|
THE MINISTRY OF
INFORMATION AND COMMUNICATIONS
-------
|
SOCIALIST
REPUBLIC OF VIET NAM
Independence - Freedom - Happiness
-------------------
|
|
No.
41/2017/TT-BTTTT
|
Hanoi, December
19, 2017
|
CIRCULAR
ON
USE OF DIGITAL SIGNATURES FOR ELECTRONIC DOCUMENTS OF REGULATORY AGENCIES
Pursuant to the Law on E-Transactions dated
November 29, 2005;
Pursuant to the Law on Information Technology
dated June 29, 2006;
The Government’s Decree No. 26/2017/ND-CP dated
February 15, 2007 on guidelines for the Law on E-transactions about digital
signatures and authentication of digital signatures, Government’s Decree No.
106/2011/ND-CP dated November 23, 2011 on amendments to Government’s Decree No.
26/2017/ND-CP and Government’s Decree No. 170/2013/ND-CP dated November 13,
2013 on amendments to Government’s Decree No. 26/2007/ND-CP and Decree No.
106/2011/ND-CP .
Pursuant to the Government's Decree No.
64/2007/ND-CP of April 10, 2007 on the application of information technology to
the operation of regulatory agencies;
Pursuant to Decree No. 01/2013/ND-CP dated
January 3, 2013 of the Government detailing the implementation of a number of
articles of the Law on Archives;
Pursuant to the Government's Decree No.
17/2017/ND-CP dated February 17, 2017 defining the functions, tasks, powers and
organizational structure of the Ministry of Information and Communications;
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
Chapter I
GENERAL PROVISIONS
Article 1. Scope
1. This Circular set forth file-based signing and
validation of digital signatures on electronic documents (e-documents);
technical and functional requirements of digital signature software, digital
signature validation software for electronic documents of regulatory agencies.
2. This Circular does not provide for the use of
digital signatures for electronic documents containing information on the list
of state secrets.
Article 2. Regulated entities
1. This Circular applies to agencies and
organizations (including: ministries, ministerial-level agencies, Governmental
agencies, People's Committees at all levels, and public sector entities funded
by state budget) and related organizations and individuals using digital
signatures for electronic documents of regulatory agencies.
2. Other agencies and organizations are recommended
to apply this Circular.
Article 3. Interpretation of
terms
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
1. “corporate digital certificate” means a digital
certificate issued by a certificate authority (CA) to the head of a corporate
as per the law.
2. “private digital certificate” means a digital
certificate issued by a CA to a person holding title in a regulatory agency, a
competent person in a corporate as per the law on management and use of seals.
3. “seal secret key” means a secret key
corresponding to a corporate digital certificate.
4. “private key” means a secret key corresponding
to a private digital certificate.
5. “corporate digital signature” means a digital
signature created when using a seal secret key.
6. “private digital signature” means a digital
signature created when using a private secret key.
7. “digital signature software” means software used
to digitally sign an e-document.
8. “digital signature validation software” means a
software used to verify the validity of the digital signature of the
e-document.
9. “authenticity of a digitally-signed document”
means that an e-document with a digital signature thereto can identify the
digital signer, either personal signer or corporate signer, of the e-document.
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
11. “online certificate status protocol” (OCSP)
means a protocol which enable applications to determine the state of digital
certificates.
12. “security device” means a physical device to
store digital certificate and private key of a subscriber.
Article 4. Rules for using
digital signatures for electronic documents
1. A digital signature must be attached to the
e-document after digitally signing.
2. A digitally-signed document must ensure
authenticity and integrity throughout the process of exchanging, processing and
storing the digitally-signed document.
Article 5. Management of
private key and seal secret key
1. The person authorized to digitally sign document
is responsible for securing the private key.
2. The head of corporate is responsible for
assigning the clerical staff to manage and use the seal secret key as
prescribed.
3. The device to store the seal secret key must be
safely kept at the head office of the corporate.
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
DIGITAL SIGNING AND
VERIFICATION OF DIGITAL SIGNATURE ON ELECTRONIC DOCUMENTS OF REGULATORY
AGENCIES
Article 6.
Digital signing on e-documents
1. The digital signing is done through digital
signature software; the successful or unsuccessful digital signing of
e-documents must be notified through the software.
2. Digital signing on e-documents
a) In case of personal signer, through digital
signature software, the competent person shall use the private key to digitally
sign the e-document;
b) In case of corporate signer, through digital
signature software, the clerical staff assigned to use the seal secret key of
the corporate shall digitally sign the e-document;
3. Information about digital signatures of personal
or corporate signer on e-documents shall be displayed in accordance with
regulations of the Ministry of Home Affairs.
4. Information about the personal or corporate
signer shall be managed in the database accompanying the digital signature
software. Information subject to management is specified in Clause 4, Article 1
of the Government's Decree No. 106/2011/ND-CP dated November 23, 2011.
