THE MINISTRY OF INFORMATION AND COMMUNICATIONS | | THE SOCIALIST REPUBLIC OF VIETNAM
Independence - Freedom - Happiness |
No. 22/2020/TT-BTTTT | | Hanoi, September 7, 2020 |
CIRCULAR
On technical requirements for digital signature software and digital signature verification software[1]
Pursuant to the November 29, 2005 Law on E-Transactions;
Pursuant to the Government’s Decree No. 130/2018/ND-CP of September 27, 2018, detailing the Law on E-Transactions regarding digital signatures and digital signature certification services;
Pursuant to the Government’s Decree No. 17/2017/ND-CP of February 17, 2017, defining the functions, tasks, powers and organizational structure of the Ministry of Information and Communications;
At the request of the Director of the National Electronic Authentication Center,
The Minister of Information and Communications promulgates the Circular on technical requirements for digital signature software and digital signature verification software.
Chapter I
GENERAL PROVISIONS
Article 1. Scope of regulation
1. This Circular prescribes technical requirements for digital signature software and digital signature verification software.
2. Technical requirements for digital signature software and digital signature verification software for e-documents in state agencies are not regulated by this Circular.
Article 2. Subjects of application
1. This Circular applies to agencies, organizations and individuals that choose to use digital signature software and digital signature verification software in e-transactions; digital signature certification authorities; and organizations and individuals that develop digital signature applications or use digital signatures.
2. This Circular does not apply to the Government’s specialized digital signature certification authority.
Article 3. Interpretation of terms
1. “Institutional digital certificate” means a type of e-certificate issued by a digital signature certification authority to provide identification information for the public key of an agency or organization to certify that such agency or organization signs the digital signature by using the corresponding private key.
2. “Personal digital certificate” means a type of e-certificate issued by a digital signature certification authority to provide identification information for the public key of an individual to certify that such individual signs the digital signature by using the corresponding private key.
3. “Institutional private key” means a private key corresponding to an institutional digital certificate.
4. “Personal private key” means a private key corresponding to a personal digital certificate.
5. “Digital signature software” means an independent software program or a software module or solution with the function of digitally signing in data messages.
6. “Digital signature verification software” means an independent software program or a software module or solution with the function of verifying validity of digital signatures on digital signature data messages.
7. “Trustworthy digital certificate link” means an Internet link on a digital certificate which indicates the digital signature certification authority having issued such digital certificate.
Chapter II
TECHNICAL REQUIREMENTS FOR DIGITAL SIGNATURE SOFTWARE AND DIGITAL SIGNATURE VERIFICATION SOFTWARE
Section 1
Digital signature software
Article 4. General requirements
To satisfy technical standards on digital signatures on data messages provided in the Appendix on the list of technical standards on digital signatures on data messages to this Circular.
Article 5. Functional requirements
1. The function of digital signing:
a/ To enable digital signers to use their personal private keys to digitally sign data messages, for individual digital signers;
b/ To enable digital signers to use their institutional private keys to digitally sign data messages, for institutional digital signers.
2. The function of checking validity of digital certificates:
a/ To enable the checking of a digital certificate of a digital signer on a data message that must be checked according to a trustworthy link on the digital certificate and must be transmitted to the National Digital Signature Certification Authority.
b/ Contents of checking validity of a digital certificate at the time of digital signing:
- Validity period of the digital certificate;
- Status of the digital certificate via the certificate revocation list (CRL) publicized at the time of digital signing or by using the online certificate status protocol (OCSP) in case the digital signature certification authority provides OCSP service;
- Encryption algorithm on the digital certificate;
- Use purpose and scope of the digital certificate.
c/ Validity of a digital certificate when fully meeting the following criteria:
- The digital certificate remains valid at the time of digital signing;
- Encryption algorithms on the digital certificate comply with currently effective regulations on compulsory technical regulations and standards on digital signatures and digital signature certification services;
- Status of the digital certificate at the time of digital signing is valid;
- The digital certificate is used for proper purposes and within its use scope.
3. The function of storing and annulling the following information together with digital signature data messages:
a/ The digital certificate corresponding to a private key used by a digital signer to sign a data message at the time of digital signing;
b/ The CRL at the time of signing provided by a digital signature certification authority that has issued a digital certificate for digital signing corresponding to the digital signature on the outgoing data message;
c/ Certification rules of a digital signature certification authority that has issued a digital certificate corresponding to the digital signature on the outgoing data message;
d/ Results of checking of the status of a digital certificate corresponding to the digital signature on the incoming data message.
