EN
The general security referential (GSR) allows users to digitally sign documents with a private key associated to a digital certificate dedicated to electronic signature (function “signature”) or to a certificate which can be used for both authentication and signature (function “authentication and signature”).
The GSR defines 3 security levels for the function “signature”: * (the less restrictive level), ** and *** (the most secure level). For the function “authentication and signature”, only the levels * and ** are available.
The main differences between these levels concern the required qualification levels for security products used to sign and check digital signatures.
The signature device, which signs the hash of the document to be signed, must be qualified at :
- the elementary level for security level *
- the standard level for security level **
- the reinforced level for security level ***
With regards to the signature application (which computes the hash of the document) and the signature checking module, the GSR recommends a qualification at the standard level for security levels ** and ***.
For levels ** and ***, the signing key is stored in a hardware cryptographic device (for instance, a smart card or a USB key), whereas, for security level *, the key can be stored in a software module.
At last, only signature keys and digital certificates compliant with security level *** can be used for qualified signature.
