Digital Signatures

Updated July 2024

Trafigura has implemented digital document signing with Qualified Electronic Signatures, the highest level of trustworthiness and evidentiary value. All signed documents you receive from Trafigura should be signed to this level.

These signed documents could include, for example, contracts and invoices.

Treat anything signed to a different level as suspicious and forward them to fraud@trafigura.com.
If you receive any instructions to change contractual terms or payment details (bank accounts) that involve unsigned documents, please treat those as suspicious and forward them to fraud@trafigura.com.

1. Introduction to Electronic Signatures and e-Seals

1.1. The difference between a Signature and a Seal

While both electronic seals and electronic signatures use digital certificates, the two solutions address different use cases in Europe under the European Union’s Electronic Identification, Authentication and Trust Services (IDAS) Regulation.

Electronic signatures can only be used by people to sign documents (so called “natural persons”) to formally accept and authorise the document.
Electronic seals (eSeal) can only be used by an entity such as an organization and governments (so called “Legal Persons”), to evidence the origin and integrity of documents.

1.2 Digital Signature Signing Strength

To outline briefly, there are three levels for electronic signatures, with each level building on from the requirements of the previous level.

In order of increasing level of trustworthiness and evidentiary value, they are:

Standard Electronic Signatures (SES)
The most basic and broadest electronic signature classification, eIDAS defines these as, “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”

Advanced Electronic Signatures (AdES)
Compared to SES, these must meet additional requirements specifically set out by the regulation, including the ability to uniquely link to the signer, validate the signer’s identity, and detect subsequent changes to the signed data.

Public Key Infrastructure (PKI)-based digital signatures, those applied with a digital certificate, meet these requirements.

As per Article 25 (1) of the eIDAS regulation (“Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC”), an Advanced Electronic Signature shall "not be denied legal effect and admissibility as evidence in legal proceedings".

Qualified Electronic Signature (QES)
These electronic signatures have the highest level of trustworthiness and evidentiary value. Article 25 (2) of EU eIDAS allows a qualified electronic signature to carry the same legal weight as a handwritten signature and as per Article 14 para. 2bis of the Swiss Code of Obligations, a qualified electronic signature is equivalent to a handwritten signature.
Qualified Electronic Signatures are Advanced Electronic Signatures that have a qualified digital certificate which has been created by a qualified signature creation device (QSCD).

1.3 Digital Seal Signing Strength

There are three levels for electronic seals: 'simple' electronic seals, advanced electronic seals and qualified electronic seals, with each level building on from the requirements of the previous level.

Unlike signatures, the levels of electronic seals do not have the same definitions, requirements, nor legal effects than levels of electronic signatures. In order of increasing level of trustworthiness and evidentiary value, they are:

Simple' electronic seal
These are defined as "data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity".

Advanced electronic seal
These seals are additionally uniquely linked to the creator of the seal, capable of identifying the creator of the seal, created using electronic seal creation data that the creator of the seal can, with a high level of confidence under its control, use for electronic seal creation; and linked to the data to which it relates in such a way that any subsequent change in the data is detectable. PKI-based digital seals, those applied with a digital certificate, meet these requirements.

Qualified electronic seal
A Qualified electronic seal is an Advanced electronic seal which is additionally created by a qualified seal creation device (QSCD) and is based on a qualified certificate for electronic seals.

Detailed information on signing strengths can be obtained from the EU European Commission website: https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/eSignature+FAQ

2. Overview of Trafigura’s Electronic Signature and Seal Implementation

To facilitate interoperability and acceptance across borders, Trafigura generally uses EU eIDAS-compliant signatures as the eIDAS regulations created a common framework for secure electronic signatures and seals, including standardized assurance levels.

Trafigura electronic signatures and seals are signed to the Qualified Electronic Signature level for both Signatures and Seals.

To ensure that authorised signatories are provided with sufficient options to meet the requirements of various counterparties and authorities, the solution provides for a flexible digital signature process in line with and meeting the standards required of:

EU Regulation No 910/2014 (eIDAS Regulation) for the majority electronic transactions. Validity of these certificates can be checked via European Union Trusted Lists (EUTL).
Swiss ZertES Federal Law (Loi sur la Signature Électronique). Validity of these certificates can be checked via Adobe Approved Trust List (AATL).

3. How to a Check Digital Signature / Seal validity

Option 1: Using the Adobe Acrobat Reader desktop application

Signature validity can be established by opening the signed PDF document with the Adobe Acrobat Reader application, which is available free of charge from the Adobe.com website. The Signature Panel in the application will indicate the validity of signature(s) and key properties of the certificates.

If Adobe Acrobat Reader does not show signatures as valid, please validate that both options “Load trusted certificates from an Adobe AATL server” and “Load trusted certificates from an Adobe EUTL server” are selected under Edit/Preferences…/Trust Manager menu.

See Appendix A below for more detailed guidance.

Option 2: Using online tools

Electronic signatures and seals can be validated using following online tools provided by the European Commission and Swiss Government:

The European Commission’s official validation tool
https://eidas.ec.europa.eu/efda/validation-tool
To use this tool, you will be required to create an account on the website. The tool will provide you with simple Yes / No confirmation for the validity of the electronic signatures.
The European Commission’s alternative validation tool
https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/validation
There is no login required for this tool. However, this tool is meant for technical analysis and the report that you receive may contain a large amount of technical details.
Swiss ZertES official validation tool
https://www.validator.admin.ch
This is a public access website and no login is required for this tool.

See Appendix B and Appendix C below for instructions on how to use each tool.

