Skip to content

Wallet Function: Qualified Electronic Signature (QES)

Introduction

Qualified Electronic Signatures (QES) provide legally binding signatures for digital documents. QES are regulated by the eIDAS 2 framework and recognized by all EU member states. They have the equivalent legal effect of a handwritten signature.

QES are technically based on digital signatures using certificates. Because of their legal value, there are additional requirements to a qualified signature:

  • QES are based on qualified signing certificates issued to a natural person.
  • Qualified signing certificates must be issued by certified Qualified Trust Service Providers (QTSP) after verifying the identity of the person.
  • A QES has to be created by a Qualified Signature Creation Device (QSCD) that protects the private signing key associated with the signature certificate.

References

Qualified electronic signatures and their creation using the EUDI Wallet are covered by a number of regulations, standards and informative references:

The following signature-specific terms and abbreviations are extensions to the main glossary and based on definitions given in ETSI [TR 119 001], ETSI [EN 319 102-1] and CEN [EN 419 241-1].

  • Signer’s Original Document (SOD): original document before any formatting.

  • Signer’s Original Document Representation (SODR): calculated from the Signer’s Original Document (SOD) using a cryptographic hash function.

  • Signer's Document (SD): document upon which the signature is generated and to which it is associated. In some cases, a Signer's Document Representation (SDR) of the SD can be presented to the signature processes instead of the complete SD. The SD may be a processed version of the Signer's Original Document (SOD).

  • Signer's Document Representation (SDR): used in the calculation of the signature as a representation of the SD. It is calculated from the SD using a cryptographic hash function.

  • Data To Be Signed (DTBS): constructed from the information objects that are to be covered by the signature. These are the SD or the SDR and the signature attributes selected to be signed together with the SD.

  • Data To Be Signed Representation (DTBSR): computed from the formatted DTBS by means of a cryptographic hash function and is used to compute the Digital Signature Value (DSV).

  • Signed Data Object (SDO): composed of a digital signature value and signed attributes, may additionally contain the SD / SDR.

  • Driving Application (DA): uses a signature creation system to create a signature. The DA provides the Signer Document (SD) or the Signer Document Representation (SDR) to the Signature Creation Application (SCA).

  • Signature Creation Application (SCA): prepares the Data To Be Signed Representation (DTBSR) from the Signer's document and additional attributes and creates the signed document / Signed Data Object (SDO).

  • Server Signing Application (SSA) creates the digital signature of the DTBSR on behalf of the signer that activated the signature using the SIC. It receives the signing requests, coordinates their activation and produces Digital Signature Values (DSV). The SSA is operated in the QTSP environment.

  • Signer Interaction Component (SIC): is under the control of the signer and used to support the signature activation protocol to the Server Signing Application. In the EUDI Wallet infrastructure the SIC is implemented as a part of the Wallet.

  • Signature Authorization: same as Signature Activation, see SIC

  • Signature Application: same as Signature Creation Application (SCA)

EUDI Wallet support for QES

The creation and verification of remote electronic signatures involves a number of software components and standardized data objects. These components can be assigned to different actors, depending on the QES implementation model:

  • Relying Party: wants a document to be signed
  • Wallet: signs a document and gets user's authorizations, e.g., for a QES
  • QTSP: issues signature certificates and creates cryptographic signatures (digital signature values) on behalf of a user
  • User: natural person signing a document

The eIDAS 2 regulation defines that users can sign documents using qualified signatures which are provided within their Wallet. There are different models to implement QES using the Wallet, depending on the control flows for signature and authorization requests. Wallets must support both models described below:

  • Wallet-centric model: the Wallet creates a signed document or just the signature, supported by a QTSP for the cryptographic signature value

  • QTSP-centric model: a user uses the Wallet to authorizes a QTSP to sign a document on behalf of the user

In both cases, OpenID4VP authorization requests for credential presentations are used to interact with the Wallet. In the case of a QES, the RP requests the user to authorize transactions described in the OpenID4VP request using so-called "transaction data". Hashes of the transaction data are part of the verifiable credential presentation to prove the authorization.

