Vietnam: Digital signature checking software must have the function of canceling information

According to Article 7 of Circular No. 22/2020/TT-BTTTT of the Ministry of Information and Communications of Vietnam, functional requirements for digital signature checking software are specified as follows:

1. Checking of validity of digital signatures affixed to data messages:

- Digital signatures affixed to data messages are verified according to the principle: a digital signature is generated from a private key corresponding to the public key on the digital certificate;

- Digital certificates of persons attaching digital signatures to data messages are checked via the trusted path on such digital certificates and also checked by the national certification authority.

- Information about persons attaching digital signatures to data messages are checked and verified focusing on the following:

+ Validity period of the digital certificates;

+ Status of the digital certificates through the Certificate Revocation List (CRL) published at the time of attaching the digital signature or through the Online Certificate Status Protocol (OCSP) in the case where the certification authority provides OCSP services.

+ Cryptographic algorithms used on the digital certificates;

+ Purpose and scope of the digital certificates.

- A digital certificate remains valid if the following criteria are met:

+ The validity period on the digital certificate remains unexpired at the digital signature time;

+ Cryptographic algorithms used on the digital certificate comply with compulsorily applied technical regulations and standards for digital signatures and digital signature authentication which remain effective;

+ The digital certificate remains operational at the digital signature time;

+ The digital certificate is used for intended purposes and within the intended scope.

- Integrity of digital signature data messages is checked as follows:

+ Decrypt the digital signature on each data message to obtain information about the hash value;

+ Use the secure hash algorithm that generated the hash value on the digital signature to generate a hash value for the data message;

+ Compare the two hash values to check whether they match, thereby checking the integrity of the digital signature data message.

- A digital signature on the data message is considered valid if:

+ Information about the signer has been checked and verified;

+ The signer’s digital certificate remains valid at the signature time;

+ Digital signature on the data message matches the private key corresponding to the public key on the digital certificate and integrity of the data message is ensured.

2. Storage and cancellation of the following pieces of information attached to digital signature data messages:

- Digital certificates corresponding to digital signatures attached to incoming digital signature data messages;

- List of certification authorities’ digital certificates revoked at the signature time that correspond to with digital signatures attached to incoming data messages;

- Validation etiquettes of certification authorities issuing digital certificates that correspond to digital signatures attached to incoming data messages;

- Results of checking of digital certificate status appropriate for digital signatures attached to incoming data messages.

3. Change (addition or reduction) of digital signatures of certification authorities.

4. Notification (in alphabetical letters/symbols) of checking whether a digital signature is valid or not.

View more provisions at Circular No. 22/2020/TT-BTTTT of the Ministry of Information and Communications of Vietnam, effective from November 01, 2020.

Le Vy

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE