What is a public key certificate and how do you get one? You may have already heard about it, but not completely understand how it works or how to get one.
This article is based on the observation that the digital transition of businesses leads to the increasing dematerialization of documents. Today, with the Internet, and especially online software, businesses can process and exchange information. But, is it secure? How can you ensure that a website is secure and that implementing new processes such as electronic signatures do not harm your data?
This is where the digital certificate comes in, guaranteeing the authentication of signatories as well as data and key encryption.
A public key certificate is also referred to as a digital certificate or an electronic certificate.
It is a digital identity card to:
The most used standard for creating digital certificates is X.509.
A digital key certificate is required when signing files online, via an electronic signature. The digital key certificate is what allows the signatory to be identified and the integrity of the file to be insured.
There are several types and classes of certificates, each with a different level of security.
This class only guarantees the existence of an email address, but not the identity of the certificate holder.
This class guarantees the identity of the public key certificate holder and that of his company. The supporting documents have been transmitted and verified by the certification authority that issues the digital certificate.
Like Class II, Class III guarantees the verification of the identity of the certificate holder, but its physical presence is required.
There are also three levels of public key signatures, each corresponding to a different level of security and authentication. The different levels are:
A public key certificate can have two types of support:
SSL certificates are public key certificates that secure communications between web servers and browsers.
The SSL (Secure Sockets Layer) / TLS (Transport Layer Security) certificate is the most well known public key certificate. It is a data file that contains:
This SSL security is installed on a server and is used for encrypting sensitive data online to ensure a secure connection. It is most often used for banking transactions or the transfer of sensitive data, such as IDs and passwords.
It is materialised for use by a padlock and the “https” protocol in the URL bar.
This type of certificate is used in the particular case of electronic signatures. How to define it?
It is the digital equivalent of a handwritten signature.
Characteristics of the electronic signature certificate:
A public key certificate is used to authenticate a person, secure access and, by extension, allow him/her to sign electronically. Without a digital certificate, the digital signature has no legal value.
It is a guarantee of security and proof of the identity of the signatory, the only person with the right to sign. The certificate provides the link between the electronic signature and the signatory as it contains information essential to authenticate the signatory and guarantee the inalterability of the document.
In which cases can electronic signatures be used? Exchanges are facilitated, accelerated, and secured, for example, to:
Would you like to know more about the legal framework of electronic signatures, and how to make a legal digital signature?
A qualified digital certificate can only be issued by a recognized organization that has been accredited by ETSI (the European Telecommunications Standards Institute) or an institution of another EU country as a qualified trust service provider. These service providers are trusted third parties who are entitled to issue such certificates in accordance with the Electronic Transactions Regulations 2016 and the eIDAS Regulation.
This English and European legal framework guarantees the trust and security of online exchanges for users, both in companies and for public procurement.
Among the most well known and used certificate authorities in the United Kingdom we note for example:
Source: European Commission
As mentioned above, a public key certificate can only be obtained from a qualified certificate provider accredited by the competent authority. The EU Commission and the eIDAS maintain a corresponding list of such providers.
In most cases, the certificate is issued to a natural person acting on behalf of the company. The key certificate shall, however, contain the corporate name of the company or public organization for which the natural person is acting.
To receive a digital certificate, certain conditions apply:
With the contours of the digital certificate now clear, how can you simply sign documents online, while ensuring the security of your data? How does this work in practice?
Online public key signature software facilitate the dematerialization in companies:
Some digital signature system vendors, such as Yousign or DocuSign, are also recognised as certification authorities. They are therefore able to issue public key certificates. You have the guarantee that the proposed certification and the electronic signature have the legal value required to sign with complete peace of mind.
Yousign has the dual role of a SaaS-based electronic signature software publisher and a certification authority. It is certified by eIDAS and ETSI and holds the Security Visa issued by ANSSI. The French publisher makes a point of providing the highest level of security for the client’s data.
In terms of functionalities, Yousign is:
an electronic signature provider,
a digital safe,
a storage with probative value,
a time stamp for signatures and documents