Digital Certificates

Qualified certificates of signature on Smart Card secure device

The Qualified certificates on secure Smart Card device issued by the Edicom Certification Authority are delivered on the Incrypto34 cryptographic card. This card has been specially designed for public key infrastructures that require authentication of an organisation, integrity, data confidentiality and non-rejection at source. The sensitive cryptographic material is always kept in the card and its use is protected by means of access control, so that there is no way to extract the private key.

The card provides 1024-bit RSA functions, such as public key algorithm, ,SHA-1 for hashing and Triple-DES for the symmetrical coding. The operating system of the card complies with PC/SC specifications and has a Microsoft CryptoAPI (CSP) and PKCS#11 interface.

The platform used in the Incrypto34 card obtained the Common Criteria EAL4+ certification in February of 2005, by the accredited institution Bundesamt für Sicherheit in der Informationstechnik, indispensable requirement to be considered Secure Device for Signature Creation according to the CWA 14169 standard

In addition, a SIM card reader device with USB interface for plug-in format smart cards (SIM card) is provided.

These certificates are valid for 2 years.

The certificates may be issued to physical persons or legal organisations after identification and authentication before the ACEDICOM Registration Authority. To this end, the applicant must provide the following documentation:

Physical Persons:

National identity document/passport or any other legally accepted means that allows their identification.

Legal Person or Corporate Body:

• When the application is lodged by any trading company or any company of obligatory inscription in the Mercantile Registry (Joint-stock Company, Public Limited Company, Limited Liability Company, Worker-owned Limited Company, Sporting Associations, Partnerships, Limited Partnerships or Cooperatives, Economic Interest Groupings, Joint Ventures, others.), a certificate must be provided from the Mercantile Register (or equivalent body in countries other than Spain) relating to the constitution, legal personality, appointment and term of the position of administrator or legal representative, issued during the 10 days prior to the date of presentation of the certificate application in ACEDICOM. If the representation is voluntary, the certificate of appointment and term of the position may be replaced by sufficient power of attorney with special clause authorising the Legal Person/Body Corporate Certificate application.
• To apply for a certificate for Associations, Foundations, Clubs, Political Parties, Trade Unions or Cooperatives not inscribable in the Mercantile Register, a certificate from the public registry where they are inscribed must be provided, relating to the constitution, legal personality, appointment and term of the position of administrator or legal representative, issued during the 10 days prior to the date of presentation of the certificate application in ACEDICOM. If the representation is voluntary, the certificate of appointment and term of the position may be replaced by sufficient power of attorney with special clause authorising the Legal Person/Body Corporate Certificate application.
• To apply for an electronic certificate for Private Companies and Communities of Goods, the Constituent Title or Statutes of the Private Company, along with the NIF, the certificate of appointment of the President/Chair or organ of administration and the responsible declaration of the President/Chair (or administrative organ) on the term of their position must be provided, or sufficient power of attorney with special clause authorising the application for certificate of legal personality, granted by the President/Chair or organ of administration to the voluntary representative.

In both cases, said documentation must be accompanied by the "Certification Contract" filled in previously through the ACEDICOM website. This Contract must be signed in the presence of the Registration Authority or, where pertinent, may also be subscribed without physical presence if the signature in said contract has been legitimised by notary.

Should the interested party wish, they may be accredited before Public Notary. In this case, it must be recorded in the document that the same is issued for the purpose of application for the certificate, and that the data relating to the identity of the applicant, to the constitution and legal personality of the organisation and to the extension and use of the faculties of representation or voluntary representation of the applicant have been reliably verified by virtue of public documents that serve to accredit the aforementioned points and their inscription in the corresponding public register if so required.

The original document will be sent to the Registration Authority, which will proceed with its verification and, where pertinent, issue the certificate.