Aruba Digital Signature: what it is and how it works
Before moving on to the practical side of the matter, I would say to focus for a moment on how the Aruba Digital Signature works and on what are its main characteristics.
Well, the Aruba Digital Signature is one qualified electronic signature which is distinguished from a simple electronic signature by its requirements authenticity, integrity, not repudiation e legal validity. In this regard, it should be emphasized that this type of electronic signature has the same value as the handwritten signature, with a further guarantee on the provenance and invariability of the information contained in the signed document. This value is recognized not only in the city, but throughout the European Union.
The Aruba Digital Signature can be useful in many contexts. Eg, businesses and companies they can use it to sign contracts, invoices, budgets, purchase orders, minutes of meetings, communications with the PA (eg with the Chamber of Commerce, Municipalities, INAIL and INPS) for filing budgets, declarations and deeds of incorporation. This also facilitates the dematerialization, that is, it reduces the need to print, send and archive paper documents, with positive impacts on the environment, on working times and on the costs to be incurred. Furthermore, it makes sharing documents much easier, so that they can be exchanged "on the fly" through tools such as e-mail or even messaging platforms, such as WhatsApp.
I private citizensinstead, they can use the Aruba Digital Signature to sign requests to the PA and contracts with individuals, businesses and PAs. Also in this case, there are countless advantages in terms of time saved (avoiding many queues in physical offices), respect for the environment and costs incurred compared to paper documents.
Both individuals and companies, of course, can use the digital signature for check the signatures on the electronic documents received.
Maybe not everyone knows, but there digital signature is mandatory for public funding or tenders: its failure to affix on documents in these contexts, in fact, is a cause of exclusion. In other fields it is not yet mandatory but, as amply emphasized in the previous lines, it represents a very useful tool for speeding up work and optimizing time and costs.
But how does the Aruba Digital Signature work in detail? Behind there is a lot of technology with high security standards, but on the user side it is all very simple and intuitive. After purchasing the Aruba Remote Digital Signature or Digital Firma kit Aruba (I'll better explain the differences between the two later) and having done the recognition, Just select the document to sign using the signature software for PC or mobile devices (the latter only available in the case of a remote digital signature), choose the signature format among those available and sign using the PIN or OTP code (depending on the system used).
What happens "behind the scenes", and which Aruba software deals entirely with, is much more complex. The whole is based on a asymmetric encryption system, or with a double key, consisting of a private key and a public key: the private key is used by those who subscribe and encrypt the document; the public one is used by the recipient of the document to verify its integrity and origin.
Going even more specifically, the signature process is divided into three phases: the Aruba software generates theunique and non-invertible footprint for the document through a mathematical hash algorithm (thus making any changes made to the document immediately detectable), then generates the digital signature encrypting the fingerprint generated before with a private key (in order to bind the signature both to the subscriber and to the signed text), finally affix your signature.
The recipient can then use the Aruba software to verify the signature; by doing so it will be able to go back to the public key of the sender, which will decipher the signature produced by the imprint of the document. At that point, thanks to the hash function on the signed document, the recipient's software will generate a fingerprint and, if the two fingerprints coincide, you will be sure that the document is intact, authentic and signed by the person holding the certificate.
I know, it probably all seems very complex to you but, I repeat, all this happens "behind the scenes": it deals with all the Aruba software with the highest security standards. On the user side just make a few clicks (or a few taps) and that's it!
In case you need more information, you can take a look at the official Aruba website, where you can find out what the digital signature is and how it works.
Remote Digital Signature and Aruba Digital Signature Kit: the differences
As mentioned above, Aruba offers both the service of Remote Digital Signature both the most classic Digital Company kit. But what are they exactly, and how do they differ?
Let's start by saying that both the remote digital signature and the digital signature kits have the same security features and legal value, as both work on the basis of the mechanisms described in the previous chapter and both are issued through the recognition of the user by accredited operators, as required by law.
What changes are the devices used and the methods of signing. As easily understood, the Remote Digital Signature provides that the signature certificate is not hosted by a physical device that the user must use to sign their documents, but by Aruba's secure servers. This means that you can use the service from any device, including smartphones and tablets. In this case, the signature is affixed by entering the data of your Aruba signature account and generating a OTP code via the app Aruba OTP available for Android and iOS / iPadOS. As can be easily understood, this also allows you to save on shipping costs (as no devices necessary for the use of the signature are shipped) and to speed up the service activation process.
