Mostly yes.
In the EU at least, the rule is "An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures."
However, the burden of proof is higher if you dispute a "qualified electronic signature". To be qualified, there's no specific technical requirements, e.g. use of cryptographic signatures, but you'd need to be certified and registered as a “Remote QSCD” according to ETSI EN 419 241‐2 PP.
Self-hosting this solution (or using PGP) won't magically make you a certified QSCD trust provider. You need to convince some certifying body that everything is nice and safe, which will mostly involve a lot of paper work and (evidence of) processes being in place.
> Self-hosting this solution (or using PGP) won't magically make you a certified QSCD trust provider. You need to convince some certifying body that everything is nice and safe, which will mostly involve a lot of paper work and (evidence of) processes being in place.
This! Just like a self-signed SSL certificate for a website: yes, the traffic will be encrypted but you cannot be sure that the website is who it says it is.
However, the burden of proof is higher if you dispute a "qualified electronic signature". To be qualified, there's no specific technical requirements, e.g. use of cryptographic signatures, but you'd need to be certified and registered as a “Remote QSCD” according to ETSI EN 419 241‐2 PP.
Self-hosting this solution (or using PGP) won't magically make you a certified QSCD trust provider. You need to convince some certifying body that everything is nice and safe, which will mostly involve a lot of paper work and (evidence of) processes being in place.