Digital Certificate: What it is, what are the types and how to obtain one.
If you follow the Clicksign blog, you may have noticed that weeks ago we talked about Digital Authentications.
Shall we remember? Digital authentication consists of the use of technologies for a person to confirm their personal identification data in a process of formalizing the expression of will. This technology is part of the factors that provide security to the digital signature process, ensuring the authenticity of the identification of a person in a given act of demonstration, access, or permission.
Well, today we are going to talk about one of the most well-known forms of electronic authentication: Digital Certificate.
What is a digital certificate?
According to the definition of National Institute of Information Technology (ITI) “the ICP-Brazil digital certificate* is an electronic document whose main function is to prove the identity of the citizen or company electronically and to provide a legal and secure way to digitally sign documents and transactions carried out in these environments.”
*ICP-Brazil is the Brazilian Public Key Infrastructure, which represents the country's digital certification system and enables the issuance of digital certificates used for the virtual identification of citizens. These certificates can be purchased through a Certification Authority that issues digital certificates.
In other words, the digital certificate is one of the means that allows identifying the authorship of the digital signature of a signer (who signs).
What are the types of digital certificates?
Currently, within the framework of ICP-Brazil, there are several types of digital certificates, which vary according to the purpose of use by their holder. Among them, the digital certificates of type A and T-type.
The digital certificates of the type A are, without a doubt, the best known. This is because its main purpose is to carry out a digital signature, since a digital certificate type A can certify the authorship of the expression of wishes of the document (the identity of the signer) and also guarantee the integrity of the signed document, that is, guarantee that no changes were made to the document after the signing process was completed.
Type A digital certificates are further subdivided into two categories: type A1 and type A2.
The certificate of type A1 It is invariably valid for one year and must be stored directly on a computer or mobile device, such as smartphones and tablets.
On the other hand, the digital certificate of type A3 provides more flexibility to the user, because its validity can be up to five years and its storage can take place on a card, cryptographic token or even in the cloud. In this way, it is possible to use the certificate on any device that can read the card, token, or cloud file.
Now, the digital certificates T-type they have a different purpose, since their main objective is to attest to the exact moment when a certain digital authentication was performed. Also known as Timestamp, this type of digital certificate is issued by a Time Certification Authority (ACT), which must also be accredited by ICP-Brazil.
This technology is commonly used to reinforce the security of digital authentications, such as in the electronic signature process of documents, since the time stamp can attest to the exact date and time when the document was signed, thus providing an extra layer of security to the signature process.
How to obtain a digital certificate?
The first step in obtaining a digital certificate is to choose a certifying authority.
Certification authorities are companies authorized to issue and manage digital certificates under ICP-Brazil. The list of certification authorities is available for consultation at ITI website. There are currently 24 accredited companies, which operate at relatively similar prices.
Well, after choosing the certification authority of their choice and making the request for a digital certificate that best meets their needs, the citizen will undergo a process of authentication.
In this process, which may take place in person or via videoconference, a series of documents must be submitted to the certifying authority, such as Identity Card (ID), National Driver's License (CNH), proof of registration in the National Register of Individuals (CPF), proof of residence, and, in addition to the documents, biometric data, such as digital and facial fingerprints, will be collected in accordance with ICP-Brazil legislation.
Once this authentication process has been carried out, the user can freely use their digital certificate, with the password chosen by them and for a period ranging from twelve to sixty months. After the expiry date, the user must go through the authentication process again.
In other words, in the use of ICP-Brazil digital certificates, we have two distinct moments of authentication. The first, and main, that collects documents and biometric data, occurs only at the time of issuance and renewal of certificates. The second, which boils down to entering the predefined password, occurs at any time a digital certificate is used to sign a document.
The relationship between electronic signatures and digital certificates
As we saw at the beginning of this post, the digital certificate is one of the forms of digital authentication. Well, the same logic applies to the context of electronic signatures.
That's because digital signatures are classified into three different types: qualified, advanced, and simple.
Therefore, the ICP-Brazil Digital Certificate is the authentication method that makes it possible to perform a qualified electronic signature.
It is important to say that there is no hierarchy between the types of digital signatures, because Brazilian legislation privileged private autonomy, that is, it privileged the autonomy of the signatories to decide on the most appropriate option, given the situation and the document they are signing.
Thus, as a general rule, we can affirm that any document can be signed with any type of digital signature.
However, Brazilian legislation provides for specific situations in which a specific type of digital signature must be used to sign certain documents.
The most classic example is the signing of acts of transfer and registration of immovable property, since in these situations the electronic signature must be used qualified Or the advanced, as defined by law.