Depending on the QES implementation model, a presentation of the following credentials (including a confirmation of the respective transaction data) may be requested from the Wallet:

  • PID: to identify the user as a natural person and to allow a QTSP the issuance of a qualified signature certificate to this person. The certificate may then be used to sign a document on behalf of the PID owner. Short-lived qualified certificates based on a PID presentation are created to sign a specific document and expire or are revoked shortly after this operation, see [CSC].

  • Authentication credential (EAA): to authenticate the user, e.g., to a QTSP using a credential issued by the QTSP during a previous onboarding / QTSP profile creation. After a successful presentation, the QTSP may give access to users signature credentials during subsequent signature calls.

  • X.509: credential format (https://cloudsignatureconsortium.org/2025/x509) where the returned VP token contains the signed document. The original document (SOD) is provided with the presentation request.

A QTSP needs the user's authorization to perform certain actions. The following QES-related transaction data types have to be supported by wallets, see [OID4VP] and [CSC Data Model] (Pre-Release, still work in progress):

  • qc-request: (https://cloudsignatureconsortium.org/2025/qc-request) to get user consent for the creation of signature certificates according to the Terms and Conditions (T&C) of the QTSP

  • qes (https://cloudsignatureconsortium.org/2025/qes) to authorize the QTSP to create a QES for a document / batch of documents on behalf of the user. This includes showing information about the document(s) to be signed, e.g., document label, hash value, or the option to open the document via a provided protected link. The difference between giving consent for a certificate creation and authorizing a signature for a certain document must be clearly visible for the user.

Wallet-centric Model

User Experience

Non-normative example for a wallet-centric use case:

  • User opens the Wallet and picks a document to be signed or the document is provided by a Relying Party.
  • User selects the QTSP profile for the signature in the Wallet.
  • User is asked by the Wallet to authorize the signature for the chosen document.
  • User authorizes the signature by biometrics or PIN.
  • Wallet shows a confirmation about the successful signature.

User Journey: Wallet-centric-model with RP provided data = document

Architecture Overview

In the Wallet-centric model, the user's Wallet is the central actor to sign a document and to control and approve necessary transactions with a QTSP. The Signature Creation Application (SCA) is part of the Wallet or of the Wallet backend.

QES Ecosystem[system]RP environmentQTSP environmentEUDI Wallet InstanceDriving ApplicationServer SigningApplicationOID4VP WalletSignature CreationApplicationSignature InteractionComponentUserInteracts with(1) Interacts with(2) Signing Request[OID4VP(X.509)](10) Credentialpresentation withsigned Document(3) Signing request(9) Signed document(4) Signing Request[CSC/OAuth2](8) DigitalSignature Value(5) CertificateCreation / SignatureAuthorization Request[OID4VP](7) Confirmation /Authorization(6) Request userconfirmation

Figure 1: Wallet-centric model

The Driving Application at a RP sends the request to sign a document to the user's Wallet. Alternatively, the user uses the Wallet to select a document on the users device to sign. The user then chooses a QTSP profile in the Wallet. The Wallet sends the signature request to the QTSP.

The QTSP starts a QES authorization flow with the Wallet (details see below).

After successful authorization, the QTSP generates the signature value and returns it to the Wallet. The signature is embedded into the document by the SCA in the Wallet.

QTSP profiles in the Wallet can be pre-configured or the result of previous user enrollments at a QTSP. If a user is not known to the QTSP when requesting a signature, the QTSP rejects the signature and requires an enrollment first.

Alternatively, the QTSP may integrate a PID presentation into the QES authorization to create a short-lived qualified certificate for one signature creation without creating a user account at the QTSP.

QTSP profiles are Wallet-internal and can contain information like:

  • name of the QTSP
  • access points for APIs
  • registered user ID (client_id) of the user at the QTSP
  • authentication credentials (EAA) issued by the QTSP to the user Wallet during enrollment

QTSPs may support multiple user profiles for the same natural person with optional additional attributes, e.g., for commercial and private use.

