When is the digital signature creation secure in Vietnam? Where is a digital signature created from?
When is the digital signature creation secure in Vietnam?
Based on Article 9 of Decree 130/2018/ND-CP, a digital signature is considered a secure electronic signature when three conditions are met:
Condition 1. The digital signature is created during the validity period of the digital certificate and can be verified using the public key recorded on the certificate.
Condition 2. The digital signature is created using a private key corresponding to the public key recorded on the certificate issued by one of the following organizations:
- National digital signature certification service provider;
- Specialized digital signature certification service provider for the Government of Vietnam;
- Public digital signature certification service provider;
- Specialized digital signature certification service provider of agencies, organizations, which are certified to ensure safety conditions for specialized digital signatures as regulated in Article 40 of this Decree.
Condition 3. The private key is under the sole control of the signer at the time of signing.
A digital signature is considered a secure electronic signature when it meets all three conditions, including the condition that it is created during the validity period of the digital certificate and can be verified using the public key recorded on that certificate.
Therefore, it is understood that the time to create a digital signature to ensure security is during the validity period of the certificate.
When is the digital signature creation secure in Vietnam? Where is a digital signature created from? (Image from the Internet)
Where is a digital signature created from in Vietnam?
Based on Clause 6, Article 3 of Decree 130/2018/ND-CP, it is regulated as follows:
Terminology Explanation
In this Decree, the following terms are understood as follows:
1. "Key" is a series of binary numbers (0 and 1) used in cryptographic systems.
2. "Asymmetric cryptographic system" is a cryptographic system capable of generating a pair of keys, including a private key and a public key.
3. "Private key" is a key in the key pair of an asymmetric cryptographic system, used to create a digital signature.
4. "Public key" is a key in the key pair of an asymmetric cryptographic system, used to verify the digital signature created by the corresponding private key in the key pair.
5. "Digital signing" is the process of entering a private key into a software program to automatically create and attach a digital signature to a data message.
6. "Digital signature" is a type of electronic signature created by transforming a data message using an asymmetric cryptographic system, whereby the person possessing the original data message and the signer's public key can accurately determine:
a) The above transformation was generated using the correct private key corresponding to the public key in the same key pair;
b) The integrity of the data message contents since the transformation was made.
...
Thus, according to the above regulation, a digital signature is created from the transformation of a data message using an asymmetric cryptographic system.
How to handle e-invoices containing digital signatures in case of issues of the tax authority’s authentication code issuing in Vietnam?
Based on Article 20 of Decree 123/2020/ND-CP, it is regulated as follows:
Handling incidents with authenticated e-invoices
1. In the case where the seller of goods or services uses an electronic invoice with a tax authority code but encounters an incident that makes it impossible to use the electronic invoice with the tax authority code, they should contact the tax authority or the service provider for support in handling the incident. During incident handling, if the seller of goods or services requires the use of an electronic invoice with a tax authority code, they should go to the tax authority to use such an invoice.
2. In the case where the tax authority's code system encounters an incident, the General Department of Taxation implements technical solutions to switch to a backup system and is responsible for notifying the incident on the electronic portal of the General Department of Taxation. The General Department of Taxation selects a number of electronic invoice service providers with sufficient conditions to authorize the issuance of electronic invoice codes when the tax authority's system faces issues.
If the tax authority's system incident has not been resolved, the tax authority provides a solution to sell printed invoices by the tax authority to certain organizations and individuals to use. After the tax authority's code system is resolved, the tax authority announces for organizations and individuals to continue using authenticated e-invoices. No later than 2 working days from the deadline stated in the tax authority's notice, organizations and individuals must submit a report on the usage situation of paper invoices purchased from the tax authority using Form BC26/HDG Appendix IA issued with this Decree.
3. In the case of infrastructure technical errors by the electronic invoice service provider, the service provider must notify the seller, coordinate with the General Department of Taxation for prompt support. The electronic invoice service provider must resolve the incident quickly and support the seller in creating electronic invoices to send to the tax authority for coding in the shortest possible time.
4. If the electronic portal of the General Department of Taxation encounters technical errors and cannot receive data on electronic invoices without codes, the General Department of Taxation is responsible for notifying on the portal. During this time, organizations, businesses, and electronic invoice service providers temporarily do not transfer invoice data without codes to the tax authority.
Within 2 working days from the date the General Department of Taxation announces that the portal is back to normal function, organizations and businesses providing electronic invoice services should transfer invoice data to the tax authority. The transfer of electronic invoice data after the announcement of technical errors on the portal is not considered a delayed data transmission.
Thus, according to the above regulation, in case of sending electronic invoices containing digital signatures but the tax authority's code system malfunctions, the General Department of Taxation will address this by selecting a number of electronic invoice service providers to authorize the issuance of electronic invoice codes.
- Vietnam: How to purchase from the 2025 Trade Union Tet Market online? How much is the labor union fee for members?
- What is the online "2025 Trade Union Tet Market" program in Vietnam? What types of taxes do online sellers have to pay?
- What is taxable income? How to distinguish taxable income and income subject to tax in Vietnam?
- Shall owners of household businesses with tax debt be subject to exit suspension in Vietnam from January 1, 2025?
- What are the changes in tax refund procedures in Vietnam from 2025?
- What tax enforcement measures will be applied for taxpayers that owe tax debt in Vietnam from January 1, 2025?
- What 08 financial, banking, securities trading, and commercial services shall be exempt from VAT in Vietnam from July 1, 2025?
- Are healthcare services and veterinary services exempt from VAT in Vietnam from July 1, 2025?
- What is the total income between 02 declarations in Vietnam? What does the tax declaration dossier for individuals paying tax under periodic declarations Include?
- What are 03 professional and comprehensive 2025 Tet holiday announcement templates for enterprises in Vietnam? Where are the places of tax payment for enterprises in Vietnam?
