When you, as a business customer, export signed documents from the ePost archive (eArchiv), they carry an electronic signature with a timestamp. This makes it possible to prove that a document is genuine and unaltered. This article is intended for technically experienced users who wish to verify this signature themselves.
Using the Swiss Government PKI certificates and the OpenSSL tool, you can check whether the signature of your exported documents is still valid.
Instructions for verifying the document signature
Step 1: Download both the root and the intermediate certificate file of the Swiss Government PKI.
Step 2: Download the certificate of the TSA service.
Step 3: Decode the certificates by entering the following commands in the Command Prompt (Windows) or the Terminal (Mac):
openssl x509 -inform DER -in RootCAIV.crt -out RootCAIV.pem
openssl x509 -inform DER -in RegulatedCA02.crt -out RegulatedCA02.pem
Step 4: Merge the two .pem files into a single file named root.pem.
For Windows:
type RootCAIV.pem RegulatedCA02.pem > root.pem
For Linux and macOS:
cat RootCAIV.pem RegulatedCA02.pem > root.pem
If the commands above are not supported in your environment, please open the files RootCAIV.pem and RegulatedCA02.pem and copy their contents manually into the root.pem file.
Verifying that the document is unaltered
Check whether the document's signature is still valid:
openssl ts -verify -data [your file name].pdf -in [your file name].TSR -CAfile root.pem -untrusted TSAcertificate.cer