Long-term Preservation of Validity of Electronically Signed Records

The authors explain the context in which electronic records are being preserved. They explain the concept of authentic electronic records and proceed with the analysis of the technologies supporting trust in electronic records. They start by explaining the Public Key Infrastructure as the requirement for electronic signatures, digital certificates, the concept of non-repudiation, trusted archive service, timestamps and trusted digital timestamping. Further, they analyse formats of electronic signatures – XMLDSig, XAdES, CAdES, PAdES – and their possible influence on the long-term preservation of validity of electronically signed records. The authors conclude that although strict requirements of certain types of electronic signatures can ensure authenticity, integrity and non-repudiation of preserved records, they will still require preservation action on the level of medium and files

Development of a tool for validating ETSI AdES digital signatures as defined by the European Standard ETSI EN 319 102-1

The objectives of the various European standards for digital signatures are to establish common specifications within the European Union on how the creation and validation of these should be carried out. This makes it possible to use interoperable electronic signatures across borders of Europe. This thesis consists of the development of a tool to validate ETSI AdES digital signatures according to the European standard ETSI EN 319 102-1. For this purpose, a study of the different standards has been carried out, together with Object-Oriented Analysis and Design techniques, to achieve the implementation of the validation algorithm and the development of a unit testing framework to check its correct operation. The result is a tool capable of validating Basic Signatures, Signatures with Time and Signatures with Long-Term Validation Material of any ETSI AdES signature form (XAdES, CAdES and PAdES).Els objectius de les diferents normes europees per a les signatures digitals són establir especificacions comuns dins de la Unió Europea sobre com s'ha de dur a terme la creació i validació de les mateixes. Això fa possible l'ús de signatures electròniques interoperables a través de les fronteres d'Europa. Aquesta tesi consisteix en el desenvolupament d'una eina de validació de signatures digitals ETSI AdES segons la norma europea ETSI EN 319 102-1. Per a això, s'ha realitzat un estudi dels diferents estàndards, juntament amb tècniques d'Anàlisi i Disseny Orientat a Objectes, per aconseguir la implementació de l'algoritme de validació i el desenvolupament d'un marc de proves unitàries per a comprovar el seu correcte funcionament. El resultat és una eina capaç de validar Firmes Bàsiques, Firmes amb Temps i Firmes amb Material de Validació a Llarg Termini de qualsevol format de signatura ETSI AdES (XAdES, CAdES i PAdES).Los objetivos de las distintas normas europeas para las firmas digitales son establecer especificaciones comunes dentro de la Unión Europea sobre cómo debe llevarse a cabo la creación y validación de las mismas. Esto hace posible el uso de firmas electrónicas interoperables a través de las fronteras de Europa. Esta tesis consiste en el desarrollo de una herramienta de validación de firmas digitales ETSI AdES según la norma europea ETSI EN 319 102-1. Para ello, se ha realizado un estudio de los diferentes estándares, junto con técnicas de Análisis y Diseño Orientado a Objetos, para así lograr la implementación del algoritmo de validación y el desarrollo de un marco de pruebas unitarias para comprobar su correcto funcionamiento. El resultado es una herramienta capaz de validar Firmas Básicas, Firmas con Tiempo y Firmas con Material de Validación a Largo Plazo de cualquier formato de firma ETSI AdES (XAdES, CAdES y PAdES)