Interfaces and protocols used in the Wallet centric model:

  • Relying Party → Wallet: OpenID4VP with X.509 profile (see [CSC DM]) to request the users signature for a document and to receive the signed document

  • Wallet → QTSP: CSC API v2 to request QES authorization and document signature by the QTSP, authorization is requested using the CSC API methods oauth2/authorize and oauth2/token

  • QTSP → Wallet: OID4VP with transaction data for QES authorization by the user

The OID4VP credential presentation to the QTSP to authorize the QES is part of the processing of the CSC / OAuth signature request from the Wallet to the QTSP. This situation is similar to the "Presentation during Issuance" for credential issuing. For better user experience, the same OAuth 2.0 for First-Party Applications mechanism is used to pass the authorization request to the Wallet during the CSC signature flow.

Sample Flow: Wallet-centric model - RP provided document

Assumptions

  • Wallet-centric model, Signature Creation Application (SCA) is a part of the Wallet or Wallet backend
  • user is already enrolled to the QTSP: an EAA for user authentication is issued by the QTSP and stored in the QTSP profile in the Wallet, user gave consent to certificate creation, certificate is created or will be crated on demand
  • signature over document (SOD provided to the Wallet)

Outline

In this flow, the user selects a QTSP profile in the Wallet to request a QES for a document, provided to the Wallet by the DA. The Wallet sends an CSC / OAuth2 signature authorization request to the QTSP.

The QTSP uses the OAuth 2.0 for First-Party Applications Mechanism to request the users EAA presentation with transaction data for QES authorization from the Wallet.

the Wallet processes the authorization request, gets the user's authorization for the QES and presents the EAA from the QTSP enrollment with the transaction data hash.

After verifying the presentation, the QTSP returns the CSC authorization code for the signature to the Wallet and the Wallet gets the signature (DSV) from the QTSP.

Sequence diagram

Below is a non-normative diagram illustrating the flow (it includes only the components relevant to the illustration of the flow described in this document):

QES creation: Wallet-centric flow with RP-provided documentQES creation: Wallet-centric flow with RP-provided documentUserBrowser AppRelying PartyEUDI Wallet Instance EUDI Wallet Instance QTSPQTSPUserUserBrowser AppBrowser AppRelying PartyDA (Driving Application)Relying PartyDA (Driving Application)EUDI Wallet InstanceOID4VP WalletEUDI Wallet InstanceOID4VP WalletEUDI Wallet Instance(OAuth 2.0 Client)SCA (Signature Creation Application)EUDI Wallet Instance(OAuth 2.0 Client)SCA (Signature Creation Application)QTSP(OAuth 2.0 Authorization Server)QTSP(OAuth 2.0 Authorization Server)QTSP(OAuth 2.0 Resource Server)SSA (Server Signing Application)QTSP(OAuth 2.0 Resource Server)SSA (Server Signing Application)(001)browse Driving Application(002)sign document(003)signing request (SOD) [OID4VP (X.509)]DCQL query for X.509 credential format withtransaction data of type qesScreen: Wallet request - pdf file(004)signing request(005)Wallet profile/QTSP selectionScreen: Wallet profile selection QTSP existing  account(006)prepare authorization request(SOD to SDR, ...)(007)authorization request forsignature (SDR, client_id) [CSC/OAuth2] csc/v2/oauth2/authorize?...(008)check if user with client_id is registered(009)prepare transaction data forsignature authorization(010)create OID4VP AuthorizationRequest for users EAApresentation with transactiondatastart OID4VP flow for EAA presentation withtransaction dataEAA presentation during signature authorization(011)Authorization request[OID4VP]DCQL query for EAA presentation withtransaction data of type qes for signatureauthorization(012)user authorization to sign thedocumentScreen: QTSP consent(013)PIN entryScreen: Biometrics or PIN(014)generate VP token includingtransaction data hash(015)Verifiable Presentation [OID4VP](016)verify VP tokenTransaction data hash for signatureauthorizationend OID4VP flow for EAA presentation withtransaction data(017)verify response(018)return authorization code[CSC/OAuth2](019)send  authorization code to get access token [CSC/OAuth2] csc/v2/oauth2/token(020)return access token with the"credential" scope(021)retrieve QES certificate(access token ...) [CSC/OAuth2] csc/v2/credentials/list csc/v2/credentials/info(022)compose DTBS and generate DTBSR(023)send signature request (DTBSR + access token) [CSC/OAuth2] csc/v2/signatures/signDoc(024)return signature (DSV) [CSC/OAuth2](025)compose signed document /SDO(026)signed document(027)credential presentation withsigned document [OID4VP]Screen: Success(028)signature successfulScreen: RP final screen

