What is eIDAS and Can it Be Used in Conjunction with PDF-XChange Editor?
The eIDAS regulation is an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. It was established in EU regulation 910/2014 of 23 July 2014 on electronic identification and repeals 1999/93/EC from 13 December 1999. eIDAS entered into force on 7 September 2014, and came into effect in July 2015. eIDAS oversees electronic identification and trust services for electronic transactions in the European Union's internal market. It regulates electronic signatures, electronic transactions, involved bodies, and their embedding processes in order to provide secure ways for users to conduct business online - such as the transfer of electronic funds, and other transactions with public services. eIDAS has created standards for which electronic signatures, qualified digital certificates, electronic seals, timestamps, and other proof for authentication mechanisms enable electronic transactions, whilst retaining the same legal standing as transactions that are performed on paper. eIDAS requires member states to create a common framework that recognizes eIDAS from other member states, and ensures their authenticity and security - which in turn makes it simple for users to conduct business across borders. eIDAS also provides a clear and accessible list of trusted services that may be used within the centralized signing framework. Further information about eIDAS is available here.
Using eIDAS in PDF-XChange Editor
If you want to avail of the eIDAS regulation and framework in conjunction with PDF-XChange Editor, then you must first have a digital certificate from a trusted certification authority. A digital ID is an electronic version of your identity. Digital IDs usually contain your name, email address, organization name/unit and country/region, as well as containing a key algorithm and expiration date. Digital signatures utilize a digital ID in order to operate. Digital IDs are used to create digital signatures and to decrypt documents that have been encrypted for the owner. They contain two keys: the public key and the private key. The public key contains the information about its owner, and can be shared by the owner in order for a recipient to encrypt information that is intended for only the owner to view. The public key can also be used to validate the digital signature of the owner, as well as to lock and encrypt documents. The private key is used to create/apply digital signatures, and to decrypt documents that have been encrypted via certificate security. Private keys are used to apply digital signatures when documents are signed. The public key is contained in a certificate that you can distribute to other users, such as those whom you want to be able to validate your signature and identity. It is important to keep your digital ID in a safe location, as it contains your private key, which can be used to decrypt and access your information. Business transactions often require a digital ID from a trusted certification authority, which is a trusted third-party provider of digital IDs. If you are selecting a certificate authority to use then it is important to select one that major companies will trust. EU-based providers of digital IDs that can be used worldwide are detailed in the EUTL, which is a list of more than 200 Trust Service Providers (TSPs) that meet high levels of compliance with the EU eIDAS electronic signature regulation. These providers offer certificate-based digital IDs for individuals, digital seals for businesses, and timestamping services that can be used to create a Qualified Electronic Signature (QES) based on digital signature technology. Note that you are not restricted to obtaining a digital ID from the EUTL, and a cursory internet search for digital ID certificate authorities will provide many other options.
When you have obtained a digital certificate from a trusted certification authority, the authority in question will remain as a third-party who can verify your identity when required to do so. PDF documents conform to a separate ISO specification that defines how digital signatures are created in files. You will use your digital certificate when you add your digital signature to documents. PDF-XChange Editor (and any other software that is compatible with digital signature functionality) contacts the relevant certification authority in order to confirm that the certificate used in the PDF document is valid, and that their copy of the certificate matches what is embedded in the digital signature inside the ﬁle.
You can also specify the use of cADES, which is compliant with eIDAS, as the Default Signing Format in the Signature preferences of PDF-XChange Editor:
CAdES is an electronic signature created in compliance with eIDAS, and it has the same legal value as a handwritten signature.