Errors when signing in private signing process of encrypted documents

The private signing process, like the advanced electronic signing process of unencrypted documents, requires the use of a valid and active e.firma that corresponds to the indicated RFC. This not only serves to sign the document, but also to encrypt and decrypt it so that it can be viewed before signing.

Below you will find some of the most common errors when signing encrypted documents and how to solve them.

Errors

  1. The e.firma you are trying to use is expired or revoked
  2. This e.firma is revoked and legally cannot be used to sign
  3. This e.firma has expired
  4. You must use the .key file that corresponds to the .cer file preloaded below

The e.firma you are trying to use is expired or revoked

Your public certificate (.cer file) is used to encrypt the document to ensure that only you can view and sign it. If, after the creator of the document encrypted it, you renewed or revoked your e.firma, or it expired, the old one is no longer valid.

If this happens, you should contact the person who invited you to sign to ask them to re-upload the document and protect it using your new e.firma. Once the document manager uses your new .cer file to encrypt the document, you will be able to view and sign it with your new e.firma.

This e.firma is revoked and legally cannot be used to sign

If at some point you lost your e.firma, it was stolen or by mistake you lent it, it is very likely that you have revoked it to avoid its misuse. Therefore, if you try to use it to sign a document (even if you have previously decrypted it with that same e.firma), you will not be able to sign it, legally it is not possible.

When you have your new e.firma, contact the creator of the document and ask him to re-upload the document to be signed. You can do this through the link "There is a problem preventing me from signing" if it is enabled for the document.

This e.firma has expired

When an e.firma expires, legally it can no longer be used to sign documents. This is similar to what happens when an official ID expires: it can no longer be used as identification or for the main purpose it was issued (voting in the case of the INE, entering other countries in the case of the passport, certifying that you are fit to drive in the case of the driver's license...).

Therefore, if you try to use your expired e.firma to sign a document (even if you have previously decrypted it with that same e.firma), you will not be able to sign it.

In this case you will need to renew your e.firma. If it is still valid or if it expired less than a year ago, you will be able to renew it online. If it expired more than a year ago, you will have to visit the SAT offices as when you obtained it for the first time.

Once you have your new e.firma, ask the creator of the document to upload the document to be signed again, you can do so using the link "There is a problem that prevents me from signing" if it is enabled for the document.

You must use the .key file that corresponds to the .cer file preloaded below

Your public certificate (.cer file) is used to encrypt the document and ensure that only you can view and sign it. If you try to use the private key (.key file) of another e.firma, either yours (older or newer) or someone else's (for example, a legal entity of which you are the legal representative), you will not be able to decrypt the document to view and sign it.

The .cer and .key files of an e.firma are created together and only work together, they are not interchangeable. Be sure to use the .key file corresponding to the .cer file that was used to encrypt the document.