Orden HAP/2424/2013, de 20 de diciembre, sobre el uso del sistema de código seguro de verificación por la Dirección General de Ordenación del Juego.
Check documents with a secure verification code (CSV)
Description:
All electronic documents signed by the Directorate General for Gambling Regulation feature a secure verification code so they can be recovered online. You can use the service to check any document issued by the Directorate General for Gambling Regulation with the code.
This feature is especially useful when filing printed electronic documents at a public administration office; it allows the office to verify the document, ensuring it has not been altered.
How to proceed
Anyone who needs to check the validity of an electronic or printed CSV document may do so through this service. The application will request the document's CSV digits and will return an equivalent electronic document including digital signatures. The user can then check it against the original document.
What is a secure verification code (CSV for its Spanish name, código seguro de verificación)?
A secure verification code is a set of digits that serves to uniquely identify an electronic document issued by the Directorate General for Gambling Regulation.
This code is printed on every single page of the document so that the document can be checked against its original electronic copy to verify its authenticity.
Why are secure verification codes important?
Because it grants authenticity to any printed copy of an electronic document issued by the Directorate General for Gambling Regulation.
Secure verification codes allow us to verify the authenticity of any printed electronic document issued by the Directorate General for Gambling Regulation against the original copy.
How is the authenticity of documents guaranteed using this tool?
Documents incorporate an advanced digital signature and a time seal to guarantee that they remain authentic, complete and unchanged.
Why can't a signed electronic document be changed?
Digital signatures lock the content of a document so that any changes made to the signed document invalidate their digital signature.
Electronic signing is a two-step process:
- First, the document is digitally hashed to produce a short, fixed-length digest.
- Then, the digest is coded using the private key in the issuer's certificate. The coded digest is then attached to the document, but the visible content of the document remains uncoded so it can be read.
The process for validating an electronically signed document ― that is, to confirm that it has not been altered in any way since it was signed ― is comprised of three steps:
- re-calculating the digest using the content of the document;
- decoding the digest included in the document using the public key contained in the issuer's certificate; and
- comparing both digests. If both are the same, the document has not been changed since it was signed and is therefore valid. If the digests are different, the content has been altered and the signature is invalidated.
This method for checking digests has three interesting properties:
- the length is always the same, regardless of the length of the digested document.
- The slightest change in the content of the document will produce a very different digest.
- Calculating a digest is not a symmetrical operation: a text digest can be easily calculated but not reconstructed.