41-132. Electronic and digital signatures;
exemptions; definitions


A. Unless otherwise provided by law, an electronic signature that complies with
this section may be used to sign a writing on a document that is filed with or by a state
agency, board or commission and the electronic signature has the same force and effect as
a written signature.


B. An electronic signature shall be unique to the person using it, shall be capable
of reliable verification and shall be linked to a record in a manner so that if the
record is changed the electronic signature is invalidated.


C. A document that contains an electronic signature that is a digital signature
shall comply with all of the following:


1. Contain a computer based certificate that identifies the issuing entity and the
subscriber, contain the subscriber's public key and be digitally signed by the issuing
entity. A valid subscriber to a digitally signed document shall be listed in the
certificate, shall accept the certificate and lawfully holds the private key that
corresponds to the public key that is listed in that certificate. A person who acquires
a private key through theft, fraud, deceit, eavesdropping or other unlawful means does
not lawfully hold the private key.


2. Contain a key pair used for verifying a digital signature that has a unique
property so that the public key can verify the digital signature that the private key
creates.


3. Be capable of verification by the person having the initial message and the
signer's public key as follows:


(a) The person can accurately determine whether the transformation of the message
was created by using the private key that corresponds to the signer's key.


(b) The person can accurately determine whether the initial message has been
altered since the transformation was made.


D. The following records are not public records and are exempt from public
inspection and reproduction pursuant to title 39, chapter 1, article 2:


1. Records containing information that would disclose or may reasonably lead to the
disclosure of any component in the process used to execute or adopt an electronic or
digital signature if the disclosure would or may reasonably cause the loss of sole
control over the electronic or digital signature from the person using it.


2. Records that if disclosed would or may reasonably lead to jeopardizing the
security of a certificate issued in conjunction with a digital signature.


E. In this section, unless the context otherwise requires:


1. "Asymmetric cryptosystem" means an algorithm or series of algorithms that
provide a secure key pair for a digital signature.


2. "Certificate" means a computer based record that is contained in a document with
a digital signature and that identifies the subscriber, contains the subscriber's public
key and is digitally signed by the entity issuing the certificate.


3. "Digital signature" means a type of electronic signature that transforms a
message through the use of an asymmetric cryptosystem.


4. "Electronic signature" means an electronic or digital method of identification
that is executed or adopted by a person with the intent to be bound by or to authenticate
a record.


5. "Entity issuing a certificate" means a person who creates and issues a
certificate and notifies the subscriber listed in the certificate of the contents of the
certificate.


6. "Key pair" means a private key and its corresponding public key in an asymmetric
cryptosystem.


7. "Person" means a human being or an organization capable of signing a document,
either legally or as a matter of fact.


8. "Private key" means the key of a key pair that is used to create a digital
signature.


9. "Public key" means the key of a key pair that is used to verify a digital
signature.


10. "Record" means information that is inscribed in a tangible medium or that is
stored in an electronic or other medium and that is retrievable in a physically
perceivable form. Record includes electronic records and printed, typewritten and
tangible records.


11. "Subscriber" means a person who is the subject listed in a certificate, accepts
that certificate and holds a private key that corresponds to a public key listed in that
certificate.


12. "Transform" or "transform a message" means to subject data in a message to a
mathematical change by electronic means.