Using a Digital Certificate or Digital Signature

A digital certificate can be thought of as the electronic equivalent of a passport, in that it establishes your identity and legitimacy when corresponding or transacting over the Internet. Your identity is proven by means of a “public key”, essentially a code which is unique to you, which can also be used to encrypt email messages or documents in order to keep them confidential as they travel across the Internet. Your certificate also contains a “private key” which only you have access to, for decoding messages. The certificate exists as a small software file which is stored on your computer or on a USB key.

Digital certificates are issued by a Certification Authority, who will verify your personal identity and the legitimacy of your business before a certificate is issued. The CA will normally make a public statement called a Certificate Policy, which can often be found on their website, to tell third parties who may wish to rely on the certificates how rigorous this verification process is. Verification procedures can vary from checking publicly available databases, for example the Electoral Roll, to a face-to-face registration in which the applicant must produce documentation proving their identity. In theory anyone can generate their own certificates, but they would be of little value in establishing identity as it is this independent verification which gives your potential business contacts confidence in relying on the certificate. For this reason you should beware of certificates which have been issued on the basis of minimal information (a name and email address, for example) as they carry little or no assurance of the holder’s identity.

What would I use a digital certificate for?

• Encryption: “encoding” an email or document so that only the intended recipient can read its contents. This also ensures that the contents have not been tampered with in transit across the internet.



• Identity verification: as above, when dealing with a business contact or customer over the internet, including a digital signature helps to give them confidence that they are dealing with a legitimate businessperson rather than a fraudster with a fake identity. The same feature means that digital certificates are often used as a more secure alternative to a password when giving access to data or systems over the internet.



• “non-repudiation”: a document or email signed using a digital signature has the same standing in law as one with a physical signature, so can for example remove the need for tenders or contracts to be physically printed out, signed and couriered to the recipient.

How would I use it?
Many of the above functions rely on the software application concerned being enabled to accept and work with certificates. For example, Microsoft Outlook and most other major email clients are already set up to use certificates with email – if you receive a digitally signed email, simply by adding the sender to your contacts you will capture their public key and be able to encrypt future messages, and there are buttons on your toolbar for digital signing and encryption. If you wish to digitally sign a document, you will need to use a format that support this, such as Adobe Acrobat. Some online Government applications, such as the Government Gateway, also accept digital certificates.

Where can I get a certificate?
The British Chambers of Commerce have their own digital certificate service, SimplySign, where a certificate costs £25 + VAT following an online registration process and the submission of just one signed document which is supplied to you during the registration. Your personal and business information is then verified remotely, and you are sent a link by email to download your certificate. To purchase a SimplySign certificate, or for more information, go to www.simplysign.co.uk.