Certificates and electronic signatures in a nutshell

Blog Certificates and electronic signatures in a nutshell

Certificates and electronic signatures in a nutshell

When people talk about electronic signatures, the term signature certificate almost automatically comes to mind. Of course, this applies only to certain types of signatures, but certificates are often a necessary condition for the electronic signature to be of sufficient quality and even usable in a given case.

Certificates and electronic signatures in a nutshell

Where and how certificates are created

Certificates for electronic signatures (and not only those) are issued by so-called certification authorities. The term is twofold, because it refers to both the software that technically "produces" what we call a certificate, but also to an organization that issues various types of certificates for a fee. We will not deal with software in this article; instead, we will turn our attention to these organizations. Moreover, we will focus on those that call themselves qualified certification authorities.

The word "qualified" has a fundamental meaning, because only through qualified certificates issued by these qualified authorities can so-called recognized electronic signatures be created (see §6 of Act 297/2016 Coll., on trust services). The term "recognised electronic signature" in that Act means "...a guaranteed electronic signature based on a qualified certificate for electronic signature or a qualified electronic signature."

There are four qualified certification authorities issuing qualified signature certificates in the Czech Republic. They are the First Certification Authority, the Czech Post through its certification authority PostSignum, eIdentity and the Basic Registers Administration through its certification authority National Certification Authority. The last of these, however, is intended exclusively for selected public administration entities (security forces, intelligence services and selected departments of the Ministry of the Interior). The others are public and anyone interested can buy a qualified signature certificate from them.

Electronic signature

Correct signature in the correct place in accordance with eIDAS.

Anytime, anywhere
Safely
For organisations

Read more

Electronic seal

Electronic seal recognised throughout the EU. Integrated with signature.

Qualified seal
Advanced seal
Plain seal

Read more

OBELISK Cloud

Digital trust as a service for paperless processes and digitization.

Comfortable
Safely
Qualified

Read more

What is a Signature Certificate

In the world of electronic signing, a certificate is used for two fundamental things:

1) to some form of linking the identity of the signatory with his electronic signature,

2) to verify the validity of the created electronic signature.

Beware, however, that an electronic signature tells the signatory's identity as little as possible, usually only his or her first and last name. Proof of identity (nowadays most often in the form of physical identity documents) is provided by the certification authority, which must verify, especially when issuing qualified certificates, that the person is who he or she claims to be. But this is not written into the certificate itself.

And what is the content of the certificate? Many different pieces of information such as the detailed identification of the owner, the name of the certificate issuer and its electronic signature, the validity of the certificate and of course the public key.

3 levels of electronic signature in the Czech Republic

Depending on which certification authority issued the signature certificate, the level (quality) of the electronic signature is distinguished. Again, by "which certification authority" we mean whether it is qualified or not. If it is, then it does not matter whether it was one of the Czech ones or one of the other ones in the EU. In the Czech Republic, there are three levels of electronic signatures.

The first, highest, best quality of these are called "qualified electronic signatures". These are those that meet two conditions. They have been created by means of qualified certificates issued by, for example, one of the above certification authorities (or any other qualified certification authority from the EU). And they have been created using so-called qualified means for creating electronic signatures, which in practice are most often smart cards or tokens. Qualified signatures are obligatory for use by public authorities, so if you ever receive an official document in electronic form, it should be signed with that official's qualified electronic signature.

The second, specifically Czech, level is "recognised electronic signatures based on a qualified certificate". The name is a bit of a mouthful, which is why they are often abbreviated as "recognized electronic signatures". What they have in common with qualified signatures is that they still require a qualified certificate for electronic signature. But there is no longer a need for that qualified means. This means you can do without the smart card/token. A recognised electronic signature is needed if you, on the other hand, want to send a document electronically to the government. The authorities are legally obliged to accept a document with this type of signature. Of course, the signature is no longer responsible for the correctness of the content of the document.

The third level is the so-called "guaranteed electronic signatures". These no longer need a qualified certificate to be created. Any electronic signing certificate issued by your employer, for example, is sufficient. They are therefore not subject to the same strict rules as if you get a qualified certificate. For example, no one will ask you to prove your identity. Guaranteed electronic signatures can be used everywhere other than when communicating electronically with the government. For example, in internal company processes, in business processes between commercial companies, etc.

Related
products and services

OBELISK Signing Portal

Consultation on the digitization of organizations

OBELISK Digitalization Platform

QTSP Accreditation

QTSP Accreditation

NATO Secret clearance

NATO Secret clearance

Membership of the ESD

Membership of the ESD

ISO

ISO