How to get an electronic signature
An overview of card readers (only available in German) supported by VPS at DEHSt has been compiled by Governikus. DEHSt recommends choosing a signature application component from this list, as these comply with the legal requirements.
Other software that may be required
If the purchased signature card does not include software that permits the activation of the card and a change of PIN, such signature software can be downloaded from Governikus free of charge for certain cards.
"Qualified electronic signatures", as defined by the Signature Act, convey digital signatures a legal status equivalent to hand signatures.
Qualified signatures can only be used during their validity period. Signature cards that are issued may be valid for two up to five years, and so is the certificate unless the card has been cancelled.
The use of qualified electronic signatures guarantees complete data security and protects the authenticity of the documents sent.
An electronic signature is not a signature in the conventional sense, but is based on a complex mathematical method which creates a specific electronic fingerprint for every document to be signed. This is then encrypted using the private key of the signatory party and can only be made visible using the coordinate public key. Thus, a digital signature can be attributed to an individual beyond any doubt. No one but the holder of the private key can use it. Any change in the document made after the application of the electronic signature would break the electronic seal. The procedure guarantees a high level of security.
In qualified signatures, the key for the personal signature is stored in a chip card. The data cannot be seen by anyone else and therefore not copied and stolen. Similar to a credit card, the card is protected by a four-to-eight-digit PIN to be determined and kept private by the holder. Entering the wrong PIN three times in succession will result in locking the card. Depending on the certification service provider, the card will be irrevocably locked and a new card needs to be issued; or the card may be reactivated using a super PIN (PUK) for a limited number of attempts.
Public and private keys for qualified electronic signatures are generated and issued by the certification service providers (trust centers) accredited with the Federal Network Agency. It is therefore mandatory that the identity of the prospective key holder be established beyond doubt by submitting a valid ID document.