Article 7. Verification of
digital signature on e-document
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
a) Decrypt the digital signature with the
corresponding public key;
b) Verify the information of the personal signer on
the digital certificate attached to the e-document; The verification of digital
signer shall comply with Article 8 of this Circular;
c) Check the integrity of the digitally-signed
document.
2. The digital signature on the e-document is valid
when the verification of information about the digital certificate of the
digital signer at the signing time is still valid, the digital signature is
created by the secret key corresponding to the public key on digital
certificate and the integrity of the e-document is ensured.
3. Information about the personal or corporate
signer on e-documents must be managed in the database accompanying the digital
signature validation software. Information subject to management is specified
in Clause 4, Article 1 of the Government's Decree No. 106/2011/ND-CP dated
November 23, 2011.
Article 8. Examination of
validity period of the digital certificate
1. The validity of a digital certificate at the
time of digital signing shall be checked following the steps below:
a) Examine the validity of the digital certificate
through the certificate revocation list (CRL) published at the time of digital
signing or through OCSP;
b) To check the digital certificate of a personal
signer on an e-document, it is required to pay a visit to the Root CA.
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
a) It still remains valid at the time of signing;
b) It is consistent with the scope of use and legal
liability of the signer;
c) The status of the digital certificate is still
active at the time of digital signing.
3. The digital certificate is invalid when it fails
to meet one of the criteria in Clause 2 of this Article.
Article 9. Profile attached to
digitally-signed document
1. Profile attached to digitally-signed document
includes:
a) Regarding outgoing documents:
- Digital certificate of the personal signer at the
time of signing;
- The certificate revocation list (CRL) at the time
of signing of CA;
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
- Liability of the signer;
- Certificate of valid time stamp at the time of
signing.
b) Regarding incoming documents:
- Digital certificates corresponding to digital
signatures on incoming documents;
- The certificate revocation list (CRL) at the time
of signing of CA;
- Certificate practices statement of CA at the time
of signing;
- Liability of the signer;
- Certificate of valid time stamp at the time of
receipt.
3. Profile attached to the e-document shall be
managed using digital signature software, digital signature validation software
suitable with the storage time of the e-document as prescribed.
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
1. The profile attached to e-document shall be
cancelled together with the e-document.
2. The cancellation of profile attached to
e-document may not prejudice other e-documents and shall ensure the ordinary
course of the system.
3. The profile attached to e-document shall be
cancelled using a software.
Chapter III
TECHNICAL AND FUNCTIONAL
REQUIREMENTS FOR DIGITAL SIGNATURE SOFTWARE, DIGITAL SIGNATURE VERIFICATION
SOFTWARE
Article 11. Technical and
functional requirements for digital signature software, digital signature
verification software
Digital signature software is an independent
software or a software module that meets the following requirements:
1. Satisfying the technical standards and
regulations specified in the appendix to this Circular;
2. Having function of digital signing on
e-documents as prescribed in Clauses 2, 3 and 4, Article 6 of this Circular;
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
4. Having the function of managing profile attached
to digitally-signed documents specified in Article 9 of this Circular;
5. Having the function of cancelling profile
attached to digitally-signed documents specified in Article 10 of this
Circular;
6. Having the function of notifying (by words/by
symbols) to the digital signer that the digital signing is successful or
unsuccessful;
7. Supporting the installation and integration of
root digital certificate of the CA to digitally sign documents into digital
signature software to check the validity of the digital certificate on
e-documents;
8. Affixing the time stamp at the time of digital
signing.
Article 12. Technical and
functional requirements for digital signature verification software
Digital signature validation software is an
independent software or a software module with functions to verify digital
signatures on e-documents that meets the following requirements:
1. Satisfying the technical standards and
regulations specified in the appendix to this Circular;
2. Having function of verifying digital signing on
e-documents as prescribed in Clauses 1, 2 and 3, Article 7 of this Circular;
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
4. Having the function of cancelling cache attached
to digitally-signed documents specified in Article 10 of this Circular;
5. Supporting the installation and integration of
root digital certificate of the CA to digitally sign documents into digital
signature validation software to check the validity of the digital certificate
on e-documents;
6. Having the function of notifying the result of
checking whether the digital signature is valid or invalid to the inspector;
7. Affixing the time stamp at the time of receiving
incoming document.
Chapter IV
IMPLEMENTATION
Article 13. Responsibilities
of the CA
1. Store, update and publish all of sufficient and
accurate information on the website of the CA and the website must be available
24 hours a day and 7 days a week (to assist in determining the validity of
digital signatures on e-documents)
a) Information related to the suspension and
revocation of digital certificates and revoked digital certificates of the
subscribers;
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
c) Certificate practices statement of the CA.
2. Disclose technical specifications (both
documentation and toolkit) related to the CA and digital signature standards;
provide the root digital certificate of the CA to software developers to
integrate into the digital signature validation software.