Atualização dinâmica de políticas de assinatura digital

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2017.Políticas de assinatura auxiliam os usuários nos processos de assinatura digital. Entretanto, políticas de assinatura digital não resolvem todos os problemas e acabam introduzindo alguns outros no processo de assinatura e sua manutenção. Este trabalho explica e demonstra como resolver o problema de mudança de política de assinatura. A mudança de política de assinatura é necessária quando os requisitos sobre uma assinatura digital mudam, por exemplo, será necessário um tempo de preservação de uma assinatura digital maior do que o esperado inicialmente. A prática de assinar documentos é bastante antiga, porém, a assinatura digital é bastante recente se comparada com a assinatura manuscrita. Assim como a assinatura de próprio punho, a assinatura digital precisa comunicar seu objetivo, isso é feito através de políticas de assinatura ou de alguma técnica equivalente na maior parte das vezes, o que acaba diferenciando assinaturas digitais de assinaturas manuscritas. Este trabalho trata de políticas de assinatura como foram propostas pelo ETSI. O método proposto para atualização da política indicada na assinatura é totalmente compatível com os padrões de assinatura digital avançada bem como com as especificações técnicas sobre políticas de assinatura dessa entidade. Esse método é composto de dois componentes principais. O primeiro uma extensão para políticas de assinatura que permitem indicar quais as transições previstas. O segundo um atributo com o propósito de ser incluído nas assinaturas digitais indicando se alguma transição ocorreu. Esse método foi testado e avaliado utilizando softwares produzidos para o PBAD. Embora o método seja suficiente para a maioria das transições de políticas que se pode prever, percebeu-se que este método ainda não é suficiente para o arquivamento das assinaturas feitas utilizando políticas de assinatura. Observou-se que o método proposto simplifica a participação dos assinantes no processo de assinatura e que através desse método é possível que uma entidade independente fique responsável pela manutenção das assinaturas digitais.Abstract : Signature policies help users in the digital signature process. However, signature policies do not solve all digital signature process problems and introduce some new ones. We explain and show how to solve the necessity to change the signature policy. The change of signature policy need to happen when the digital signature requirements change, for example, the verifier needs the signature to be valid for a greater period than initially thought. Sign is a old practice, but, digital signatures are relatively new to this practice if we are comparing with manuscript signatures. Digital signatures, as manuscript signatures, need to communicate their commitment, this most of time is done trough signature policies or some equivalent technology, this ends up differentiating digital signatures from its manuscript counterparts. The signature policies used in this work follow the proposes of ETSI. The method we propose for updating the signature policy complains with the formats of advanced electronic signature as with signature policies proposed by ETSI. We proposed a method that can be split in two main components. First component is an extension for signature policies that indicates what transitions are possible. Second component is an attribute compatible with CAdES and XAdES that indicates a change in the signature policy. Tests of the method were made using the reference code for Brazilian Digital Signature Standards(PBAD). The method can solve the majority of transitions in the signature policy of a digital signature, however, the transitions needed for archieving a signature cannot be solved by this method. We noted that the method proposed simplifies the iteration of signers in the process. We noted as well that an idependent entity can do the maintenance of the digital signature

Copyright Notice

Syntax for Binding Documents with Time-Stamps This document describes an envelope that can be used to bind a file (not necessarily protected by means of cryptographic techniques) with one or more time-stamp tokens obtained for that file, where "timestamp token " has the meaning defined in RFC 3161 or its successors. Additional types of temporal evidence are also allowed. The proposed envelope is based on the Cryptographic Message Syntax as defined in RFC 5652. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained a

Desarrollo de una aplicación de software para la validación de los formatos oficiales de firma digital dentro del Sistema Nacional de Certificación Digital de Costa Rica