If for any reason the app on smartphones is not considered convenient, it is possible to request physical devices for generating OTP codes, such as a key with integrated display (similar to that of banks) or a key to be connected to the PC, paying in this case a small contribution for the shipment of the same.
Classic wines Digital Company kit, on the other hand, in any case, provide for the use of physical devices to be connected to the PC to apply the digital signature, as the signature certificate is included in a smart card which, depending on the case, can be supplied in SIM format or in credit card size. Specifically, you can choose between the USB stick Aruba Key with everything you need to sign and verify the signature of electronic documents already included (no need to install drivers or other software); the token USB, that is another key which however requires the separate installation of drivers and signature software; or the smart card reader with credit card-sized smart card.
The signature process with classic kits involves connecting the aforementioned devices to the PC and entering a PIN. As can be easily understood, for the purchase of all the Digital Signature kits there are small expenses to be incurred for the shipment of the devices.
Aruba Digital Signature: cost
We come now at Aruba offers for the Digital Signature. As noted above, both the Remote Digital Signature, which does not require the use of dedicated hardware devices (the certificate resides on Aruba's secure servers and the signature is applied via OTP codes to be generated via the app or, optionally, via physical OTP devices), both digital firm kit in USB format or with smart card reader and CNS authentication certificate for secure access to PA services.
The offer for the Aruba Remote Digital Signature it is available in three versions.
- With the generation of codes from the smartphone / tablet app (Android and iOS). OTP Mobile costs 36 euros + VAT. It does not require the sending of physical devices and therefore has a faster activation. It is valid for 3 years. More info here.
- With OTP device with display, that is a sort of stand-alone key with integrated display and key to generate the OTP codes. The device does not require connection to a PC, smartphone or tablet and therefore does not require installations. It costs 36 euros + VAT, to which 7 euros + VAT must be added for shipping the device. It is valid for 3 years. More info here.
- With USB OTP device, that is a USB key to be connected to the computer to generate the OTP codes. It is durable and waterproof, does not drain (as it has no battery) and works without driver installation. It costs 36 euros + VAT, to which 7 euros + VAT must be added for shipping the device. It is valid for 3 years. More info here.
These, on the other hand, are the solutions for the more classic Digital Aruba Company, which requires the use of dedicated hardware devices.
- Aruba Key - costs 61 euros + VAT, to which 10 euros + VAT must be added for shipping the kit. It is a USB key that must be connected to the computer and includes the pre-installed ArubaKey software to sign and verify the integrity of the documents received. It does not require drivers to work and also includes the CNS authentication certificate for secure access to the PA services. It is valid for 3 years. More info here.
- Token - costs 42 euros + VAT, to which 10 euros + VAT must be added for the shipment of the kit. It is another USB stick to connect to the computer, but in this case the need to install the drivers and the ArubaSign software. It allows you to sign documents and also includes the CNS authentication certificate for secure access to PA services. It is valid for 3 years. More info here.
- Smart card + reader - costs 40 euros + VAT, to which 10 euros + VAT must be added for the shipment of the kit. It includes a USB smart card reader to be connected to the computer (requires the installation of special drivers and the ArubaSign software) and the smart card containing the signature certificate in credit card format (which in the other kits is in SIM format). It includes the CNS authentication certificate for secure access to PA services and is valid for 3 years. More info here.
- Smart card CNS - those who already have a reader can only purchase the CNS smart card in credit card or SIM format to sign emails, PDFs and all other documents and securely access PA services, always valid for 3 years. It costs 25 euros + VAT, to which 10 euros + VAT must be added for shipping.
Finally, I would like to point out that it is also possible to buy the only ones Digital Signature readers (for those who already have a smart card) or alone Remote Digital Signature devices (for those who need to replace their OTP device) with prices starting from 10 euros + VAT, to which 7 euros + shipping VAT must be added. More info here.
For the business sector, Aruba also offers the service of Massive Automatic Signature, to sign large quantities of documents (based on the ASB, Aruba Security Box), and the Graphometric Signature through a graphic tablet (with specific configurations based on the needs of each company). More info here.
I remind you that the renewal of the Digital Signature it can be performed starting from 2 months before the expiration date of the same. Once the expiry date of the signature certificate has passed, it is not possible to renew it in any way (it is necessary to purchase a new signature kit). More info here.
How to obtain the Aruba Digital Signature
Having clarified the basic functioning of the Aruba Digital Signature, you may be wondering how to get it. Well, know that this is a very simple procedure, which can also be completed completely remotely using a computer, smartphone or tablet.
