The Electronic Identity Card (CIE) is issued by the Italian State and can be used as an advanced electronic signature device (FEA) to sign electronic documents.
It is possible to sign files of any extension (.pdf, .jpg, .png…) with the CIE. Different types of signature are allowed:
- “PAdES” – to produce a digitally signed PDF file;
- “CAdES” – for all other file types.
In order to sign a file with the Electronic Identity Card it is necessary to be physically in possession of the card (“local” signature mode), and know the PIN code. There are currently two signature modalities available:
- “Desktop” – the electronic signature is created via a computer connected to a contactless smart card reader to read the CIE, on which the “CIE Software” must be installed.
- “Mobile” – the electronic signature is carried out through a smartphone equipped with NFC interface on which the app “CieSign” (available at the Google Play store and App Store) must be installed.
Electronic signature verification, whether in CAdES (file with p7m extension) or PAdES (file with pdf extension) format, can be done with:
- CieSign app (available on Google Play and App Store).
- Suite pki.difesa.it – made available by the Defense General Staff.
For PAdES format only (files with pdf extension) the Acrobat app can be used for verification.
The electronically signed document with CIE can be easily shared via e-mail, WhatsApp and other messaging apps.
The signature with CIE is regulated by the Italian legislation and recognized by the Public Administrations that allow its use.
FEA – Regulation
EU Regulation No. 910/2014 – eIDAS (Electronic IDentification Authentication and Signature) provides for three types of electronic signatures, including the Advanced Electronic Signature (FEA), and establishes the principle of non-discrimination of electronic documents compared to paper documents.
Signing with the CIE meets the requirements of the European eIDAS regulation for Advanced Electronic Signature. In particular, Article 26 sets out the FEA requirements:
- unequivocally associated with the signer;
- capable of identifying the signatory;
- created using data for the creation of an electronic signature which the signatory can, with a high level of security, use under his own exclusive control;
- associated with the subscribed data in order to allow the identification of any subsequent modification.
As far as the technical characteristics of the document are concerned, as well as the authorization process that allows it to be issued, the Electronic Identity Card fully satisfies these requirements, in that:
- it is a document that must be requested at the Municipality of residence/stay or at the reference Consulate for Italian citizens residing abroad. The identification of the applicant is entrusted to a public official;
- it is a document issued by the Ministry of the Interior, which digitally signs the datas, making them unchangeable;
- the digital signature key is certified by the Ministry of the Interior and can be used only after entering a PIN, which can be replaced by a biometric verification in case of use from smartphone;
- this method guarantees its authenticity and integrity.
It is the Italian State that certifies and guarantees the identity of the holder of the CIE, while the high security mechanisms inside the document protect the data, guaranteeing its inalterability.
With art. 61 of the DPCM of 22 February 2013, also the Italian legislation recognizes the use of the CIE as an advanced electronic signature tool for the services and activities referred to in articles 64 and 65 of the “Codice dell’Amministrazione Digitale” (CAD).
Art. 20 co. 1-bis of the Digital Administration Code also states that the computer document on which is placed a digital signature, another type of qualified electronic signature or an advanced electronic signature or, in any case, is created after computer identification of its author satisfies the requirement of written form and has the effectiveness provided for by art. 2702 of the Civil Code.
The FEA can be used in any context, except for the subscription of the particular acts indicated in points 1 to 12 of art. 1350 c.c. – such as real estate transactions – for which the legislator necessarily requires a higher level electronic signature, i.e. the qualified electronic signature (FEQ).