Scroll

Good Security Practices CDQ

Digital Certification

Good Safety Practices in the Use of Qualified Digital Certificate

Qualified Digital Certificate is personal and non-transmissible — know the essential practices to protect your digital identity and ensure the legal validity of your electronic signatures

"Can it be used by a person other than his holder? Or is this possibility forbidden?"

In this article, it is our goal to answer the questions mentioned in order to ensure the safety of our certificates.

It is recalled that the qualified electronic signature is equivalent to the handwritten signature, fulfilling three essential functions:

Identifier Function

The person who has affixed the signature shall be the holder of the signature, offering guarantees regarding his real identity.

Finish Function

The signature was made with the intention of signing the electronic document.

Unalterability Function

The electronic document has not been changed since the signature was affixed.

For the above reasons, theQualified Digital Certificateis personal and non-transmissible, intended solely for the authentication and signature of documents subscribed by theown holder, being expresslyprohibited by any third party, even if authorised by the holder.

 

In fact, we advise the holder of the qualified digital certificate to adopt the following safety practices:

  • When issuing, you should choose to choose an email and/or mobile phone number for personal use, to which only the certificate holder has access, in order to ensure that all information/communications relating to the use of the certificate are only accessed by the certificate holder;
 
  • Similarly, where the holder has a physical cryptographic device, he shall not provide third parties with his or her smartcard or token containing his or her certificate or grant access passwords (PIN and PUK), as they are exclusive to the correct use of the certificate;
 
  • the holder shall ensure that the private key is kept under his control and that the necessary measures are taken to prevent its unauthorised use throughout the period of validity of the private key, without disclosing or providing to any third party the parameters and procedures for the identification of that private key;
 
  • The holder shall request theDigitalSignthe immediate revocation of its certificate in the event of loss or loss of the cryptographic device, or where there is suspicion of breach of confidentiality of access data to the certificate;
 
  • InformDigitalSign, as soon as possible, any fact likely to cause direct or indirect damage to the holder’s certificate itself or third parties.
 
In short, when using the certificate, always take into account the personality and non-transmissibility of your certificate. This is the only way to ensure that the identifying function (and hence the true authenticity of an electronic document) is ensured.

 

For more information, please refer to the general conditions set out inQualified Digital Certificate Emission Agreement, availableHere..