An electronic certificate is a digital identity. It is nominative, so belongs personally to a member of a company or agent of an administration. The electronic certificate consists of three inseparable elements:
- the information concerning the identity of the holder (name, surname, function, service, email …), his organization (company, association or administration …), the period of beginning and end of validity of the certificate, the identity of the certification authority that generated it, the authorized certificate functionality, the address for access to the authority certification policy, and the address of the certificate revocation list;
- The private key;
- The public key.
The certificate, necessary for the electronic response, consists of a public key and an associated private key that must remain secret (we speak of asymmetric key certificate) which is confined in a cryptographic hardware support: a cryptographic USB key or a smart card, for example.
The certification authority is a provider that produces certificates, on behalf of users. When this provider is a private company, it markets the certificates produced. When the provider is an administrative authority, he delivers them to his agents.
The Certificate Authority signs the certificate (with its own private key), thereby ensuring the integrity of the certificate and the veracity of the information contained in the certificates it issues.
The certification authority ensures the link between the user (the future signatory) and the certificate that he will issue for him, by making sure beforehand, by the examination of identity documents and a face-to-face meeting. on the veracity of the information provided by the applicant for the certificate.
The validity period of the certificate is two to three years (the RGS provides three years). Its annual cost depends on the associated services. On average, it varies between 70 and 130 €.
All the information needed to acquire a certificate is online at the sites of the certifying authorities that market it. The list of certification authorities that can be used to sign offers is online here: http://www.entreprises.minefi.gouv.fr/certificats/
In practice, it takes 15 days to a month to obtain a signature certificate, sometimes more. The company is therefore invited to anticipate this acquisition.
Electronic certificate or certificate within the meaning of the practical guide to the dematerialization of public contracts and the RGS
An electronic certificate or certificate is, according to the provisions of the RGS: “An electronic file attesting that a key pair belongs to a natural person DIGITAL SIGNATURE, a legal person, a material element or identified software, directly or indirectly (pseudonym). It is issued by a PSCE. By signing the certificate, the CA validates the link between the identity and the public key. The certificate is valid for a limited period specified in it.
Usable media: hardware or software?
An electronic certificate is either in physical form or in the form of software.
In the case of a material form in electronic certificate takes the form of an electronic component such as a smart card or USB key,.
A certificate offered on a hardware medium is generally preferable because it is:
Safer because we cannot copy it,
Generally more practical, indeed, it is usable on different sites and, moreover, it is always exploitable following worries with the computer,
Often more economical because it is accepted by all the teleprocedures of the administrative authorities.
These reasons make that one moves more and more towards certificates stored on material support.