The first step you must take is to connect to the official website of the Aruba Digital Signature, select the product of your interest from those available (Remote Digital Signature o Digital Company kit) and click on the relevant one purchase button.
Once this is done, log into yours Aruba account or create one at the moment by clicking on the button Subscribe, indicating if you are Physical person (private), Freelance, Company (including associations, associated studies, institutions, condos), Individual Company o Public Administration and filling in the next form proposed with the requested data. If you already had an account and you have forgotten it, after entering your CF, the system will guide you in recovering the access password.
Once logged in, check that your details are correct, indicate the details of a valid identity document and choose one recognition mode among those available, for example online recognition via webcam or mobile app (for Android and iOS / iPadOS), recognition in person at the municipal office, or remote recognition via CIE (Electronic Identity Card) or CNS (National Service Card) via smart card reader to be connected to the PC. It should be emphasized that recognition is a procedure required by law, mandatory for all services of this type, and it is the process that guarantees that the signatory is who he says he is and is therefore a pillar of all the qualified signature.
Finally, it indicates theshipping address of the product (if this involves sending physical devices), accepts the contractual conditions and complete the payment via one of the supported methods (e.g. credit card, PayPal, bank transfer and bulletin). You will then receive via email all the instructions necessary to activate the service based on the chosen recognition method.
In the case of recognition via webcam or app, for example, you will need to access the link received via email or press on the appropriate key smartphone app, wait for an operator (or book the call for when it suits you) and make the video call, during which you will have to confirm yours give and you will have to show yours papers indicated during registration. It will take a few minutes.
How to activate the Aruba Digital Signature
Following the identity verification, you will receive anconfirmation email: inside you will find a link that will allow you to activate the Aruba Digital Signature. To do this, in case of Remote Digital Signature, all you have to do is enter the details of the identity document that you used during the identity verification phase (eg. fiscal Code for in your languagen users) and the secret code that you receive via SMS in the appropriate text fields.
Once this is done, you will have to choose username e Password to use to digitally sign your documents. Choose these data carefully, enter them in the relevant text fields and press the button Continue.
At this point you will be shown the instructions to activate your signature tool. In the case of the Remote Digital Signature with OTP to be generated via the app, for example, you will be asked to download the application Aruba OTP from the Android or iOS / iPadOS store and to configure your account in the latter.
To configure the Aruba Digital Signature account in the Aruba OTP app, just press the button Create new account and choose whether to frame the QR code displayed on the Aruba website (by pressing the appropriate button) or if you manually type the activation code (present on the same page). Once this is done, just press the button Attiva in the app, type a OTP code generated by the same on the Aruba site and that's it! From now on, you can use the Aruba OTP app to generate the OTP codes needed to sign your documents.
In the case of Digital Firma kit Aruba, you will have to connect to this page instead, click on the button Attiva relating to your kit, declare to be in possession of the of necessary documentation (serial of the smart card, tax code of the service owner and mobile phone on which an SMS with the activation code will be sent) and that the envelope that contained the material received was integra. You will then have to enter serial code of the smart card, tax code of the holder e continue with activation following the instructions on the screen.
How to use the Aruba Remote Digital Signature
Once you have purchased and activated the Aruba Remote Digital Signature, signing and verifying documents electronically is really a breeze.
On a computer it is possible to do everything through the software ArubaSign, available for both Windows (also in version for the visually impaired) and for MacOS e Linux. To get it, just go to the Aruba website and click on the item first ArubaSign signature software and then on the button Download the Software related to the operating system in use on your computer.
To download completed, a PC Windows, start the .exe file obtained and click in sequence on the buttons Yes e end, but will conclude the setup.
If you use a MacInstead, open the .dmg file you got and copy the icon of ArubaSign in the folder Applications say macOS.
Perfect: now you are ready to take action. The steps to be taken are the same for all operating systems.
To get started, launch the signature software and go to the Company, to select the files to be digitally signed (you can drag them into the program window or click on the button Select documents and select them manually). All types of files are supported (depending on the type of file, the types of signatures that can be applied change).
Choose, therefore, the firm format (Eg. CAdES, Pads o ASiC-S/ASiC-E) you want to use and decide whether to affix the time stamp to the documents selected through the appropriate menus and checkboxes you see on the screen.
Finally, hit the button Go ahead and sign, indicates what kind of signature to use between remote signature e signature with device, enter the relevant information in the fields below (username e Password chosen before e OTP code for remote signature or the PIN for the signature device), press the button Continue And that's it. If you want to apply a time stamp contextual to the signature, check the appropriate box, making sure that you have entered the username and password of the timestamp account in the preferences.
