FAQ - Signatur

Stated simply, a certificate is an online ID document. The certificate contains information on the identity of a natural or legal person as well as verification data used to assign electronic signatures or seals to that person. The certificate is protected from modification by the electronic signature or the electronic seal of the party issuing the certificate.

In the legal definitions, distinctions are made between certificates for electronic signatures, for electronic seals and for website authentication. Art. 3(14) of the eIDAS Regulation defines a ‘certificate for electronic signature’ as an electronic attestation which links electronic signature validation data to a natural person and confirms at least the name or the pseudonym of that person. Art. 3(29) of the eIDAS Regulation defines a ‘certificate for electronic seal ’ as an electronic attestation that links electronic seal validation data to a legal person and confirms the name of that person. Art. 3(38) of the eIDAS Regulation defines a ‘certificate for website authentication’ as an attestation that makes it possible to authenticate a website and links the website to the natural or legal person to whom the certificate is issued. These definitions do not depend on any particular technology.

In technical terms, certificates usually refer to a certain data format. X.509v3 certificates link public keys to the name of a person or server. Numerous other details can be included in X.509v3 certificates.

There are two main differences between the technical definition of a certificate and the legal definition:

1. The legal definition of a certificate does not depend on any particular technology and in theory includes even certificates for which the verification data do not represent public keys encrypted using a certain technique. The definition is thus open-ended with regard to future technical advances.
2. Only certificates containing verification data, i.e. data (also) used specifically for verifying electronic signatures or seals or for authenticating websites, fall within the legal definition of a certificate. Certificates in the technical sense can also be used for other purposes, such as encryption. Certificates used exclusively for encryption do not fall within the legal definition of a certificate.

Further information can be found by following this links:

• What is a ‘qualified certificate’?
• What is the difference between a signature and a certificate?