Frequently Asked Questions

What is a digital certificate?

A digital certificate is an electronic "passport" that allows a person, computer or organization to exchange information securely. A digital certificate may also be referred to as a public key certificate. Just like a passport, a digital certificate provides identifying information, is forgery resistant and can be verified because it was issued by an official, trusted agency. The certificate contains the name of the certificate holder, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures) and the digital signature of the certificate-issuing authority (CA) so that a recipient can verify that the certificate is real.

What are certificates used for?

Certificates are used primarily to verify the identity of a person or device, authenticate a service, or encrypt files.
You can use Digital Signature Certificates for the following:
  • For sending and receiving digitally signed and encrypted emails .
  • For carrying out secure web-based transactions, or to identify other participants of web-based transactions.
  • In eTendering, eProcurement, Income Tax [for e-filling income tax returns] applications and also in many other applications.
  • For signing and verifying documents like Word,Excel,PDF,etc.
  • For signing and verifying executables (e.g. .exe) so that you can be sure the .exe you are attempting to run is from your trusted publisher
  • It plays a vital role in creating a paperless office

Why do I need digital certificates?

A digital certificate authenticates your identity electronically. It also provides you with a high level of security for your online transactions by ensuring absolute privacy of the information exchanged using a digital certificate. You can use certificates to encrypt information such that only the intended recipient can read it. You can digitally sign information to assure the recipient that it has not been changed in transit, and also verify your identity as the sender of the message

How does it work?

A Digital Signature Certificate explicitly associates the identity of an individual/device with a pair of electronic keys - public and private keys - and this association is endorsed by the CA. The certificate contains information about a user's identity (for example, their name, pincode, country, email address, the date the certificate was issued and the name of the Certifying Authority that issued it). These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes. The private key is stored on the user's computer hard disk or on an external device such as a token. The user retains control of the private key; it can only be used with the issued password. The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.

What is a digital signature?

A digital signature is an electronic form of a signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and also ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable and cannot be imitated by someone else. The ability to ensure that the original signed message arrived means that the sender cannot easily disclaim it later.

What is a crypto token or security token?

A security token (or sometimes a hardware token, authentication token, USB token, cryptographic token, software token, virtual token, or key fob) is a hardware device that an authorized user of computer services is given to ease authentication. Whenever you apply for a certificate, upon request, BPSCA may provide you a crypto token which will have your certificates stored. This token will be necessary for signing.