The Signature Act (SigG) has regulated the framework conditions for certification authorities in Germany since 1997. The purpose of the law is to make the generation of a digitalsignature secure and to reliably detect forgeries or falsifications of signed data. For this purpose, the Signature Act divides signatures into signature classes.
The regulatory authority RegTP forms the top hierarchical level in the certification authorities and issues licenses to subsequent certification authorities, the trust centers( TC). In addition, according to the SigG Act, the certification authority must maintain a revocation service that is always accessible, a directory service for certificates and revocations that is accessible via public networks, and a service that can be used to time-stampdigitally signed data.
The Signature Act specifies several electronic signature forms: The simple electronic signature, the advanced electronic signature, the qualified electronic signature, and the qualified signature with accreditation of the certificate provider
For the simple signature, the data must be in electronic form, additional data must be attached or logically linked to it, and there must be an authentication function.
With the advanced electronic signature, the requirements are significantly expanded. For example, the signature key is assigned to only one person and it is possible to identify the key holder. In addition, subsequent changes to the signed data can be detected and, as a further requirement, the signature may only be generated using means that are solely available to the key holder.
The qualified signatures are also generated with a secure signature creation device (SSCD) and are based on a valid certificate.