OBELISK Validator QTS ensures the correct and complete validation process of an electronically signed document in accordance with eIDAS.
Service certification
On 6 August 2019, the Ministry of the Interior of the Czech Republic, as the supervisory body for trust service providers pursuant to Article 17 of the eIDAS Regulation, granted SEFIRA spol. s r.o. qualified trust service provider and OBELISK Validator QTS qualified trust service status.
Qualified status of the OBELISK Validator QTS service has been published in the Czech Trusted List (https://tsl.gov.cz/publ/TSL_CZ.xtsl)
OBELISK Validator QTS supports processing of all formats declared by eIDAS (CAdES, PAdES, XAdES, ASiC). The process of electronic signature validation is precisely defined in terms of the scope of the facts to be verified.
Scope of validation
Is the document created in a recognized format?
Do electronic signatures meet the required policies and restrictions?
Has the document (or signed data) been changed after signature?
Is it possible to clearly and demonstrably identify signature certificates?
Are all the used cryptographic algorithms safe?
Does the document have a trusted timestamp?
Were the signing certificates issued by trusted authority?
Are the certificates qualified?
Were the certificates used for electronic signature valid and not revoked?
Were electronic signatures created by a qualified signature creation device?
Complete verification is performed in the environment of the service. The output of the performed electronic signature validation is a detailed validation report in PDF or XML format, which contains the result of verification of all the attributes and signature properties required by ETSI specifications. The output also includes validation data collected as part of the verification process.
Benefits of OBELISK Validator QTS
Ensures compliance of the organization’s processes with eIDAS in the area of e-signing
Comprehensive validation of electronically signed documents in all recognized formats
Validation of used certificates issued by all trusted service providers listed on TSL
Easy integration into other IS using web services
Supported standards
| Validated el. signature formats | CAdES, PAdES, XAdES, ASiC, PKCS#7, XMLDSig, S/MIME, MS Office, OpenDocument, ZFO |
| Validated signature classes | Basic Signature, Signature with Time, Signature with Long-Term Validation Material, Signature providing Long Term Availability and Integrity of Validation Material |
| Validated signature levels | Baseline profile: B-B, B-T, B-LT, B-LTA |
| Validation data formats | CRL, IETF’s OCSP protokol |
| ETSI standards | Electronic Signatures and Infrastructures (ESI) – ETSI / CEN standards: ETSI EN 319 102 – Procedures for Creation and Validation of AdES Digital Signatures ETSI EN 319 122 – CAdES digital signatures ETSI EN 319 132 – XAdES digital signatures ETSI EN 319 142 – PAdES digital signatures ETSI EN 319 162 – Associated Signature Containers (ASiC) ETSI EN 319 172 – Signature Policies ETSI EN 319 312 – Cryptographic Suites ETSI EN 319 412 – Certificate Profiles ETSI TS 119 612 – Trusted Lists |
| Service API | Web |
OBELISK Validator QTS policy
The policy describes the conditions and procedures relating to the OBELISK Validator QTS service, taking into account the applicable standards of the European Union and the law of the Czech Republic in this area. Compliance with the procedures and conditions set out in the Policy ensures that relying parties receive the outcome of the validation procedure in an automated manner that is reliable, efficient and bears the electronic seal of the provider of the qualified signature and seal validation service.
The planned changes to the rules for the provision of the qualified service OBELISK Validation QTS will take place on 15 June 2020. A new version of the service policy is available HERE.