41-132

41-132. Electronic and digital signatures; exemptions; definitions

A. Unless otherwise provided by law, an electronic signature that complies with this section may be used to sign a writing on a document that is filed with or by a state agency, board or commission and the electronic signature has the same force and effect as a written signature.

B. An electronic signature shall be unique to the person using it, shall be capable of reliable verification and shall be linked to a record in a manner so that if the record is changed the electronic signature is invalidated.

C. A document that contains an electronic signature that is a digital signature shall comply with all of the following:

1. Contain a computer based certificate that identifies the issuing entity and the subscriber, contain the subscriber's public key and be digitally signed by the issuing entity. A valid subscriber to a digitally signed document shall be listed in the certificate, shall accept the certificate and lawfully holds the private key that corresponds to the public key that is listed in that certificate. A person who acquires a private key through theft, fraud, deceit, eavesdropping or other unlawful means does not lawfully hold the private key.

2. Contain a key pair used for verifying a digital signature that has a unique property so that the public key can verify the digital signature that the private key creates.

3. Be capable of verification by the person having the initial message and the signer's public key as follows:

(a) The person can accurately determine whether the transformation of the message was created by using the private key that corresponds to the signer's key.

(b) The person can accurately determine whether the initial message has been altered since the transformation was made.

D. The following records are not public records and are exempt from public inspection and reproduction pursuant to title 39, chapter 1, article 2:

1. Records containing information that would disclose or may reasonably lead to the disclosure of any component in the process used to execute or adopt an electronic or digital signature if the disclosure would or may reasonably cause the loss of sole control over the electronic or digital signature from the person using it.

2. Records that if disclosed would or may reasonably lead to jeopardizing the security of a certificate issued in conjunction with a digital signature.

E. In this section, unless the context otherwise requires:

1. "Asymmetric cryptosystem" means an algorithm or series of algorithms that provide a secure key pair for a digital signature.

2. "Certificate" means a computer based record that is contained in a document with a digital signature and that identifies the subscriber, contains the subscriber's public key and is digitally signed by the entity issuing the certificate.

3. "Digital signature" means a type of electronic signature that transforms a message through the use of an asymmetric cryptosystem.

4. "Electronic signature" means an electronic or digital method of identification that is executed or adopted by a person with the intent to be bound by or to authenticate a record.

5. "Entity issuing a certificate" means a person who creates and issues a certificate and notifies the subscriber listed in the certificate of the contents of the certificate.

6. "Key pair" means a private key and its corresponding public key in an asymmetric cryptosystem.

7. "Person" means a human being or an organization capable of signing a document, either legally or as a matter of fact.

8. "Private key" means the key of a key pair that is used to create a digital signature.

9. "Public key" means the key of a key pair that is used to verify a digital signature.

10. "Record" means information that is inscribed in a tangible medium or that is stored in an electronic or other medium and that is retrievable in a physically perceivable form. Record includes electronic records and printed, typewritten and tangible records.

11. "Subscriber" means a person who is the subject listed in a certificate, accepts that certificate and holds a private key that corresponds to a public key listed in that certificate.

12. "Transform" or "transform a message" means to subject data in a message to a mathematical change by electronic means.