En el año 2014 el Gobierno de Costa Rica emitió la directriz 067-MICITT-H-MEIC, la cual faculta a los ciudadanos a exigir que las instituciones del estado brinden sus servicios electrónicamente utilizando firma digital. La publicación de esta directriz conlleva un esfuerzo enorme de parte de las entidades que soportan la implementación de firma digital en el país, para proveerle a los usuarios, guías y herramientas de ejemplo que les ayude en el uso e implementación de firma digital. Sin embargo, a pesar de estos esfuerzos no tienen herramientas disponibles para la firma y validación de todos los formatos oficiales de firma de documentos. El objetivo principal de este proyecto de investigación fue desarrollar una aplicación de software para la validación de los formatos oficiales dentro del Sistema Nacional de Certificación Digital (SNCD), que pueda ser tomada en cuenta para formar parte de las herramientas de ejemplo de firma y validación de documentos firmados digitalmente. Primero, se realizó una revisión sistemática de los documentos oficiales sobre firma digital del Gobierno de Costa Rica para identificar los perfiles oficiales de los formatos de firma digital. Luego, se seleccionó un perfil para validarlo con la aplicación. Posteriormente, se procedió al desarrollo de la aplicación con base en los requerimientos técnicos de los estándares de la ETSI y en la migración de una librería desarrollada por la Unión Europea que valida las firmas de acuerdo con estos estándares. Finalmente, se validó la aplicación desde el punto de vista funcional y de seguridad. Para la validación de seguridad se realizó un análisis estático de código y se evaluó la aplicación con la “Guía de requerimientos técnicos para el aseguramiento de la información de los componentes tecnológicos que utilizan certificados y firma digital en aplicaciones de software dentro del Sistema Nacional de Certificación Digital”, elaborada por Alejandro Mora. Como resultado se desarrolló una aplicación fiable y segura para la validación de documentos firmados digitalmente dentro del SNCD. Esta investigación se enmarca en el proyecto “Desarrollo de esquemas para certificar autoridades certificadoras y aplicaciones de software en el SNCD” del Centro de Investigaciones en Tecnologías de la Información y la Comunicación de la Universidad de Costa Rica.In the year 2014, the Government of Costa Rica issued the directive 067-MICITT-H-MEIC which empowers citizens to demand that state institutions provide their services electronically using digital signature. The publication of this directive involves a huge effort from the entities that support the implementation of digital signature in the country, to provide guides and tools to the users, to help them in the use and implementation of digital signatures. However, despite these efforts they do not have available tools for signing and validating all official document signing formats. The main objective of this research project was to develop a software application for the validation of the official document signing formats within the Sistema Nacional de Certificación Digital (SNCD), which can be considered to be part of the example tools for signature and validation of digitally signed documents. First, a systematic review of the official documents on the digital signature of the Government of Costa Rica was carried out to identify the official profiles of the digital signature formats. Then, a profile was selected to validate it with the application. Subsequently, the application was developed based on the technical requirements of the ETSI standards and the migration of a library developed by the European Union that validates the signatures in accordance with these standards. Finally, the application was validated from the functional and security point of view. For the security validation a static code analysis was performed and the application was evaluated with the guide "Guía de requerimientos técnicos para el aseguramiento de la información de los componentes tecnológicos que utilizan certificados y firma digital en aplicaciones de software dentro del Sistema Nacional de Certificación Digital", developed by Alejandro Mora. As a result, a reliable and secure application for the validation of digitally signed documents within the SNCD was developed. This research is part of the project "Desarrollo de esquemas para certificar autoridades certificadoras y aplicaciones de software en el SNCD” of the Centro de Investigaciones en Tecnologías de la Información y la Comunicación of the Universidad de Costa Rica.UCR::Vicerrectoría de Investigación::Sistema de Estudios de Posgrado::Ingeniería::Maestría Profesional en Computación e Informátic

Preservação por longo prazo de assinaturas digitais

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2011Assim como ocorre com as assinaturas manuscritas, muitas assinaturas precisam comprovar a autenticidade do documento assinado por anos, décadas ou mesmo por um período indefinido. Assinaturas digitais, contudo, acabam perdendo sua validade por fatores como o enfraquecimento de algoritmos criptográficos ou o comprometimento da chave privada do signatário. Assim, são necessárias estratégias que permitam preservar essas assinaturas por longo prazo. Este trabalho estuda a influência do tempo sobre as assinaturas digitais e propõe alternativas para minimizar alguns dos principais problemas hoje relacionados a essa preservação. Inicialmente, são apresentados os fatores que comprometem a validade das assinaturas com o tempo, seguido das principais estratégias até então propostas para sua preservação. A principal delas, baseada em carimbos do tempo, é então analisada, sendo propostos protocolos criptográficos para aumentar sua confiabilidade e reduzir os custos de preservação para o usuário final. Tais protocolos deram origem a duas novas implementações de carimbos, os Carimbos do Tempo Renováveis e Carimbos do Tempo Autenticados. Finalmente, foram realizadas análises teóricas dos benefícios e limitações trazidos por eles, sendo os resultados confirmados por meio de testes e simulações. Dentre os carimbos, os Carimbos do Tempo Autenticados são aqueles que oferecem uma maior redução de custos. Os de armazenamento, por exemplo, chegam a ser 99% menores, considerando a preservação de uma assinatura por cinquenta anos numa Infraestrutura de Chaves Públicas típica. Além disso, se destacam ao permitirem a validação offline das assinaturas preservadas. Carimbos do Tempo Renováveis, por outro lado, mantêm maior compatibilidade com a base instalada, sendo possível validar suas assinaturas da maneira convencional. Em contrapartida aos benefícios trazidos por esses protocolos, existem principalmente custos a serem absorvidos pelas Autoridades de Carimbo do Tempo e Autoridades Certificadoras Raiz

