Everything you need to know about public key certificates

Everything to know about electronic certificates

What is a public key certificate and what is it for? You may have already heard about it, but not completely understand how it works or how to get it. 

This article is based on the observation that the digital transition of companies leads to the increasing dematerialization of documents. The Internet, particularly online software, facilitates the processing and exchanging of information in companies, but what about security? How can you ensure that a site is safe and that the implementation of new processes such as electronic signature is not dangerous for your data? 

This is where the digital certificate comes in, guaranteeing the authentication of signatories as well as data and key encryption

appvizer has all the information you may need to understand the concept of public key certificates better: 

Selection of software for you

DocuSign

DocuSign
Electronic Signature Software
Visit Website
View software

interStis

interStis
Conducting projects and facilitating work groups
Visit Website
View software

Playtomic

Playtomic
Management software for clubs and sports facilities.
Visit Website
View software

What is a public key certificate? 

Definition

A public key certificate is also referred to as a digital certificate and an electronic certificate. 

It is a digital identity card to: 

  • Identify and authenticate a natural or legal person 
  • Encrypt exchanges 
  • Sign online in complete security 

The most widely used standard for creating digital certificates is X.509.

A digital key certificate is required when signing files online, via an electronic signature. The digital key certificate is what allows the signatory to be identified and the integrity of the file to be insured.  

The different types of public key certificates

There are several types and classes of certificates, each with a different level of security. 

Class I

This class only guarantees the existence of an email address, but not the identity of the certificate holder. 

Class II

This class guarantees the identity of the public key certificate holder and that of his company. The supporting documents have been transmitted and verified by the certification authority that issues the digital certificate. 

Class III

Like Class II, Class III guarantees the verification of the identity of the certificate holder, but its physical presence is required. 

There are also three levels of public key signatures, each corresponding to a different level of security and authentication. The different levels are:

  • Simple electronic signature: data is in electronic format and attached or combined with other electronic data. It allows to have the identity of the signatory reliably verified and to indicate the signatory’s consent to sign the document. 
  • Advanced electronic signature: created from a tool that guarantees the unique use of the signatory. It is unambiguously linked to the signatory, and it allows you to identify the signatory, as well as to detect possible modifications of the document after the signature.
  • Qualified electronic signature: created from a tool that guarantees the sole use of the signatory, and based on a certificate qualified as an electronic signature. 

A public key certificate can have two types of support:

  • Software
  • Hardware - it will then take any form of a USB key or a smart card 

SSL Certificate: definition

SSL certificates are public key certificates that secure communications between web servers and browsers. 

The SSL (Secure Sockets Layer) / TLS (Transport Layer Security) certificate is the most well known public key certificate. It is a data file that contains: 

  • A public cryptographic key, linked to the private cryptographic key of an organization or private person
  • URLs of secure sites 
  • The corporate name of an organization, in the case of OV (organization validation) and EV (extended validation) certificates

This SSL security is installed on a server and is used for encrypting sensitive data online to ensure a secure connection. It is most often used for banking transactions or the transfer of sensitive data, such as IDs and passwords. 

It is materialised for use by a padlock and the “https” protocol in the URL bar.

https protocol

The electronic signature certificate

This type of certificate is used in the particular case of electronic signatures. How to define it? 

It is the digital equivalent of a handwritten signature. 

Characteristics of the electronic signature certificate:

  • Nominative
  • Issued to a single person (not a company)
  • Issued by a certification authority or a Qualified Trust Service Provider (QTSP)

What is the purpose of a public key certificate?

Simply put, a public key certificate is essential for authenticating a person, secure access and, by extension, allow him/her to sign electronically. Without a digital certificate, the digital signature has no legal value.

It is a guarantee of security and proof of the identity of the signatory, the only person with the right to sign. The certificate provides the link between the electronic signature and the signatory as it contains information essential to authenticate the signatory and guarantee the inalterability of the document.

In which cases can electronic signatures be used? Exchanges are facilitated, accelerated, and secured, for example, to:

  • Sign an invoice or purchase order
  • Sign contracts of any kind
  • Respond to calls for tenders
  • Sign official documents (e.g. tax and social security declarations)
  • Secure access to your mailbox or one of the websites

Would you like to know more about the legal framework of electronic signatures, and how to make a legal digital signature?

Who can issue a public key certificate?

A qualified digital certificate can only be issued by a recognized organization that has been accredited by ETSI (the European Telecommunications Standards Institute) or an institution of another EU country as a qualified trust service provider. These service providers are trusted third parties who are entitled to issue such certificates in accordance with the Electronic Transactions Regulations 2016 and the eIDAS Regulation.

eIDAS compliant
This English and European legal framework guarantees the trust and security of online exchanges for users, both in companies and for public procurement.

Among the most well known and used certificate authorities in the United Kingdom we note for example:

  • Entrust Ltd 
  • Barclays Bank Plc
  • Experian Ltd
  • Morpho UK Limited

Source: European Commission

How to obtain a public key certificate?

As mentioned above, a public key certificate can only be obtained from a qualified certificate provider accredited by the competent authority. The EU Commission and the eIDAS maintain a corresponding list of such providers.

In most cases, the certificate is issued to a natural person acting on behalf of the company. The key certificate shall, however, contain the corporate name of the company or public organization for which the natural person is acting.

To receive a digital certificate, certain conditions apply: 

  • The certificate must comply with the GDPR 
  • As a rule, it should take several weeks to receive this digital document

From certificate to electronic signature: how to do it?

With the contours of the digital certificate now clear, how can you simply sign documents online, while ensuring the security of your data? How does this work in practice?

Online public key signature software facilitate the dematerialization in companies:

  • Sign or get your documents signed faster
  • Give legal value to your documents
  • Adopt an eco-responsible approach and stop printing documents
  • Avoid the risk of losing documents by not transmitting them physically
  • Reduce your costs and simplify your exchanges in mobility and abroad

Some digital signature system vendors, such as Yousign or DocuSign, are also recognised as certification authorities. They are therefore able to issue public key certificates. You have the guarantee that the proposed certification and the electronic signature have the legal value required to sign with complete peace of mind.

Focus on Yousign 

Yousign, SaaS based electronic signature software
Yousign has the dual role of a SaaS based electronic signature software publisher and a certification authority. It is certified by eIDAS and ETSI and holds the Security Visa issued by ANSSI. The French publisher makes a point of providing the highest level of security for client’s data.

In terms of functionalities, Yousign is:

  • An electronic signature provider
  • A digital safe
  • A storage with probative value
  • A time stamp for signatures and documents

Bottom Line

You now know: digital certificates, in particular, the famous SSL certificate, attest and guarantee the security of data transmission over the network since they are a safeguard for the authentication of the identity of actors in the network. A valid SSL certificate is represented by a padlock symbol next to the URL display and documented by an SSL protocol. Electronic certificates can only be issued by officially accredited certification bodies. In addition, digital certificates enable the creation of electronic signatures, which can advance the digitization of your company.

In addition to connection and website security, these data records not only enable carefree navigation and encrypted data exchange in the network, but also have a direct modernizing effect on companies that decide to use them, for example, in the area of document management.

Selection of software for you

NumSync

NumSync
Software about File Sharing & Sync
Visit Website
View software

Kizeo forms

Kizeo forms
Mobility and digitization solution for professionals
Free Trial
View software

Octopus24

Octopus24
Property Management System and Channel Manager
Visit Website
View software
Comment on this article

Add new comment