Sample data

Disclaimer: Some attribute names and types are still in standardization, e.g., in CSC, and can possibly be subject of future changes.

Request

RP -> Wallet

DCQL query
{
  "credentials":[
    {
      "id":"certificate_by_policy",
      "format":"https://cloudsignatureconsortium.org/2025/x509"
    }
  ]
}
Transaction data
{
  "type":"https://cloudsignatureconsortium.org/2025/qes",
  "credential_ids":[
    "certificate_by_policy"
  ],
  "numSignatures":1,
  "signatureQualifier":"eu_eidas_qes",
  "documentDigests":[
    {
      "signature_format":"P",
      "conformance_level":"Ades-B-B",
      "signed_envelope_property":"Certification",
      "label":"Example Contract",
      "href":"https://protected.rp.example.com/contract-01.pdf?token=HS9naJKWwp901hBcK348IUHiuH8374",
      "checksum":"sha256-sTOgwOm+474gFj0q0x1iSNspKqbcse4IeiqlDg/HWuI=",
      "access":{
        "type":"OTP",
        "oneTimePassword":"51623"
      }
    }
  ],
  "hashAlgorithmOID":"2.16.840.1.101.3.4.2.1"
}

Response

Wallet -> RP

The response is a credential presentation containing the signed document as specified in the requests transaction data. Since the qualified signature already provides sufficient transaction data binding, and sufficient holder binding by the the qualified signature certificate issued by the QTSP, there is no need for a KB-JWT and transaction data hashes.

response
{
  "certificate_by_policy": {
    "documentWithSignature": [
      "<base64-encoded document with signature>"
    ]
  }
}

QTSP-centric Model

User Experience

Non-normative example for a one-shot certificate use case:

  • The Relying Party asks the user to sign a document.
  • The user scans a QR code and logs into the Wallet.
  • The user is asked by the Wallet to authorize the signature and to accept the T&C of the QTSP for the creation of a qualified signature certificate.
  • The user is prompted by the Wallet for a PID presentation.
  • The RP informs the user about the successful signature.

User Journey: QTSP-centric model with one-shot certificate

Architecture Overview

In the QTSP-centric model, the QTSP is the central actor for the signature flow. The SCA may be part of the RP, the QTSP, or provided by a 3rd party.

Remark: There are several actors in the role of a RP in the QTSP-centric model:

  • In the overall architecture, the party hosting the Driving Application acts as a "Signature-RP" to get a document signed using an eIDAS trusted service.

  • From the Wallet's viewpoint, the QTSP acts as a "Wallet-RP" to get a signature authorization.

A party hosting the DA may support both the Wallet-centric and QTSP-centric models. For consistency, the term RP is used for the DA environment in diagrams and flows.

QES Ecosystem[system]RP environmentRP or QTSPQTSP environmentEUDI Wallet InstanceDriving ApplicationSignature CreationApplicationServer SigningApplicationOID4VP WalletSignature InteractionComponentUserInteracts with(1) Interacts with(2) Signing Request[internal or QTSP specific](8) Signed Document(3) Signing Request[CSC or other](7) DigitalSignature Value(4) CertificateCreation / SignatureAuthorization Request[OID4VP](6) Confirmation /Authorization(5) Request userconfirmation

Figure 2: QTSP-centric model

The QTSP for a QES is chosen by the Relying Party. The user can be enrolled beforehand, including identification and the consent for certificate creation. Alternatively, the user identification by PID presentation can be part of the signature flow to create a short-lived qualified certificate for one signature creation without creating a user account at the QTSP.

