Signing with authentication-based signatures: limitations and solutions
In this article, we take a closer look at authentication-based signatures and offer some insights into overcoming common, everyday issues when using them.
In this article
A brief overview of authentication-based signatures
- Advanced Electronic Signatures (AdES);
- Advanced Electronic Signatures based on a Qualified Certificate (AdES/QC);
- Qualified Electronic Signatures (QES).
AdES is an authentication-based signature that is widely used in Scandinavian countries (specifically Norway, Sweden, Finland, and Denmark) and also in the Netherlands. Based on the requirements of the eIDAS regulation, it is uniquely linked to a signer by including the required evidence to prove the signing action. This kind of signature can be considered strong evidence in legal proceedings.
Additional information on authentication-based signatures can be found here.
How does AdES differ from AdES/QC and QES?
Unlike AdES, AdES/QC contains a certificate for electronic signatures that is issued by a qualified Trust Service Provider and meets the requirements laid down in Annex I of eIDAS.
A QES, on the other hand, is an AdES/QC that has, in addition, been created with a Qualified Electronic Signature Creation Device (QSCD). A QES can be considered a digital equivalent of a handwritten signature with the same legal effect. It is recognized in all member states of the EU.
Currently supported authentication-based eID tools
In the Dokobit portal, we support the following authentication-based eID tools:
- Finland → Finnish Trust Network (FTN)
- Norway → BankID, BankID on mobile
- Sweden → Swedish BankID
- Denmark → MitID, NemID
- the Netherlands → iDIN
Common limitations and solutions when signing with an authentication-based eID tool
○ Document formats
Authentication-based signatures (AdES) can only be added to PDF format files. This means that if the document owner invites you to sign a container file (ADoc, BDoc, EDoc, or ASiCE), you won't be able to do so.
Here's a common error message that you might see in this kind of situation:
It's important to note that this error message might also appear in cases where the document owner has uploaded a PDF format file but has disabled the option to sign the document with AdES-level signatures.
Signatures that have been created in the Dokobit portal with an AdES-based e-identification tool can only be fully validated on our platform. What this means is that if you validate these kinds of documents on different platforms, AdES-level signatures will only indicate the text "Signature by Dokobit" without including the signer's full name.