Sign your documents for free in minutes

Our electronic signature application provides you with a simple way to legally sign all your documents anytime from any device for free. By facilitating the electronic signature of documents, our solution eliminates the need for slow, costly paper signing processes, while creating legal signatures that provide integrity, trust and regulatory compliance.
> How to sign a document?
> How to check a signature?
> FAQ on the electronic signature

Sign, it's legal

Having your documents signed online is not only a time and money saving but it is also legal. Our solution is approved by the National Agency for Electronic Certification and meets a proven legal framework. Our signatures implement all ETSI signature standards, including XAdES, PAdES, CAdES, qualified signatures that respect the law on exchanges and e-commerce in Tunisia.
> More about ANCE (National Agency for Electronic Certification)
> More about ETSI (European Telecommunications Standards Institute)
> More info on the legal value of electronic signatures in Tunisia, Law n ° 2000-83 of 9 August 2000

Legal framework of the electronic signature in Tunisia

Tunisia has promulgated a law on electronic commerce: the law n ° 2000-83 of August 9th, 2000, relative to the exchanges and the electronic commerce, defined the electronic certificate and the electronic signature, favoring an environment favorable to the development of the exchanges and e-commerce, and allowed the creation of the National Electronic Certification Agency (ANCE) root authority of electronic certification in Tunisia, in order to represent the highest level of trust in the field of electronic certification, security of transactions and electronic exchanges.
The National Agency for Electronic Certification (ANCE) has the main vocation of securing electronic exchanges in various fields such as e-commerce, e-government, e-Banking, e-finance, e-commerce and e-commerce. as well as e-health ... Its role is to secure payment transactions and the authentication of different players. Thus any person wishing to perform a payment transaction on a secure site with a certificate from the National Agency of Electronic Certification can be sure that it addresses a reliable site and that all the data that it communicates are secure. The other main missions of ANCE are:

The ANCE essentially delivers two types of electronic certificates:

FAQ on the electronic signature

What is an electronic signature?

A handwritten signature consists of affixing a personal mark on a paper document. It expresses the will of the signatory and his agreement with the content of the document. Transposed in the electronic world, the electronic signature has the same legal value as the handwritten signature. .
The electronic signature consists of three components:

  • The document carrying the signature.
  • The signature itself.
  • The electronic certificate authenticating the signatory.

Is the electronic signature visible on the signed document?

The electronic signature differs from the written signature in that it is not visual but corresponds to a number or a series of numbers. Indeed, the action of digitally signing produces binary information commonly called electronic signature. A document may contain several electronic signatures.

What types of files can be signed electronically?

All types of files without exception can be signed (Word documents, PDF, XML, etc.). The most used file format is the PDF, for its portability and also the possibility of affixing several electronic signatures. But also standardized XML files for exchanges between public entities.

What is the use of the electronic signature?

Like handwritten signatures, electronic signatures are used to identify co-signatories (authors) of electronic data (an email for example).
Electronic signatures can guarantee the following security properties:

  • Authentication: Verifying the identity of a person (or a host: server and client). This guarantees the identity of the person who signed the data: the origin of the message, the document or the transaction is indisputable.
  • Confidentiality and Data Integrity: The electronic signature protects the integrity of the data. This means that the document received has not been tampered with, voluntarily or involuntarily. Otherwise, the document is flagged as having been modified.
  • Non-repudiation: the signatory of a document proves his identity. Non-repudiation establishes, later, who participated in a transaction. The sender can not deny having sent the message and the addressee can not deny having received it. Simply, non-repudiation means that information can not be rejected, just as with handwritten signatures.

Electronic signatures are created and verified through electronic certificates.

What is an electronic certificate?

An electronic certificate is a document in electronic form that aims to authenticate the identity of the signatory: it is the identity card of the electronic world.

What does an electronic certificate contain?

The information contained in the electronic certificate is as follows:

  • The name of the certificate holder.
  • The validity start date of the certificate.
  • The organization to which the wearer belongs (if necessary).
  • The address to find the Certificate Revocation Lists (CRLs).
  • The name of the trusted company, that is, the authority that issued the electronic certificate.
  • The signature of this authority on this certificate.
  • Possibly the photograph of the wearer or the logo of the company.
  • etc…

The electronic certificate is divided into two parts:

  • The first part contains the information.
  • The second part contains the signature of the authority that issued the certificate.

Who issues the electronic certificate?

The electronic certificate must be issued by a Certification Authority (CA) which is an organization recognized as competent to issue certificates to a population with which it has full confidence and to ensure their validity. It commits itself to the identity of a person through the electronic certificate that it gives him.
A certifying authority is responsible (vis-à-vis its customers, but also anyone relying on an electronic certificate it has issued) for the entire certification process and, consequently, for the validity of the certificates it issues. In addition, it defines the certification policy and enforces it.
A certification authority is organized around three basic functions:

  • Organization function: processing certificate requests, checking information, validating or rejecting requests, revoking certificates.
  • Technical function: responsible for the production of electronic certificates, secure end-to-end environment.
  • Certificate Distribution Function

How to sign a document?

When you sign a document, the signature software creates a digital fingerprint called a hash: a kind of digital digest consisting of a series of letters and numbers. The hash is unique (the smallest change in the document will produce a different hash). This hash is then encrypted (encrypted) using the private key of your digital certificate. The encrypted hash and the public key are together to compose the digital signature, appended to the document.

How to check a signature?

When the signed document is opened, the hash is decrypted using the signer's public key. Then the verification software recalculates the hash of the document: if it is identical to the hash previously decrypted, the document has not been modified. The software then displays a message certifying its integrity, as well as the signatory's name.
So the principle of the electronic signature rests on two families of algorithms, which will be used in a complementary way:

It is strongly recommended to associate a timestamp with each electronic signature.

What is a symmetric encryption algorithm?

The principle of an asymmetric algorithm is simple. A pair of digital keys is constructed in such a way that the cryptogram (encrypted text) generated from a clear text and one of the keys can be easily found only with the other key.
In practice, one of the keys is secretly kept: private key, while the other is public: public key. Only the owner of a private key (the emitter in our example) could have encrypted a decrypted text with the associated public key.

What is a hash function?

Is a one-way, collision-free function that calculates a fixed-size (or condensate) footprint from data of varying sizes. These functions are one-way because you can not find the original data from the fingerprint.
A function is said to be collision-free or injective when it is deemed very difficult to find two different sources leading to the same result.
The calculation of the condensate of a document and the comparison of it with its initial value makes it possible to control the integrity of a document.

What is electronic time stamping?

Many administrative procedures involve the date of dispatch of documents: submission of applications, replies to calls for tenders, various declarations, etc. Traditional mechanisms use the postmark.
The dematerialization of such procedures requires an electronic equivalent to this postmark. The PKCS # 7 format that describes the signed data containers in the e-mail includes a field to indicate the date the message was signed. However, the date and time of the signer's workstation are used in this field. The sender can therefore cheat by indicating wrong dates. Similarly, a malicious third party who has retrieved a private key associated with an expired certificate can artificially reduce the date of his machine within the validity period of the certificate and issue signed documents.
The electronic signature of a document is therefore inseparable from a mechanism that ensures that the document existed at a given date and time and has not been tampered with since. This is the time stamp. It consists in transmitting to a trusted authority, called timestamp authority, a request including the condensate of the document to be timestamped. The authority returns to the requester a time stamp, sthe condensate, a date, and a time, all signed by the time stamping authority.

> More info on the electronic signature