The RP sends the request to sign a document to the QTSP. The QTSP requests from the Wallet user a credential presentation (PID for identification or EAA from former enrollment) and includes transaction data for QES authorization.

Remark: The PID presentation and QES authorization can be implemented as one or separate OID4VP authorization requests.

After authorization, the QTSP generates the signature value, which is then integrated into the document by SCA at QTSP or RP.

Interfaces used in this model:

  • Relying Party → QTSP: CSC API v2 or QTSP specific to request the users signature for one / multiple documents and to return the Signed Data Object

  • QTSP → Wallet: OID4VP with transaction data to authenticate / identify the user and activate the signature

Sample Flow: QTSP-centric model with PID Presentation

Assumptions

  • QTSP-centric model
  • Signature Creation Application (SCA) is part of the QTSP environment
  • On-the-fly signature without prior user enrollment
  • short-lived certificate created after PID presentation
  • user's consent is gathered using transaction data and the Wallet UI, not via the QTSP's web UI
  • signature over document (SOD provided to the QTSP)

Outline

In this flow, the QES is created using an authorization request with PID presentation. This request serves several purposes:

  • authorization of the user to sign a document (signature authorization)
  • user's consent to present the PID to the QTSP, which is necessary to create a qualified certificate
  • users consent for the QTSP to use this information to create a signing certificate

The authorization request for PID presentation therefore includes two sets of transaction data that were created by the QTSP.

When the Wallet processes the authorization request, the user gives consent to PID presentation and certificate creation and authorizes the signature based on the Signers Original Document (SOD) provided by the DA. No prior user enrollment is necessary.

The transaction data hashes are included in the PID presentation to the QTSP. The QTSP issues a short-lived certificate to the user and uses it for the document signature.

Sequence diagram

Below is a non-normative diagram illustrating the flow (it includes only the components relevant to the illustration of the flow described in this document):

QES creation: QTSP-centric flow with PID presentationQES creation: QTSP-centric flow with PID presentationUserBrowser AppRelying PartyQTSP QTSPEUDI Wallet InstanceUserUserBrowser AppBrowser AppRelying PartyDA (Driving Application)Relying PartyDA (Driving Application)QTSPSCA (Signature Creation Application)QTSPSCA (Signature Creation Application)QTSPSSA (Server Signing Application)QTSPSSA (Server Signing Application)EUDI Wallet InstanceEUDI Wallet Instance(001)browse Driving Application(002)sign document(003)signing request (SOD) [Internal or QTSP specific](004)signing request (SODR) [QTSP specific](005)prepare transaction data foracceptance of  signatureauthorization and QCertcreationstart OpenID4VP flow for PID Presentationwith transaction dataPID presentation with transaction data(006)create OpenID4VPAuthorization Request withtransaction data,store under <request_uri>(007)request_uri(008)request_uriopt(009)generate QR-code forcross-device(010)request_uri / QR-code(011)action to start flow / launchWallet(012)launch Wallet with request_urior Digital Credentials API  orscan QR-code for cross deviceScreen: launch_wallet(013)unlock WalletScreen: unlock_wallet(014)Request the Request Object[OID4VP](015)Respond with Request Object[OID4VP]DCQL query for PID presentation withtransaction data types qes for signatureauthorization and qc-request for userconsent(016)user authorization to sign thedocumentScreen: QTSP Flow started(017)user consent to QCertcreation and acceptance ofT&CScreen: QTSP consent(018)user consent to present PIDand PIN entryScreen: PIDScreen: Enter PIN(019)generate VP token includingtransaction data hashes(020)Verifiable Presentation [OID4VP](021)verify VP tokenPID + transaction data hashes for signatureauthorization + QCert creation acceptanceend OpenID4VP flow for PID Presentation withtransaction data(022)verify transaction data hashes(023)create signing certificateusing PIDSigning Document(024)sign documentinternal interaction between SCA and SSA(025)return DSV(026)compose document / SDO(027)signing response (SDO)(028)signature successful

Sample data

Disclaimer: Some attribute names and types are still in standardization, e.g., in CSC, and can possibly be subject of future changes.