Technologies for long-term preservation of digitally signed archival records

Arhivistima su osobito izazov oni digitalni zapisi koji su i digitalno potpisani tj. imaju pridružene elektroničke potpise. Takvi zapisi predstavljaju izazov jer moraju prilikom očuvanja zadržati određene karakteristike. Zapravo je srž problema u očuvanju valjanosti elektroničkih potpisa i mogućnosti provjere valjanosti dugo nakon nastanka elektroničkog potpisa. Stoga se kroz ovaj rad analizira problematika očuvanja takvih zapisa. Kroz ovaj interdisciplinarni rad pojašnjeni su koncepti dugotrajnog očuvanja, digitalnog zapisa i digitalno potpisanog zapisa. Dio rada bavi se i kriptografijom kao okruženjem u kojem je nastao elektronički potpis. Također je provedeno i istraživanje tj. analiza usluge certificiranja koju pruža Fina. Izdvojene su i norme i uredbe na koje se potrebno osloniti u ovoj problematici, analizirani su postojeći pristupi dugotrajnom očuvanju ovakvih zapisa gdje je izdvojena i blockchain tehnologija kao novi pristup.Archivists are especially challenged by digital records that are digitally signed. Such records represent a challenge because they have to retain certain characteristics when preserving them. It is, in fact, the core of the problem in preserving the validity of electronic signatures and validation opportunities long after the electronic signature has been created. Therefore, this thesis will analyze the issues of preserving such records. The concepts of long-term preservation, digital records and digitally signed records have been clarified. Part of this thesis also deals with cryptography as the environment in which an electronic signature emerged. Research has also been carried out in which the certification service provided by Fina is analyzed. The standards and regulations to which this issue has to be addressed are outlined. Existing approaches have been analyzed for the long-term preservation of this kind of records, where blockchain technology has been represented as a new approach