If you want, you can also call ArubaSign from Windows context menu: just right click on a file and you will find the functions Figure, Company e Brand of the program at the click of a mouse.
If you want check a document already signed, select the tab instead Verifica and drag the documents to be checked into them (or press the button Select documents and select them "manually").
In a few seconds, you will be shown all the information about the validity of the signature,trustworthiness of the certificate used for the signature and the legal validity of the same. By clicking on the item Show details you will find indicated if the signature is intact, if he certificate is trusted and yes the certificate has legal validity. Then clicking on the buttons Show certificate e Show signature properties, you will be able to view (and possibly export) the information in question.
If necessary, you can also add one signature or a controfirm to the controlled file, by clicking on one of the appropriate buttons located at the top left and then proceeding as explained above for the affixing of a digital signature.
Finally, I point out that by going to the menu Pref Renze of ArubaSign and selecting the item Functionality from the left sidebar you can choose whether to display the tabs as well Figure, deciphers e Time stamp in the program.
Give smartphone and tablet
Aruba's Remote Digital Signature gives the possibility to sign and verify documents even from the comfort of smartphones and tablets. Just install the application Aruba Signature, available for both Android and iOS / iPadOS (which you can download directly from the store of your device, by visiting the links I just provided).
When the app installation is complete, start it and go to the menu of settings to insert the username that you used to activate your Remote Digital Signature in the field Username/IDLogin.
Once this is done, go to the tab To sign, award-winning capacitor positive (+) lead and select the document to sign or verify. Then, click on the icon of the document you just added to the app and, if you want to sign it, select the item Company give the menu check if you press.
Next, select the type of signature you want to use (eg. CAdES, Pads o ASiC-S) from the appropriate field; if you wish, activate the switch relative to time stamp request (more info here), enter the Password that you have set for your digital signature in the field provided and press the button Continue. Finally, type the OTP code generated with the app Aruba OTP or with yours physical OTP device, award-winning Company And that's it.
To verify a document already signed, instead, add it to the app as mentioned above and select it. You will automatically be shown information about the validity of the signature,trustworthiness of the certificate and its legal validity.
How to use Aruba Digital Signature kits
If you have opted to purchase a Digital Firma kit Aruba, Then ArubaKey, USB token o smart card reader, you must first install the smart card in the device.
Following that, if you have one ArubaKey, connect it to the PC and within a few seconds the device should be already configured and ready to use (as it does not require drivers and contains all the programs necessary for signing and verifying documents). In case the software does not start automatically ArubaKey, log in to Computer / This PC / My Computer da File Explorer, open the unit related to ArubaKey and start the file autorun.exe.
In the case of a USB token or smart card reader, however, you must install the driver and software ArubaSign. Therefore, connect to the Aruba site and download the reader drivers for your computer's operating system and the ArubaSign signature software.
When the download is complete, open the driver and follow the on-screen instructions to complete the setup. Just a few clicks; later also install the software di firma ArubaSign as explained in the Aruba Remote Digital Signature chapter of this guide.
Mission accomplished! Now you just have to open the program ArubaSign and use it to sign and verify your documents just as seen earlier in the Aruba Remote Digital Signature chapter of this guide. Clearly, instead of the OTP code to be generated with the OTP app or device you will have to use the PIN of your smart card.
To take advantage of the CNS (National Service Card) included in your Aruba Digital Signature kit and import the certificates on your browser to authenticate yourself to the Telematic Access Points (eg. Justice Portal, SUAP, Cassa Geometri) or to public administration sites (eg. INPS, Revenue Agency, etc.), click on the button Applications of the Aruba software, then open Firefox. The certificate will be automatically recognized by the PA sites and you can consult the services by entering yours PIN when required. To import the certificates from the PC, you need to go to the section Utilities> Import certificate del software Aruba.
For more information
In case you need to more information on the Aruba Digital Signature, I invite you to consult the official guide, in which you will find all the answers to the most frequently asked questions about the service and the instructions relating to the operation of both the Digital Signature and the Remote Digital Signature. Furthermore, you may be interested in the articles dedicated to the Digital Signature in the Aruba Magazine or the video pills with the most important information on the Digital Signature and the services offered in this area by Aruba.
And if you need assistance from a human operator, I remind you that the Aruba direct assistance service is available through which you can expose your doubts to a consultant in the flesh.
Article created in collaboration with Aruba.How the Aruba Digital Signature works