Glossary

An electronic signature that meets four requirements under Ecuador’s LCE: (1) it is linked exclusively to the signer; (2) it identifies the signer; (3) it was created using means under the signer’s exclusive control; (4) any subsequent alteration of the document is detectable. Signatures made with a certificate issued by an Ecuadorian ECI are advanced electronic signatures by construction.

International synonym for ECI (Entidad de Certificación de Información). An entity that issues and signs X.509 identity certificates. The CA holds a root private key whose corresponding public key is distributed in browsers, operating systems, and — in the case of firmar.ec — in the embedded Ecuadorian TSL.

IETF standard (RFC 5652) defining the structure of a signed or encrypted message. It is the modern successor to PKCS#7. PAdES embeds a CMS SignedData structure inside the /Sig dictionary of the PDF.

An entity accredited in Ecuador by ARCOTEL (Agencia de Regulación y Control de las Telecomunicaciones — Ecuador’s telecommunications regulator) to issue digital certificates with legal validity under the LCE. As of 2026, firmar.ec recognises the roots of 16 of the 17 ECIs accredited by ARCOTEL (the 17th, the Civil Registry, signs with BCE/Security Data certificates, already covered): BCE, Security Data, ANFAC (ANF AC Ecuador), ArgosData, Consejo de la Judicatura (iCert-EC), Uanataca Ecuador, Eclipsoft, Datil Media, Lazzate, Alpha Technologies, AppFirmas, CorpNewBest, DarkCam, FirmaSegura, LetMi Ecuador and PrimeCoreLat.

Ecuadorian Law 2002-67 (published in Official Register No. 557, 17 April 2002) recognising the legal equivalence between a handwritten signature and an electronic signature certified by an accredited ECI. Its implementing regulation is Executive Decree 3496.

Ecuadorian law published in Official Register No. 459 (26 May 2021); implementing regulation in Official Register No. 569 (7 November 2023). Establishes principles, data-subject rights, controller obligations, international transfer rules, and a sanctions regime aligned with the European GDPR. firmar.ec is designed to comply natively: zero personal data collection on the server.

Protocol (RFC 6960) that allows querying in real time whether an X.509 certificate is valid or has been revoked, without needing to download the full Certificate Revocation List (CRL). firmar.ec’s verifier queries OCSP for every signature validated.

A set of profiles defined in ETSI EN 319 142 for advanced electronic signatures embedded inside PDF files. firmar.ec produces signatures in the B-B (Basic Baseline) profile.

Binary format (RFC 7292) that bundles an X.509 certificate and its private key, protected by a password. The typical file extension is .p12 or .pfx. firmar.ec parses PKCS#12 entirely inside the browser.

Time-stamping authority (RFC 3161). Returns a signed timestamp token proving that certain content existed at a specific date and time. Required to produce PAdES B-T (with timestamp). On firmar.ec’s roadmap for v1.1.

A versioned list of trusted root certificates. firmar.ec embeds an Ecuadorian TSL (the roots of the 16 ECIs accredited by ARCOTEL that operate their own PKI) in packages/tsl-ec/, refreshed by a CI workflow every 30 days with AIA verification.

ITU-T standard (formalised in RFC 5280) defining the format of public-key certificates. An X.509 certificate contains the holder’s identity, their public key, validity dates, usage constraints, and the signature of the issuing CA.