e-Correspondence Project is the system that provides the flow of official documents between public institutions and organizations. The system allows the digital creation of documents in the sending institution and opening them in the receiving institution. The package that contains the official letter to be transmitted between the institutions is called the e-Correspondence Package (ECP). ECP allows one or more components to be signed with a single digital signature process.

With the action of establishing Joint Services No. 73 in the Action Plan of the Supplementary of the Information Society Strategy, which was implemented with the decision of the High Planning Council dated 2006/38, it was envisaged to make improvements in the public institutions and organizations in order to conduct some activities jointly in the electronic environment. Within the scope of the e- Correspondence Project with the “Regulation on the Procedures and Principles to be applied in Official Correspondences” published in the Official Gazette numbered 2020/31151, It is required that the public institutions and organizations that will conduct their official correspondence in electronic environment to comply with the “e-Correspondence Technical Guide”.

Within the scope of the Project, the format of the e-Correspondence Package which will carry the official letter between institutions has been determined and the package structure has been formed. Detailed information about the package structure is provided in the “e-Correspondence Technical Guide”.

The Digital Signature Conformity Assessment of the ECP applications of the public institutions and organizations consists of checking the compliance of the digital signature mechanism of the ECP applications with the international standards, the Digital Signature Usage Profiles Guide published by Information and Communication Technologies Authority (ICTA) and the “e-Correspondence Technical Guide”.

Signed documents in the ECP applications must be created in accordance with one of the profiles with long-term signature in the “Digital Signature Usage Profiles Guide”. In addition, the format of the Electronic Signature and Paraph Electronic Signature components within package is must be CAdES-X Long, as for Electronic Seal, it must be the type of CAdES-A attached defined in ETSI TS 101 733.

In the assessment of ECP applications, the following standards mentioned in the electronic signature legislation are taken as reference:

• CWA 14170: Security Requirements for Signature Creation Applications
• CWA 14171: Procedures for Electronic Signature Verification
• ETSI TS 101 733: CMS Advanced Electronic Signatures (CAdES)
• ETSI TS 119 101: Policy and Security Requirements for Applications for Signature Creation and Signature Validation

The compliance of the following parts of the ECP software with the relevant standards are assessed:

• Digital signature formats created by the application
• Digital signature creation mechanism of the application
• Digital signature validation mechanism of the application
• Digital signature archiving mechanism of the application
• Signing and validation interface of the application

The institutions that would like to receive ECP Conformity Assessment service from Kamu SM can apply for the service after completing the requirements specified in the Preparation section. Detailed information about the application process can be found here.

ECP validation test procedures and packages can be accessed here.