What is a public key certificate and what is it for? You may have already heard about it, but not completely understand how it works or how to get it.
This article is based on the observation that the digital transition of companies leads to the increasing dematerialization of documents. The Internet, particularly online software, facilitates the processing and exchanging of information in companies, but what about security? How can you ensure that a site is safe and that the implementation of new processes such as electronic signature is not dangerous for your data?
This is where the digital certificate comes in, guaranteeing the authentication of signatories as well as data and key encryption.
A public key certificate is also referred to as a digital certificate and an electronic certificate.
It is a digital identity card to:
The most widely used standard for creating digital certificates is X.509.
A digital key certificate is required when signing files online, via an electronic signature. The digital key certificate is what allows the signatory to be identified and the integrity of the file to be insured.
There are several types and classes of certificates, each with a different level of security.
This class only guarantees the existence of an email address, but not the identity of the certificate holder.
This class guarantees the identity of the public key certificate holder and that of his company. The supporting documents have been transmitted and verified by the certification authority that issues the digital certificate.
Like Class II, Class III guarantees the verification of the identity of the certificate holder, but its physical presence is required.
There are also three levels of public key signatures, each corresponding to a different level of security and authentication. The different levels are:
A public key certificate can have two types of support:
SSL certificates are public key certificates that secure communications between web servers and browsers.
The SSL (Secure Sockets Layer) / TLS (Transport Layer Security) certificate is the most well known public key certificate. It is a data file that contains:
This SSL security is installed on a server and is used for encrypting sensitive data online to ensure a secure connection. It is most often used for banking transactions or the transfer of sensitive data, such as IDs and passwords.
It is materialised for use by a padlock and the “https” protocol in the URL bar.
This type of certificate is used in the particular case of electronic signatures. How to define it?
It is the digital equivalent of a handwritten signature.
Characteristics of the electronic signature certificate:
Simply put, a public key certificate is essential for authenticating a person, secure access and, by extension, allow him/her to sign electronically. Without a digital certificate, the digital signature has no legal value.
It is a guarantee of security and proof of the identity of the signatory, the only person with the right to sign. The certificate provides the link between the electronic signature and the signatory as it contains information essential to authenticate the signatory and guarantee the inalterability of the document.
In which cases can electronic signatures be used? Exchanges are facilitated, accelerated, and secured, for example, to:
Would you like to know more about the legal framework of electronic signatures, and how to make a legal digital signature?
A qualified digital certificate can only be issued by a recognized organization that has been accredited by ETSI (the European Telecommunications Standards Institute) or an institution of another EU country as a qualified trust service provider. These service providers are trusted third parties who are entitled to issue such certificates in accordance with the Electronic Transactions Regulations 2016 and the eIDAS Regulation.
This English and European legal framework guarantees the trust and security of online exchanges for users, both in companies and for public procurement.
Among the most well known and used certificate authorities in the United Kingdom we note for example:
Source: European Commission
As mentioned above, a public key certificate can only be obtained from a qualified certificate provider accredited by the competent authority. The EU Commission and the eIDAS maintain a corresponding list of such providers.
In most cases, the certificate is issued to a natural person acting on behalf of the company. The key certificate shall, however, contain the corporate name of the company or public organization for which the natural person is acting.
To receive a digital certificate, certain conditions apply:
With the contours of the digital certificate now clear, how can you simply sign documents online, while ensuring the security of your data? How does this work in practice?
Online public key signature software facilitate the dematerialization in companies:
Some digital signature system vendors, such as Yousign or DocuSign, are also recognised as certification authorities. They are therefore able to issue public key certificates. You have the guarantee that the proposed certification and the electronic signature have the legal value required to sign with complete peace of mind.
Yousign has the dual role of a SaaS based electronic signature software publisher and a certification authority. It is certified by eIDAS and ETSI and holds the Security Visa issued by ANSSI. The French publisher makes a point of providing the highest level of security for client’s data.
In terms of functionalities, Yousign is:
You now know: digital certificates, in particular, the famous SSL certificate, attest and guarantee the security of data transmission over the network since they are a safeguard for the authentication of the identity of actors in the network. A valid SSL certificate is represented by a padlock symbol next to the URL display and documented by an SSL protocol. Electronic certificates can only be issued by officially accredited certification bodies. In addition, digital certificates enable the creation of electronic signatures, which can advance the digitization of your company.
In addition to connection and website security, these data records not only enable carefree navigation and encrypted data exchange in the network, but also have a direct modernizing effect on companies that decide to use them, for example, in the area of document management.