Jiří Filip An electronic signature, or a qualified certificate, which is used for an electronic signature, has a very wide range of uses today, when the popularity of exchanging information via the Internet is growing. It can be used in almost every field, for example, it allows you to communicate online with the state administration, insurance companies or submit applications for EU subsidies. As much as it can make your life easier, it can also complicate your life if you don't know exactly how to use it. Working with special tokens and certificates can sometimes be a little complicated, and that is why we have prepared a guide for you that will guide you through all the pitfalls. Since most of you probably own Apple products, we will focus mainly on the specifics of using an electronic signature on Mac OS.
Guaranteed vs. qualified electronic signature - do you know the difference between them?
Before you start working with electronic signatures, you should clarify which type you need to use.
Guaranteed electronic signature
Guaranteed electronic signature allows you to sign PDF or MS Word files and communicate with the state administration. It is based on a qualified certificate that must be issued by an accredited certification authority. Within the Czech Republic, it is the First Certification Authority,
PostSignum (Czech Post) or eIdentity. However, the advice and tips on the following lines will be based mainly on experience with PostSignum.
How to apply for a qualified certificate for establishing a guaranteed electronic signature?
You can create a request for a qualified certificate on Mac OS in Klíčenka. There, via the main menu, you will find the certification guide and then request a certificate from the certification authority. Once you have successfully obtained the public part of the certificate, you need to import the created certificate to your computer. It is necessary to set it up in the Keychain and give it the so-called trustworthiness - select "always trust".
Qualified electronic signature
Qualified electronic signature it must be used by all public authorities with effect from 20 September 9, but in some cases it is also needed for users from the private sector. It can be met, for example, by lawyers and notaries who need to work with CzechPOINT when performing authorized document conversions.
It's about electronic signature, which is characterized by a high level of security – it must be guaranteed, based on a qualified certificate for electronic signatures, and in addition, it must be created by a qualified means of creating signatures (USB token, smart card). Simply put - a qualified electronic signature is not directly on your PC, but is generated into a token or card.
Obtaining a qualified electronic signature is not without small complications
If you want to start using a qualified electronic signature, you unfortunately cannot generate a certificate request as easily as with a guaranteed signature. He is needed for that the iSignum program, which is not supported by Mac OS. The application and subsequent installation must therefore be done on a computer with a Windows operating system.
How to use electronic signatures on Mac OS?
If you only need to solve the usual signing of documents and communication with the authorities, you can use it in most cases guaranteed electronic signature. Using it is as simple as getting it. All you have to do is use the Keychain in which you handled the request and settings.
In case you need qualified electronic signature, the whole process is a bit more complicated. The main problem is the security of the keychain, which has been modified in Mac OS, especially since the Catalina version, so that does not display certificates stored outside, i.e. those found on the token, for example. The whole system thus complicates the setting of a qualified signature for ordinary users to the point that it is almost impossible. Fortunately, there is a way out. If you have already imported the certificate on the token and installed the service software (e.g. Safenet Authentication Client), you have two options on how to proceed, depending on what exactly you will use your electronic signature for.
If you plan to use a qualified electronic signature when participating in subsidy programs or when communicating with authorities from other EU member states, or if you are, for example, a lawyer who works with CzechPOINT and performs authorized document conversions, Mac OS alone will not be enough for you. For these operations, in addition to tokens and chip cards with a qualified and commercial certificate, you also need a program 602XML Filler, which is only functional on the Windows operating system.
However, this does not mean that you will need a new computer with a different operating system to work with a qualified electronic signature. The solution is a program Parallels Desktop, which gives you a second desktop to run Windows on. In order for everything to work properly, it is also necessary to adjust the desktop after the initial setup terms of sharing tokens and smart cards between the two systems so that Windows has access to everything it needs. The only thing you should consider before buying Parallels Desktop (currently €99 per year) is your computer's capabilities. The program needs about 30 GB of hard disk space and about 8 to 16 GB of memory.
If you only need to sign with the certificate on the token and you will not use the 602XML Filler program, you don't even need to get a second Parallels Desktop. In Adobe Acrobat Reader DC, simply set the token as Module in the application preferences and make partial settings in the Terminal application.
How to simplify the settings?
The hints and tips described above are not among the easiest to set up and require a more advanced user experience. If you want to significantly simplify the whole process, you can turn to professionals. You can use either one of the IT experts who is dedicated to this area, or you can bet on a specialized external registration authority, e.g. electronickypodpis.cz, whose staff will come directly to your office and help you with everything.
Basically a copy of the article https://advokatnidenik.cz/2020/10/31/elektronicky-podpis-na-mac-os-dobre-rady-advokatum/ without any added value. Sad.
Basically an advertisement for a commercial service. It can't be stated there which parameters and how to set them using the terminal?
Why don't you write directly how to sign a PDF or Word document on Mac? Information from the article can also be found on the public administration website...