TL and QES Applications

The application QES.zip v.1.0.0.32 (32-bit, SHA-256, zip, 3.7 MB) / QES64.zip v.1.0.0.17 (64-bit, SHA-512, zip, 4.6 MB) has been developed by NSA officer in accordance with Commission Implementing Decision (EU) 2015/1505 and Commission Implementing Decision (EU) 2015/1506 for signing, sealing, time-stamping by qualified electronic signature, by qualified electronic seal, by qualified electronic time-stamp, as well as for browsing with the possibility to export authorized documents from ASiC and PDF containers.

  • It is not necessary to install the application. After saving the application into directory with writing access permission it is possible to launch the application directly or to create a shortcut stored at desktop and launch the application through this shortcut.
  • To use a smart card (e.g. eID card) it is necessary before launching the application to insert the smart card into the smart-card-reader and to click the button “Reconnect keys”.
  • If within the application a container of the ZEPf (.ZEP) format, containing the signature, will be opened, it will be automatically offer saving in ASiC-S. If an (.eml) signed document will be opened, signed in (.ZEP), saving the enveloped document from (.eml) will be offered.
  • In browsing the signature container ASiC or PDF the application will count all the signatures and time-stamps and displays their numbers. After entering the signature number or time-stamp number the application will mark the signed or time-stamped documents. User can subsequently export them from the container for further usage. After clicking the DSId button the identifier of the marked signature or time-stamp will be saved into the (*.PDF.DSId) file or (*.ASiCE.DSId) file of the browsed container. It is possible to send the identifier in the (*.DSId) file together with the container file to a relying party for working only with the documents which had been secured by this signature or time-stamp. Example of signature identifier usage for viewing the secured documents of the container in the command line: “QES.exe /p doc.pdf /DSId doc.pdf.DSId“ or „QES.exe /a doc.asice /DSId doc.asice.DSId“.
  • Validation has not yet been implemented.

The application LockIt.zip (zip, 3.2 MB) has been developed by the NSA officer for signing a trusted list (TL – Trusted List) in accordance with Commission Decision 2009/767/EC. The application is also in compliance with Commission Implementing Decision (EU) 2015/1505 of 8 September 2015 laying down technical specifications and formats relating to trusted lists pursuant to Article 22(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (Text with EEA relevance).

The application has been completed with the support for creating the qualified electronic signature or seal (QES) and is in compliance with Commission Implementing Decision (EU) 2015/1506 of 8 September 2015 laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognised by public sector bodies pursuant to Articles 27(5) and 37(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (Text with EEA relevance).

LockIt can be used to create PDF, CMS or XML qualified electronic signature or the qualified electronic seal, to open the file with the “*.ZEP” extension and to verify the signature integrity. Verification of the certificate validity is not currently automated but requires manual verification of the certificate validity. An automated mode for the certificate validity verification (also according to Trusted List) through CRL or OCSP is under preparation.

It is not necessary to install the LockIt application. After unwrapping the ZIP, LockIt.exe file shall be launched directly.

In case there is not an application in the computer for opening the file with the“*.ZEP” extension, it is possible to set the file opening in the LockIt application and subsequently to verify and store the documents being verified (electronic original).

Guidelines on file opening with the ZEP extension (pdf, 164 kB)

The qualified electronic signature (QES) is defined in EU legislation, particularly in Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing the Directive 1999/93/EC.

The ZEP extension of the file name is a renamed ZIP containing the electronic document and its signature or seal in the signature format defined by the NSA standard. The signature format defined for CMS advanced electronic signature in the NSA standard, stored in ZEP container, is in compliance with the Annex of Commission Implementing Decision (EU) 2015/1506 of 8 September 2015 but for further use it is recommended to convert the file with ZEP extension and the structures of ZIP file into ASiC format which also includes the structure of ZIP file.

National extensions for qualified certificates are defined by national legislation and their mapping to technical procedures is defined in the supervision scheme of qualified trust services by supervisory body – NSA.

Date of the first publication , Last update