prepares the prefirma (first part of the signature triphase, preceding the encryption of data with the private key), with documents and the hash that should be encrypted (2) and (3).
    • Calls on the platform of signature of the GISS/DGP the use of the private key, returning to the user a URL in which you must enter your password and the key OTP for the use of the certificate (4).
    • The user enters the data required to authorize the signature process (5).
    • La plataforma de firma de la GISS/DGP realiza el cifrado de la huella digital con la clave privada del ciudadano (segunda parte de la firma trifásica) (6).
    • Se redirige al ciudadano a la página en la que se finalizará el proceso de firma (7).
    • The API through the central component seeks PKCS # 1 generated the platform of signature of the GISS/DGP.
    • The page AE operates with the signature as it is indicated.

Interesting links Solutions