The concept of establishment of electronic archive in public administration

Cilj ove doktorske disertacije je izrada modela informacijskog sustava za dugotrajnu pohranu elektroniĉki potpisanih dokumenata u podruĉju javne uprave. Za potrebe izrade modela obraĊen je referentni teorijski model za dugotrajnu pohranu elektroniĉkih informacijskih objekata – OAIS. Opisane su odgovornosti i sastavnice te funkcionalni entiteti navedenog modela. ObraĊena su teorijska saznanja s podruĉju infrastrukture javnog kljuĉa (PKI) zbog tehnologija i koncepata koji podrţavaju povjerenje u elektroniĉke zapise: digitalni certifikat, elektroniĉki potpis, napredni elektroniĉki potpis, certifikacijski (CA) i registracijski autoritet (RA), elektroniĉki vremenski ţig i dr. Uredbom eIDAS (Uredba (EU) br. 910/2014) je za podruĉje Europske Unije stavljena van snage do tada vaţeća EU Direktiva 1999/93/EC o okviru Zajednice za elektroniĉke potpise. Utjecaj Uredbe eIDAS je vrlo dalekoseţan za pravno reguliranje elemenata za dugotrajno oĉuvanje elektroniĉki potpisanih zapisa. Navedena uredba je propisala i koncept kvalificiranog pruţatelj usluga povjerenja (za izdavanje certifikata, vremenskih ţigova i dr.). Posebno su detaljno obraĊeni formati naprednog elektroniĉkog potpisa: XAdES, CAdES i PADES. Takvi formati potpisa omogućavaju oĉuvanje u dugom roku pa su iz tog razloga posebno zanimljivi. Detaljno su obraĊeni procesi izraĊivanja i validacije naprednog elektroniĉkog potpisa. Prepoznat je pojam dokaza postojanja, tj. PoE (engl. Proof of Existence) elektroniĉkog potpisa kao kljuĉan za ovaj rad. U prouĉavanju podruĉja dugoroĉnog oĉuvanja integriteta i autentiĉnosti elektroniĉkih zapisa s elektroniĉkim potpisima obraĊene su ĉetiri strategije oĉuvanja: uklanjanje elektroniĉkih potpisa, biljeţenje traga o elektroniĉkim potpisima u metapodacima, biljeţenje valjanosti o elektroniĉkim potpisima u blokchainu te oĉuvanje elektroniĉkih potpisa. Oĉuvanje elektroniĉkih potpisa je ĉesto implicitno definirano u zakonskim propisima te je stoga bilo i izazov za ovaj istraţivaĉki rad. Detaljno je obraĊena tematika elektroniĉke javne uprave (pojam, faze, mobilna javna uprava i sektori). Da bi se bolje shvatila vaţnost arhiva u elektroniĉkoj javnoj upravi obraĊen je kontekst elektroniĉke javne uprave u Europskoj Uniji i Republici Hrvatskoj. Sudjelovao sam na InterPARES Trust istraţivaĉkom projektu na temu analize elektroniĉkih javnih usluga. Analizirani su razliĉiti aspekti javnih e-usluga, a sa stanovišta ovog rada su posebno zanimljivi rezultati s podruĉja dugoroĉnog oĉuvanja elektroniĉkih zapisa te su i izneseni u ovom radu. Osim toga, istraţena je dostupnost servisa i komponenata temeljenih na infrastrukturi javnog kljuĉa u RH koji se mogu uĉinkovito iskoristiti za izgradnju infrastrukture za potpisivanje i dugotrajnu pohranu elektroniĉki potpisanih dokumenata. Konaĉno je dana i analiza uspješnosti elektroniĉkih javnih uprava po više metodologija. Napravljena je detaljna analiza razliĉitih aspekata elektroniĉki potpisanih dokumenata (interoperabilnost, pravna ureĊenost, rokovi ĉuvanja, norme za dugotrajnu pohranu). ObraĊen je i pojam elektroniĉke isprave u smislu zamjene za papirnate sluţbene dokumente izdane od javne uprave. Analizirani su hrvatski i strani zakoni s tog podruĉja. Kao priprema za izradu modela dugotrajne pohrane elektroniĉki potpisanih dokumenata obavljena je analiza uspješnih implementacija e-arhiva iz Hrvatske, Njemaĉke, Italije, Austrije, Litve i Estonije. ObraĊeni je i jedan referentni model za dugotrajnu pohranu te su analizirani rezultati istraţivaĉkog EARK projekta. S obzirom na saznanja iz analize uspješnih praksi i referentnih modela izradio sam model informacijskog sustava za pohranu elektroniĉki potpisanih dokumenta. RazraĊeni model se temelji na OAIS referentnom modelu. Vrlo bitan dio u izradi navedenog modela je razrada pojma oĉuvanja dokaza postojanja. Predlaţe se korištenje standarda RFC 6283 (XMLERS) za zapis oĉuvanja dokaza postojanja. Osim toga, kljuĉno u izradi modela je korištenje usluga kvalificiranih pruţatelja usluga povjerenja za certifikate i za vremenske ţigove. Kvalificirani vremenski ţig poprima i znaĉenje arhivskog vremenskog ţiga. IzraĊeni model podrazumijeva produţenje potpisa prije isteka prikladnosti korištenih algoritama. Osnovna namjera produţenja potpisa jest osigurati provjerljivost cjelovitosti i autentiĉnosti već potpisanih dokumenata. Osim toga i vremenski ţigovi s vremenom mogu izgubiti svoju prikladnost pa se pravovremeno treba dohvaćati novi vremenski ţig. Predloţeno je rješenje i za dugotrajno oĉuvanje elektroniĉke isprave na naĉin da tehnološka implementacija podrţi pravni okvir. Predloţeni su i formati dokumenata za ovaj model te korištenje formata naprednog elektroniĉkog potpisa. Predloţeni su formati iz AdES obitelji potpisa: XAdES, CAdES i PAdES. Na kraju rada je dan prijedlog uspostave infrastrukture za dugotrajno oĉuvanje potpisanih elektroniĉkih dokumenata u Republici Hrvatskoj.The aim of this PhD thesis is to develop a model of the information system for the long term storage of electronically signed documents within public administration domain. For the purpose of building the model, the referent theoretical model for the long term storage of electronic information objects - OAIS is elaborated. The responsibilities, components and the functional entities of the mentioned model are described. Theoretical findings in connection with public key infrastructure (PKI) are covered because of the technologies and concepts that support the confidence in electronic records: digital certificate, electronic signature, advanced electronic signature, certificate authority (CA), registration authority (RA), electronic timestamp etc. The EU Directive 1999/93/EC on a Community framework for electronic signatures was derrogated in the EU area by eIDAS regulation (EU Regulation no. 910/2014). The influence of the eIDAS regulation is far-reaching for the legal regulation of the elements for the longterm preservation of electronically signed records. The regulation laid out the concept of the qualified trust server provider (for the certificate issuance, timestamps, etc.). Certain formats of advanced electronic signature are thoroughly covered. Such signature formats enable longterm preservation what makes these formats particularly interesting. The processes of development and validation of advanced electronic signature are described in detail. The term Proof of Existence (PoE) of electronic signature is recognized as key for this thesis. Studying the area of the long-term integrity and authenticity preservation of electronic records with electronic signatures four strategies of preservation are covered: the removal of electronic signatures, keeping track of electronic signatures within the metadata, recording electronic signature validity within the blokchain and the preservation of electronic signatures. The preservation of electronic signatures was a challenge for this thesis because it is often implicitly defined within legal regulations. The concept of electronic public administration is thoroughly covered (the term, phases, mobile public administration, sectors). To have a better understanding of the importance of archives in the electronic public administration the context of electronic public administration in the European Union and in the Republic of Croatia is described. The author took part at InterPARES Trust research project that was based on the analysis of electronic public services. Different aspects of public e-services are analyzed, form the point of this work the results from the area of electronic records long-term preservation are especially interesting and as such are elaborated in this thesis. Furthermore, the availability of services and components based on the public key infrastructure in the Republic of Croatia that can be efficiently used for signing and long term-storage of electronically signed document infrastructure development is investigated. Finally the analysis of efficacy of electronic public administrations according to numerous methodologies is presented. A detailed analysis of different aspects of electronically signed documents (interoperability, legal regulation, preservation time period, long-term storage standards) is made. The term electronic document as a substitute for official paper documents issued by public administration is elaborated. Croatian and foreign legal regulations are analyzed. As a preparation for the long-term storage of electronically signed documents model an analysis of successful e-archive implementations from Croatia, Germany, Italy, Austria, Lithuania and Estonia is made. One referent model for the long-term storage is elaborated and the results of the E-ARK research project are analyzed. Based on the findings from the analysis of successful practices and referent models the author built a model of the information system for storage of electronically signed documents. The developed model is based on OAIS reference model. An important part of the above mentioned model development is the elaboration of preservation of the proof of existence term. The use of RFC 6283 (XMLERS) standard for the Evidence Record Syntax is recommended. On top of that the use of qualified trust service providers for certificates and for timestamps is key for this model development. Qualified timestamp also takes the meaning of an archive timestamp. The developed model implies signature renewal before an expiration of the validity of the algorithms used. The main purpose of the signature renewal is to insure the verification of completeness of already signed documents. Additionally, timestamps can lose their validity as time passes so new timestamps must be acquired in time. The solution for the electronic document long-term preservation is suggested so that technological implementation supports legal regulation. Document formats for this model are suggested as well as the usage of the advanced electronic signature format. The formats from the AdES family of signatures are proposed: XAdES, CAdES, PAdES. At the end of this thesis the suggestion to set up an infrastructure for the long-term storage of electronically signed documents in the Republic of Croatia is given