OpenID4VP flow for PID Presentation with transaction data for user consent and QES activation

Request

QTSP -> Wallet

DCQL query
{
  "credentials": [
    {
      "id": "my_credential",
      "format": "dc+sd-jwt",
      "meta": {
        "vct_values": [ "urn:eudi:pid:1" ]
      },
      "claims": [
        {"path": ["given_name"]},
        {"path": ["family_name"]},
        {"path": ["birthdate"]},
        {"path": ["place_of_birth"]["country"]},
        {"path": ["place_of_birth"]["locality"]},
        {"path": ["expiry_date"]}
      ]
    }
  ]
}
Transaction data

Remark: The attribute processIDmy be used by the QTSP for a cryptographic binding between the requested QES authorization and the corresponding SDR at the QTSP.

[
  {
    "type":"https://cloudsignatureconsortium.org/2025/qes",
    "credential_ids":["my_credential"],
    "numSignatures":1,
    "signatureQualifier":"eu_eidas_qes",
    "documentDigests":[
      {
        "label":"Example Contract",
        "hashType":"sodr",
        "hash":"HZQzZmMAIWekfGH0/ZKW1nsdt0xg3H6bZYztgsMTLw0="
      }
    ],
    "processID":"eOZ6UwXyeFLK98Do51x33fmuv4OqAz5Zc4lshKNtEgQ=",
    "transaction_data_hashes_alg":"sha-256"
  },
  {
    "type":"https://cloudsignatureconsortium.org/2025/qc-request",
    "credential_ids":["my_credential"],
    "QC_terms_conditions_uri":"https://qtsp.example.com/policies/terms_and_conditions.pdf",
    "QC_hash":"ohxKcClPp/J1dI1iv5x519BpjduGZC794x4ABFeb+Ds=",
    "QC_hashAlgorithmOID":"2.16.840.1.101.3.4.2.1",
    "transaction_data_hashes_alg":"sha-256"
  }
]

Response

Wallet -> QTSP

sd-jwt
{
   "exp": 1898949016,
   "iat": 1741269016,
   "iss": "https://pid-issuer.example.com",
   "nbf": 1741269016,
   "vct": "urn:eu.europa.ec.eudi:pid:1",
   "_sd": [
       "ewgzkNuXusuMhykjisSRT4w-Oj2NVC9gvOFRbJ4X-OI",
       "zFxDfNErVeVKm9z9ctTyTLQ83lrD49T4gbJEMoGn3pc",
       "4fCywfbrmm6UgBmpmi-bxP466HJd-5O7WzYDf2v1RzM",
       "OQKiYuGyqcoeNnqnhpqqU2q6PJX8YpmxULs7rVB1ElU"
   ],
   "_sd_alg": "sha-256",
   "cnf": {
       "jwk": {
           "alg": "ES384",
           "crv": "P-384",
           "kty": "EC",
           "use": "sig",
           "x": "jpIk_Hc51OPM-8u4DZSHtocWZAtHJ7r9plYJu-NNW-kPhv1L-ige2k8X2rBNom-F",
           "y": "jV1CHkNSJ0Xa6K5an_28BD9Ivme4L7iXPRxWzTlyzQxg6VS9NCPc4xWUu-IcpZFO"
       }
   }
}
kb-jwt
{
   "aud": "https://qtsp.example.com/verifier",
   "iat": 1741269093,
   "nonce": "bUtJdjJESWdmTWNjb011YQ",
   "sd_hash": "Re-CtLZfjGLErKy3eSriZ4bBx3AtUH5Q5wsWiiWKIwY",
   "transaction_data_hashes": [
       "605c9551a3dc2ec7ca4510c05fa9ed319de61b006ff615a97dbb6f5223f64b3d",
       "df485d584a07583414dec577e3601d2925ec6fdbb7d188419cb5894266e0ea2e"
   ],
   "transaction_data_hashes_alg": "sha-256"
}