3. Encourage the CA to provide OCSP.
4. Provide Time Stamping services.
Article 14. Responsibilities
of corporate using digital signatures for e-documents.
1. Apply digital signature software and digital
signature validation software specified in Articles 11 and 12 of this Circular.
2. Initiate the network connection according to the
provisions of Clause 3, Article 8 of the Government's Decree No. 64/2007/ND-CP
of April 10, 2007 with safety, security and high availability.
3. Manage software products (according to their
versions) that have functions of digital signing, verification of digital
signatures, storing information attached to digitally-signed documents
corresponding to technical regulations and standards to ensure the
availability, compatibility and security in the process of using stored
digitally-signed document.
Article 15. Responsibilities
of the head of corporate using digital signature
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
2. Regularly check to ensure that the management
and use of digital signatures and digital certificates at the corporate comply
with this Circular and other relevant regulations.
3. Based on practice requirements and requirements
for information security in electronic transactions, make requests for issue,
revocation and suspension of personal and corporate digital certificates within
scope of management.
4. Upon request to convert stored digitally-signed
documents into new file format (for reasons of information security or obsolete
hardware or software), the head shall plan and seek approval from the
information technology authority, to ensure compatibility and validity of
digital signatures.
Article 16. Transitional
provision
Within 12 months from the effective date of this
Circular, agencies and organizations using software with digital signing and
digital signature validation functions that have not met technical requirements
and functions as prescribed in this Circular shall upgrade and supplement digital
signature software and digital signature validation software to meet
regulations.
Article 17. Implementation
1. The National Electronic Authentication Center
(NEAC) shall assume take charge and cooperate with the Legal Department and
concerned units in, guiding and providing technical assistance for the
implementation of this Circular.
2. The Departments of Information and
Communications of the provinces and centrally-affiliated cities, the
information technology authorities of the ministries, the ministerial-level
agencies, the Governmental agencies shall have the following responsibilities:
a) Disseminate the implementation of the provisions
of this Circular;
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
Article 18. Entry in force
1. This Circular comes into force as of February 5,
2018.
2. Chief of Office, Director of National Electronic
Authentication Center, relevant agencies, organizations and individuals shall
implement this Circular.
4. Difficulties that arise during the
implementation of this Circular should be reported to National Electronic
Authentication Center (affiliated to the Ministry of Information and
Communication) for consideration./.
MINISTER
Truong Minh Tuan
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
LIST OF STANDARDS IN DIGITAL SIGNATURES AND FORMAT OF
DIGITALLY-SIGNED DOCUMENTS
(Issued together with Circular No. 41/2017/TT-BTTTT dated December 19, 2017
of the Ministry of Information and Communications)
No.
Type of
standard
Standard symbol
Description of
standard
Application
1
Standard in format of electronic document
1.1
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
(.pdf)
Portable Document (.pdf) - Version 1.4 or later
Compulsory
1.2
Other format of digitally-signed document
including: docs, sheets, slides, graphic arts
Standard in docs, sheets, slides, graphic arts in
the list of technical standards in terms of application of information
technology in regulatory agencies.
Recommended
2
Standard in digital signature
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
Standard in digital signature
PKCS#1
RSA Cryptography Standard (version 2.1 or later)
Compulsory
TCVN 7635:2007
Cryptography techniques - digital signature
2.2
Secure Hash Standard
FIPS PUB 180-4
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
SHA-256, 384, 512 are compulsory
2.3
XML Encryption Syntax and Processing
XML Encryption Syntax and Processing
XML Encryption Syntax and Processing
Compulsory
XML Signature Syntax and Processing
XML Signature Syntax and Processing
Compulsory
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
XML Key Management Specification
XKMS v2.0
XML Key Management Specification version 2.0
Compulsory
2.5
Cryptographic message syntax for file-based
signing and encrypting
PKCS#7 v1.5 (RFC 2315)
Cryptographic message syntax for file-based
signing and encrypting
Compulsory
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
Standard in Time Stamping services
3.1
Time stample Protocol
RFC 3161
Internet X.509 Public Key Infrastructure - Time
stample Protocol
Compulsory
3.2
Time Stamping services
ISO/IEC
18014-1:2008
...
...
...
Hãy đăng nhập hoặc đăng ký Thành viên
Pro tại đây để xem toàn bộ văn bản tiếng Anh.
Compulsory
- Apply ISO/IEC 18014- 1:2008); ISO/IEC 18014-
2:2009); ISO/IEC 18014- 3:2009.
ISO/IEC
18014-2:2009
Information technology - Security techniques -
Time Stamping services -Part 2: Mechanisms producing independent tokens
ISO/IEC
18014-3:2009
Information technology - Security techniques -
Time-stamping services - Part 3: Mechanisms producing linked tokens
Đã cập nhật Luật Đất đai 2024 mới nhất