Electronic Signature Technology in Hungarian Governmental IT Projects in 2010-2015

To improve Hungarian e-governance capabilities by developing new IT services, the Hungarian Government has spent more than one hundred million Euros since 2010. As the base pillars of the Hungarian Digital State, a number of Controlled Electronic Administration Services (CEAS) have been implemented. The usability of any digital system which can be linked to trust depends on the authenticity of stored and processed information. Using unauthentic information may result in fraudulent activities, which should be avoided in the Administration. Electronic signatures are methods of authentication as defined by the 93/1999 Union enacted the Regulation (EU) No 910/2014 of the European Parliament and the Council called eIDAS. in September of 2014. eIDAS contains comprehensive and obligatory rules for applying electronic identification and electronic signature in Europe. It is the continuation of 93/1999 EU Directive, therefore addressing this topic is expected in IT projects in 2015. The examination was performed on IT projects coordinated by the Hungarian Governmental – Information Technology Development Agency. The analysis focuses on three questions: 1. Is electronic signature technology applied in project administration? 2. Which electronic signature attributes appear in the final results of the projects? 3. What kind of electronic signature dimensions appear in the projects? The presentation summarizes the main attributes of the examined projects, describes conceptual definitions of authenticity, gives a brief introduction into the electronic signature dimensions, and formulates conclusions about the success and lack of applying electronic signature elements in Hungarian Governmental IT projects