In what form do I get a certificate?
You can activate the digital certificate with a reference number, which you receive by e-mail, and an authorisation code, which you receive by registered mail.
To activate a web certificate, you need to go to the web page, where you can start the procedure of certificate activation. The procedure of activation is described in detail in "Instructions for activating web qualified digital certificates SIGEN-CA", which you received after completing an application form.
You activate an enterprise digital certificate according to instructions (in Slovenian).
When will I get the certificate?
In 10 working days after completing an application form at SIGEN-CA Registration Authority, you will receive a reference number by e-mail and an authorisation code by registered mail. You need both numbers to activate your digital certificate. This must be done within 60 days.
Do I need a Smart Card and where do I get it?
The Smart Card is a medium for storing private keys. The Smart Card is not urgently necessary, but you may personally decide to use it for security reasons. In case you already have a reader, you only need a card.
We are worried about the notice about required software for enterprise digital certificates
Notice said: "Required software for enterprise digital certificates: Enterprise qualified digital certificates SIGEN-CA can be used with the assistance of Entrust Desktop Solutions v5.02 software."
- Does Entrust Desktop Solutions software operate also under other operation systems other than MS WINDOWS?
- Is it possible to use other (compatible) software with enterprise qualified digital certificates, e.g., Pretty Good Privacy or GNU Privacy Guard?
There are different systems for ensuring authenticity of a public key holder: PKI, PGP, SPKI, ...
For ensuring authenticity of a public key holder, the most adequate is PKI with a common Certification Authority. It can cross certify with Certification Authorities from other fields and countries. Such Certification Authorities are mentioned also in Electronic Commerce Acts (German, Austrian, Italian, Slovenian,...). PGP uses a system, so-called "web of trust", where there is no common Certification Authority, and deals with self-signed digital certificates, which are exchanged by users among themselves.
The Certification Authority at CVI is a Certification Authority, who issues digital certificates according to PKI recommendations. It warrants for the authenticity of digital certificates, which link holders of public keys with their data, and issues a digital certificate in X509v3 format. Certificates and Certificate Revocation Lists are stored in the directory according to standard X.500, which is accessible by protocol LDAPv2 and LDAPv3.
The issuer of digital certificates SIGEN-CA of the Certification Authority at CVI issues two types of qualified digital certificates:
- "web" are designed for use on the Web according to protocol SSL, TLS, and S/MIME. Software for such certificates must be able to form a pair of 2048 bit keys according to algorithm RSA, the request for a digital certificate according to recommendation PKCS#10, and include the certificate, which you get signed from SIGEN-CA in PKCS#7 format. The recommendations are supported by most of the browsers in web servers.
- "enterprise" are designed for public servants, organization and applications in state administration. This equipment has to support a separated pair of keys for signing and encryption. It also has to enable the possibility of restoring private keys for decryption, if they become of no use. This is necessary, so that we minimize the possibility of losing official, encrypted data. At the moment users are using on their workstations Entrust/Entelligence software, which is operating under MS WINDOWS (95, 98, 2000, NT), and Macintosh Power PC version 7.5 and higher. The older version of Entrust/Client also operates on Unix systems. Messages in S/MIME form are standard, irrespective of using a web or an enterprise digital certificate. This way the user, who is using the enterprise digital certificate, can decrypt or verify the signature on the message, which was signed or encrypted with a web digital certificate.
PGP software or GNU Privacy Guard is not compatible with PKI standards. This may change in the future, for certain tests have already been made.