There are also situations where there is an exclusive requirement for the use of qualified electronic signatures. For example, in the legislation applicable to public records (notary offices), there are several regulatory acts, at the federal and state levels, providing for the mandatory use of this signature.
In this case, it is worth citing as an example the requirement to use qualified signatures in registrations and amendments to constituent acts, or even the minutes of meetings of legal entities, which must be submitted to the civil registry offices of legal entities.
Therefore, we conclude that the ICP-Brazil Digital Certificate is a mandatory requirement for the signing of certain documents, in accordance with Brazilian law. In other words, Brazilian legislation requires that citizens have a digital certificate in order to sign and/or register certain documents, such as acts of transfer and registration of real estate, as well as acts of registration of legal entities, for example.
The number of active digital certificates in Brazil
Currently, according to data provided by ITI, as of 27/09/2022, there are 12.426.974 (twelve million, four hundred and twenty-six thousand nine hundred and seventy-four) ICP-Brazil digital certificates active in Brazil.
Still analyzing the data provided by ITI, we observed that digital certificates of individuals represent 48.1% Of all active certificates, digital certificates of legal entities represent 51% of active certificates:
That is, only approximately 5,900,000 (five million nine hundred thousand) citizens have an active digital certificate in Brazil.
Also considering the Brazilian population estimate provided by the Brazilian Institute of Geography and Statistics (“IBGE”) and compared to the number of digital certificates of active individuals, only approximately 2.7% of the total Brazilian population has an active digital certificate.
In other words, only 2.7% (two point seven) of the total Brazilian population meets the legal requirements for a qualified electronic signature.
It is interesting to note that the legislative changes are already considering this reality of the low percentage of Brazilians who have an active digital certificate.
For example, the Law 14.620/2023 created exceptions to the mandatory use of an ICP-Brazil digital certificate when signing documents, providing for the possibility of using advanced electronic signatures in private instruments for the purchase and sale of property as a public deed, in addition to reaffirming the possibility of using any type of electronic signature on extrajudicial executive titles signed electronically, even without the obligation to sign two witnesses.
The use of digital certificates at Clicksign
The Clicksign Platform, a pioneer in the Brazilian electronic signature market, provides its users with the possibility of making any type of electronic signature (simple, advanced, and qualified), on any document through its Platform.
In this way, it is also possible to use digital certificates in the electronic signature process on the Clicksign Platform.
In the case of type A digital certificates, the Platform allows the user to sign using their ICP-Brazil Digital Certificate (type A1 or type A3) as an authentication method, that is, it allows the user to make a qualified electronic signature.
Clicksign Help Center: Signing a document with a Digital Certificate
But that's not all, the Clicksign Platform also allows the use of T-type digital certificates in the electronic signature process, that is, it allows the inclusion of a time stamp in the signed document, which will act as an extra layer of security.
It is worth noting that for the use of a time stamp, the signer will not need to purchase a digital certificate type T, since in this case the certification is offered by the Clicksign Platform itself.
Clicksign Help Center: What is it and how to hire Timestamp
How to verify the compliance of a document signed with a digital certificate?
The most common way to verify an electronically signed document is through a tool provided by the ITI, called Validate.
It is important to understand that this tool performs the compliance verification of qualified electronic signatures, that is, only those subscriptions made with a ICP-Brazil Digital Certificate.
Thus, through Validate, it is possible to verify the compliance of the signatures of a document if the signers have used a Digital Certificate as an authentication method.
*Important: If it is necessary to verify, in the Validate tool, qualified electronic signatures made on Clicksign, the owner of the document must be asked to share a file called PAdES, which is automatically generated by the Clicksign platform every time a document has qualified electronic signatures. PAdES is a digital signature standard for PDF and uses cryptographic public keys to protect document integrity.
Clicksign Help Center: How to obtain the PAdES file of the signed document?
However, if the platform used to sign a particular document has, as a security factor, the inclusion of a Digital Certificate owned by the platform itself, as is the case of Clicksign, Validar will certify the compliance of this Digital Certificate, which proves that that document was not violated after finalizing its signature on the Platform.
Start using digital certificates on Clicksign
Clicksign is the first electronic signature company in Brazil. Our solutions are ideal for those who want to reduce costs and streamline processes. Because, from any location, through a device with internet access, it is possible to subscribe in less than 1 minute.
Through our platform, you can sign documents with any type of electronic signature required by law, according to the needs of the clients. Because we use the most advanced technologies to provide greater security and legal validity to signed documents.
Do you want to understand how Clicksign can help you? Try it free for 14 days.