4. The function of changing (adding or removing) digital certificates of digital signature certification authorities.
5. The function of notifying (in letters or by symbols) digital signers of whether the digital signing on data messages is successful or unsuccessful.
Section 2
Digital signature verification software
Article 6. General requirements
To satisfy technical standards on digital signatures on data messages provided in the Appendix on the list of technical standards on digital signatures on data messages to this Circular.
Article 7. Functional requirements
1. The function of checking validity of digital signatures on data messages:
a/ To enable the verification of digital signatures on data messages on the principle that a digital signature is created truthful to the private key corresponding to the public key on the digital certificate;
b/ To enable the checking of a digital signature of a digital signer on a data message that must be checked according to a trustworthy link on the digital certificate and must be transmitted to the National Digital Signature Certification Authority.
c/ To enable the checking and verification of the following information of a digital signer on a data message:
- Validity period of the digital certificate;
- Status of the digital certificate via the CRL publicized at the time of digital signing or by using the OCSP in case the digital signature certification authority provides OCSP service;
- Encryption algorithm on the digital certificate;
- Use purpose and scope of the digital certificate.
d/ Validity of a digital certificate when fully meeting the following criteria:
- The digital certificate remains valid at the time of digital signing;
- Encryption algorithms on the digital certificate comply with effective regulations on compulsory technical regulations and standards on digital signatures and digital signature certification services;
- Status of the digital certificate at the time of digital signing is valid;
- The digital certificate is used for proper purposes and within its use scope.
dd/ To enable the checking of integrity of a digital data message:
- To decrypt a digital signature on a data message to obtain information on a hash code;
- To use a secure hash algorithm that has generated the hash code on the digital signature to generate a hash code for the data message;
- To match 2 hash codes to check integrity of the digital signature data message.
e/ A digital signature on a data message is valid when:
- Information of the digital signer is exactly checked and verified;
- The digital certificate of the digital signer is valid at the time of signing;
- The digital signature on the data message is verified as matching the private key corresponding to the public key on the digital certificate and the data message is integral.
2. The function of storing and annulling the following information together with digital data messages:
a/ Digital certificates corresponding to digital signatures on incoming digitally signed data message;
b/ The digital signature verification authority’s CRLs at the time of signing corresponding to digital signatures on incoming data messages;
c/ Certification rules of the digital signature certification authority that has issued a digital certificate corresponding to digital signatures on the incoming data message;
d/ Results of the checking of status of a digital certificate corresponding to the digital signature on an incoming data message.
3. The function of changing (adding or removing) digital certificates of digital signature certification authorities.
4. The function of notifying (in letters or by symbols) to check validity of digital signatures.
Chapter III
IMPLEMENTATION PROVISIONS
Article 8. Organization of implementation
1. The National Electronic Authentication Center shall guide the implementation of this Circular.
2. Public digital signature certification authorities, specialized digital signature certification authorities of agencies or organizations shall publicize technical specifications (documents and toolkits) and digital certificates related to digital signature certification authorities and digital signature standards on websites of digital signature certification authorities.
3. Organizations and individuals that develop applications and use digital signatures shall comply with regulations on technical requirements and instructions for use of digital signature software and digital signature verification software.
Article 9. Transitional provisions
Agencies, organizations and individuals that use digital signature software and digital signature verification software before the effective date of this Circular may continue doing so until such software are changed, upgraded or replaced by new ones in compliance with this Circular.
Article 10. Effect
1. This Circular takes effect on November 1, 2020.
2. The Chief of the Office, the Director of the National Electronic Authentication Center, heads of agencies and units of the Ministry of Information and Communications, Directors of provincial-level Departments of Information and Communications, and related organizations and individuals shall implement this Circular.
3. Any problems arising in the course of implementation of this Circular should be promptly reported to the Ministry of Information and Communications (the National Electronic Authentication Center) for consideration and settlement.-
Minister of Information and Communications
NGUYEN MANH HUNG
* The Appendix to this Circular is not translated.
[1] Công Báo Nos 895-896 (24/9/2020)
Vietnamese
Circular 22/2020/TT-BTTTT DOC (Word)
Circular 22/2020/TT-BTTTT PDF (Original)
