Qualified storage (archive)

Long-term validability (of an electronic signature, electronic seal, time stamp) means that any time in the future it will be possible to verify with certainty that the document has not been changed, the electronic signature attached to the document was valid at the time of signing and who owned the signature. If more than one electronic signature is attached to the document, each one of them must be secured in this way.

The Qualified storage module (since version 10.2.4 – it was called Long-term digital archive in the older versions) is used to provide long-term validity and long-term archiving of documents.

For its Qualified storage, FormFlow uses the following European standards:

PAdES (PDF Advanced Electronic Signatures)

Specific technical requirements on electronic signatures attached to PDF documents. They include the encryption algorithm type, attributes used in hash calculation, etc.

XAdES (XML Advanced Electronic Signatures)

A set of extensions to XML-DSig, which is XML syntax for electronic signatures defining specific technical requirements for electronic signatures attached to XML documents (e.g. xml, isdoc, zfo, fo).

CAdES (Cryptographic Message Syntax Advanced Electronic Signatures)

Defines the requirements for an electronic signature to sign any data (for example documents in common office formats). In this format, signatures, seals and stamps are usually stored in a separate file.

In FormFlow context including this manual, a document means a form attachment.

Validity and validability of an electronic signature must not be interrupted even for the shortest time. This means that the first time stamp must be attached before the certificate used for signing expires or is invalidated, and that before the time stamp expiry another time stamp must be attached. As a result, archiving must be understood as a process. A document must be cared for constantly, simply saving it is not enough.

Qualified storage is only possible for documents that meet the following:

  • they are attachments of finished forms,

  • they are registered in the database,

  • long-term document preservation is enabled in section Details/Long-Term Docs of the form template,

  • the service Import of attachments from finished processes (udat) has been run.