Michele Martoni and Monica Palmirani
is peculiar about these two keys is that because they dovetail, they enable the holder using the private key and the recipient using the public one to respectively disclose and verify the source and integrity of a digital document or set of such documents( see Article 1 CAD).
If this validation procedure turns out positive, the recipient will have proof that the document was in fact signed by the holder of the private key( that is, by the person identified in the certificate) and that the same document has not been altered after it was signed.
Under Article 4 of DPCM of 30 March 2009( hereinafter referred to as the“ technical rules”), a key pair for creating a digital signature must be assigned to a“ single holder.” This, clearly, is a rule designed to guarantee a matching relation between signatory and signature. Then, too, different key pairs can be distinguished by the function they are meant for. Thus far we have looked at so‐called signature keys. But we also have two other types of keys, namely, certification keys and timestamp keys. Certification keys can be used exclusively by the certifier and their use is for signing a qualified certificate, which in this way enables one to be certain that it cannot be modified and that its source is authenticated.
3.5 The timestamp key
A timestamp key, for its part, is designed to digitally timestamp a( digital) document so as to make it possible to fix with certainty( and to assert against third parties) the moment when that document was created. These keys, too, belong exclusively to the certifier, the only person authorized to use them.
A key pair can be used only for the purpose for which it has been implemented and issued.
Finally, the information authorizing the use of a private key( such as the PIN necessary to unlock the key) must be kept by the key’ s owner in such a way that it remains separate from the key‐generating device, and the signature‐generating data must not be shared with anyone.
4. A digital document’ s legal validity and effectiveness
As can be appreciated from the foregoing, digital records can come in any of five varieties:( 1) devoid of any electronic signature; or signed with( 2) a basic electronic signature;( 3) an advanced electronic signature;( 4) a qualified electronic signature; or( 5) a digital signature [ Martoni( 2008); Martoni( 2010) A ].
Under Article 20( 1) CAD, a basic digital document can bear no electronic signature of any type and still be legally valid and effective. Or, stated otherwise, a document cannot be found legally ineffective simply by reason of its being digital. Specifically, under the subsequent subsection 1‐bis, a digital document may be recognized as having the legal status of a written instrument. However, the law also cautions that such recognition must not come too lightly, but must on the contrary be carefully weighed, taking into account the document’ s objective characteristics as to its quality, security, integrity, and inalterability. This is a determination entrusted to the judge, who in deciding whether a digital document can serve as a written instrument must do so on the basis of the criteria set forth in the law. Article 21( 2‐bis) CAD stipulates that,“ except as herein provided under Article 25, if a private instrument as per Article 1350( 1)–( 12) of the Italian Civil Code is executed through a digital document, it must be signed using a qualified electronic signature or a digital signature, for otherwise it will be null and void.”
As concerns a digital document’ s probative force, the CAD distinguishes three classes in its currently applicable formulation. The first of these classes is that of digital documents devoid of any electronic signature, a case in point being a simple digital file. Under Article 20( 1‐bis) CAD, a digital file’ s probative force is to be established in court, taking into account the document’ s objective characteristics as to its quality, security, integrity, and inalterability, without prejudice to the provisions stated in Article 21 [ Martoni( 2010) B; Martoni( 2010) C; Stallone( 1990)]. The second class is that comprising digital documents bearing an electronic signature( and so neither an advanced one, nor a qualified one, nor a digital one). Here, too, Article 21( 1) CAD provides that the probative force of an electronically signed digital document is a matter for the judge to decide( pursuant to Article 116 of the Italian Code of Civil Procedure) by taking into account the document’ s objective characteristics as to its quality, security, integrity, and inalterability.
312