Chapter I
GENERAL PROVISIONS
Article 1. Scope
1. This Circular set forth file-based signing and validation of digital signatures on electronic documents (e-documents); technical and functional requirements of digital signature software, digital signature validation software for electronic documents of regulatory agencies.
2. This Circular does not provide for the use of digital signatures for electronic documents containing information on the list of state secrets.
Article 2. Regulated entities
1. This Circular applies to agencies and organizations (including: ministries, ministerial-level agencies, Governmental agencies, People's Committees at all levels, and public sector entities funded by state budget) and related organizations and individuals using digital signatures for electronic documents of regulatory agencies.
2. Other agencies and organizations are recommended to apply this Circular.
Article 3. Interpretation of terms
For the purposes of this Circular, these terms below shall be construed as follows:
1. “corporate digital certificate” means a digital certificate issued by a certificate authority (CA) to the head of a corporate as per the law.
2. “private digital certificate” means a digital certificate issued by a CA to a person holding title in a regulatory agency, a competent person in a corporate as per the law on management and use of seals.
3. “seal secret key” means a secret key corresponding to a corporate digital certificate.
4. “private key” means a secret key corresponding to a private digital certificate.
5. “corporate digital signature” means a digital signature created when using a seal secret key.
6. “private digital signature” means a digital signature created when using a private secret key.
7. “digital signature software” means software used to digitally sign an e-document.
8. “digital signature validation software” means a software used to verify the validity of the digital signature of the e-document.
9. “authenticity of a digitally-signed document” means that an e-document with a digital signature thereto can identify the digital signer, either personal signer or corporate signer, of the e-document.
10. “integrity of a digitally-signed document” means that the content of an e-document, after digitally signed, does not alter throughout the exchange, process and storing process.
11. “online certificate status protocol” (OCSP) means a protocol which enable applications to determine the state of digital certificates.
12. “security device” means a physical device to store digital certificate and private key of a subscriber.
Article 4. Rules for using digital signatures for electronic documents
1. A digital signature must be attached to the e-document after digitally signing.
2. A digitally-signed document must ensure authenticity and integrity throughout the process of exchanging, processing and storing the digitally-signed document.
Article 5. Management of private key and seal secret key
1. The person authorized to digitally sign document is responsible for securing the private key.
2. The head of corporate is responsible for assigning the clerical staff to manage and use the seal secret key as prescribed.
3. The device to store the seal secret key must be safely kept at the head office of the corporate.
Tìm kiếm
Thông tư 41/2017/TT-BTTTT (Bản Pdf)
Thông tư 41/2017/TT-BTTTT (Bản Word)