Appendix A: Setting up Adobe Acrobat Reader to validate digital signatures

How to set up Adobe Acrobat Reader to validate digital signatures

1. Please ensure that the Adobe Acrobat Reader application is installed on your computer. If installed, the icon of the application will look like this:

If this application is not installed, it can be downloaded (subject to IT policies in your organisation) from:

https://get.adobe.com/uk/reader/

2. Check that the application is set to recognise EU configurations in Preferences. You may do so by:

Opening the Adobe Acrobat Reader application.
Press Ctrl-K key combination.
Select “Trust Manager” (1) and select “Load trusted certificates from an Adobe AATL server” (2) and “Load trusted certificates from an Adobe EUTL server” (3).
For added assurance, you can prompt the program to download fresh certificate lists by clicking on “Update now” indicated by (4) and ,(5) below.
Click “OK” to save your configuration (6).
You may open now open the document you wish to verify.

3. Using Adobe Acrobat Reader, open the Trafigura signed/sealed document. A dialog box with the status “Verifying all signatures” will appear in the bottom right corner of the application, along with a progress bar, as the application starts the verification process.

4. When verification is completed, a blue banner will appear at the top of the application. This banner will present a brief summary of the verification process:

5. As a first indicator that the document is valid, you will see that the document status is "Signed and all signatures are valid", indicated with 1 in Figure A below. To complete verifying the validity of the document, check the details of the signatures by clicking on the Signature Panel, indicated with 2 in the below.

6. The Signature Panel will indicate validity of signature(s) and key properties of the certificates.

In the Signature Panel, please check that:

It confirms the signature is valid as per (1),
It is signed by a legal person (electronic seal – our example below) or a natural person (electronic signature) that is expected for this document, as per (2) below,
It states (3) that the Source of Trust is “obtained from European Union Trusted Lists (EUTL)” ; that it is “Qualified Electronic Signature” or “Qualified Electronic Seal” according to EU regulations 910/2014; and finally that the “, Signer’s identity is valid”;

To continue verifying the certificate in greater detail, click on the “Certificate Details” link.

7. Clicking on the "Certificate Details" link will open a dialog box, as shown in the figure below. Please check that:

The entity issuing the document is correct (1)
The Issued by field (2) indicates “TrustPro Qualified CA 1”. TrustPro is one of the main Certificate Authority providers currently being used at Trafigura.
Please also confirm that the values for (3) and (4) match what is shown below. In example, for (3), your document should also say “This certificate is Qualified according to EU Regulation 910/2014 Annex I” and for (4), “The private key related to this certificate resides in a Qualified Signature Creation Device”.

8. On the “Details” tab, please validate certificate Subject (CN contains certificate subject name and details of the document used to validate identity).

9. The Issuer field should contain details of expected issuer of the certificate. Trafigura uses TrustPro Qualified CA 1.

Appendix B: Validating using the official European Commission (EC) validator tool

How to validate signatures or seals using the official European Commission (EC) Validator tool

The official European Union (EU) eIDAS validation tool can be accessed here: https://eidas.ec.europa.eu/efda/validation-tool

In order to use the validation tool, this website requires an “EU Login”. Per the screenshot below, click on the “Log in” link shown and subsequently enter your login credentials for your existing account, or create a new account.

Once you log in successfully, you will be able to upload the file for validation either through the “Drag and drop” function or using “Choose file” button (indicated with 1 in the screenshot below).

Please check the name of the file (2) to ensure that you have uploaded the correct document, and click the “Validate” button (3) to commence the validation process.

Should the document be legitimate, the validation results will appear similar to the screenshot below

1. It will show if the document’s signature(s) is correct or not and if it is a Qualified Electronic Signature

2. Please check that the names of the signatory (natural or legal person) is the expected person and that it is the appropriate person for the document.

3. To validate another document, click on the “New validation” button.

Appendix C: Document digital signature validation using the comprehensive alternative EU EC Validator tool

How to validate digital signatures on documents using the comprehensive alternative validator tool from the European Commission

The alternative EU validation tool can be accessed here: https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/validation

This tool does not require a login, but its usage comes with some disclaimers.

Upload files and press Submit. If the document is legitimate, the validation results should appear similar to the below list and screenshot:

1. Qualification should state if it is a Qualified Electronic Signature or Qualified Electronic Seal

2. Indication should state “TOTAL_PASSED”

3. Certificate Chain for Trafigura EU eIDAS Signatures and Seals should be TrustPro Qualified CA1

4. Signature status should state that all signatures are valid.

Appendix D: List of Qualified Electronic Seal certificates of Trafigura entities

Please see below for the definitive list of Qualified Electronic Seal certificates issued to Trafigura business entities.

Legal Entity	Certificate Issuer	Issuer Certificate Thumbprint (SHA-1)
Trafigura Asia Trading Pte Ltd	TrustPro Qualified CA 1	6c 95 6b ec 63 39 4d d6 c1 68 99 3d c8 b7 49 8a 10 a7 5f 1a
Trafigura Pte Ltd	TrustPro Qualified CA 1	6c 95 6b ec 63 39 4d d6 c1 68 99 3d c8 b7 49 8a 10 a7 5f 1a
Trafigura Trading LLC	TrustPro Qualified CA 1	6c 95 6b ec 63 39 4d d6 c1 68 99 3d c8 b7 49 8a 10 a7 5f 1a

In the screenshots below, you can view a sample of the correct validation information that you should be seeing when you are validating Qualified Electronic Seals from Trafigura's business entities on Adobe Acrobat:

Appendix E: List of Certificate Authorities used by Trafigura

Certificate Authority	Use	Regulations	Website
TrustPro Qualified CA 1	Signature, Seal	EU eIDAS	https://docs.trustpro.eu/