Signing with authentication-based signatures: limitations and solutions

In this article, we take a closer look at authentication-based signatures and offer some insights into overcoming common, everyday issues when using them.

A brief overview of authentication-based signatures

In the Dokobit portal, we support four different signature levels:

Simple Electronic Signatures (SES);
Advanced Electronic Signatures (AdES);
Advanced Electronic Signatures based on a Qualified Certificate (AdES/QC);
Qualified Electronic Signatures (QES).

AdES is an authentication-based signature that is widely used in Scandinavian countries (specifically Norway, Sweden, Finland, and Denmark) and also in the Netherlands. Based on the requirements of the eIDAS regulation, it is uniquely linked to a signer by including the required evidence to prove the signing action. This kind of signature can be considered strong evidence in legal proceedings. Additional information on authentication-based signatures can be found here.

How does AdES differ from AdES/QC and QES?

Unlike AdES, AdES/QC contains a certificate for electronic signatures that is issued by a qualified Trust Service Provider and meets the requirements laid down in Annex I of eIDAS.A QES, on the other hand, is an  AdES/QC that has, in addition, been created with a Qualified Electronic Signature Creation Device (QSCD). A QES can be considered a digital equivalent of a handwritten signature with the same legal effect. It is recognized in all member states of the EU.

Currently supported authentication-based eID tools

In the Dokobit portal, we support the following authentication-based eID tools:

Finland → Finnish Trust Network (FTN)
Norway → BankID, BankID on mobile
Sweden → Swedish BankID
Denmark → MitID
the Netherlands → iDIN

Common limitations and solutions when signing with an authentication-based eID tool

○ Document formats

Authentication-based signatures (AdES) can only be added to PDF format files. This means that if the document owner invites you to sign a container file (ADoc, BDoc, EDoc, or ASiCE), you won't be able to do so.

Here's a common error message that you might see in this kind of situation:

It's important to note that this error message might also appear in cases where the document owner has uploaded a PDF format file but has disabled the option to sign the document with AdES-level signatures.

Solution: In both cases, you need to contact the document owner to find out if they can make the necessary changes to make it possible for you to sign the document.

○ Validations

Signatures that have been created in the Dokobit portal with an AdES-based e-identification tool can only be fully validated on our platform. What this means is that if you validate these kinds of documents on different platforms, AdES-level signatures will only indicate the text "Signature by Dokobit" without including the signer's full name.

Solution: In this case, we suggest asking the recipient to validate the document in our portal. You can also download Dokobit's detailed validation report and send it to the recipient if necessary.