Electronic certificate and digital signature

The electronic certificate in two words

The electronic certificate in two wordsAnelectronic certificateis a digital file issued by a certification authority (CA) which associates apublic keypublic keywith the identity of its holder. It is the cornerstone of

digital signature

— the technical implementation of electronic signature.

• Asymmetric cryptographyThe digital signature is based on public/private key cryptography:
• The digital signature is based on public/private key cryptography:Private key ⬥⬥⬥: kept secret by the signatory, used to sign

Public key ⬥⬥⬥: distributed in the certificate, used to verify

Anyone can verify with the public key that a signature has indeed been produced with the corresponding private key. cat of compromise

PKI: public key infrastructure

• All the hardware, software, procedures and policies for issuing, managing and revoking certificates form a
• All the hardware, software, procedures and policies for issuing, managing and revoking certificates form a
• PKI
• (Public Key Infrastructure).

A modern PKI includes:

root certification authority (CA-R)root certification authority (CA-R)intermediate authorities

revocation servers (CRL, OCSP)

• enrollment procedures
• Qualified certificate vs simple certificate
• Simple certificate ⬥⬥⬥: issued by any authority, standard use
• Simple certificate ⬥⬥⬥: issued by any authority, standard use

Qualified certificate ⬥⬥⬥: issued by a

• QTSP(qualified service provider) registered on the EU trusted list. Mandatory for the
• qualified signature (QES) ⬥⬥⬥.SeeSeethe 3 signature levels ⬥⬥⬥.Digital signature vs electronic signatureElectronic signature ⬥⬥⬥: legal concept (eIDAS). Three levels.

Digital signature ⬥⬥⬥: technical implementation by asymmetric cryptography.An electronic signatureAn electronic signature

may

• be based on a digital signature, but not necessarily. A simple AES (OTP) does not use a personal certificate.When a personal certificate is necessary
• A personal certificate is only obligatory for:A personal certificate is only obligatory for:

theQES(qualified signature)

certain specific procedures (e-registry, electronic declarations)

For the SES and AES, no need for a personal certificate — the platform manages cryptography in the backend.

• For the SES and AES, no need for a personal certificate — the platform manages cryptography in the backend.How to obtain a qualified certificateChoose a QTSP (Docaposte Certigna, Universign/Oodrive, CertEurope…)
• Pass an identity verification (face-to-face or video KYC)

Receive the certificate on a device (YubiKey, smart card) or in software

Valid for 1-3 years, renewable

1. Valid for 1-3 years, renewable
2. Cost: €50-200 per year typically.
3. How Certyneo helps you
4. Certyneo manages backend cryptography for SES and AES signatures — you don't need any personal certificates. For QES cases, we interface with several European QTSPs to trigger the qualified signature without complexity.

Discover the Certyneo electronic signature solution

Discover the Certyneo electronic signature solution

FAQ

Do I need a certificate to sign?

No for SES/AES. Yes for QES.

How much does a qualified certificate cost?

€50-200 per year with French QTSPs.

€50-200 per year with French QTSPs.

How to renew?

Lighter procedure (identification already done), generally online.

Can a certificate be revoked?

Yes, by the CA in the event of compromise. Consult the CRL or OCSP.

Does ANSSI certify certificates?

Does ANSSI certify certificates?

No, it qualifies the QTSPs which issue the qualified certificates.

Conclusion

The electronic certificate is the basis of the qualified digital signature. For most uses (SES/AES), the platform manages everything in the backend — you don't have to install anything.

Try Certyneo to send, sign and track your documents online simply, quickly and securely.