What is a digital signature certificate and how do I choose one?

It's hard to avoid it: online exchanges have become the norm in the business world, whatever the size of the company. As in many sectors, the COVID-19 crisis and the advent of telecommuting have changed the way things are done, allowing electronic signatures to become part of the daily routine for many employees. Guaranteeing the security and authenticity of documents has become a top priority, all the more so for exchanges such as online transactions, digital contracts and other official documents. 

In this context, the digital signature certificate is key. This certificate both authenticates the identity of signatories and guarantees the integrity of digital documents. 

And when it comes to security, it's best to understand the tools we're talking about: in this article, we explain when, how and why to use an electronic signature certificate.

 

What is an electronic signature certificate?

Definition of an electronic signature certificate

An electronic signature certificate is used to authenticate the identity of a natural or legal person. It forms the basis of the electronic signature process and determines its validity, reliability and level of security.

Simply put, a digital certificate is yourdigital identity cardwhile theelectronic signature tool is the electronic "pen". In an electronic signature process, it is the certificate that verifies identity.

It is issued by a Certification Authority.

 

How an electronic signature certificate works

A digital certificate uses asymmetric cryptography, two words that may sound frightening, but can be simplified. This process uses :

• A private key This key, personal to the signatory, encrypts the document's unique fingerprint (and not the document itself). The result of this operation is attached to the document as an electronic signature.
• A public key On receipt of the signed document, the recipient uses the public key to decrypt the signature, which produces a fingerprint. If the fingerprint matches that of the document, this confirms the authenticity of the signature. Any change in the document after it has been signed would result in an inconsistency between the fingerprint deduced from the signature and that of the document, thus indicating its tampering.

-

When do I need an electronic signature certificate?

Usage depends on the level of security required

There are several levels of electronic signature security defined by the European eIDAS regulation :

• Simple, 
• Advanced, 
• Advanced based on a qualified electronic signature certificate, 
• Qualified. 

This regulation does not specify the technologies to be used, but lays down general security and authenticity criteria. For simple and advanced signatures, it is recommended to follow "best practices", i.e. tried and tested methods.

Here is a summary table to help you understand which level of security is right for you:

 

To help you choose a solution, the European Commission provides you with the list of qualified trust service providers in accordance with the eIDAS regulation.

💡Good to know: In France, Certification Authorities also rely on the General Security Repository (RGS) to assign each signature a certification quality level. For digital signature certificates, the RGS is divided into two levels: elementary (RGS*) and standard (RGS**). To take part in public tenders, for example, you need at least an RGS** digital signature certificate or an eIDAS-qualified digital certificate.

 

Digital signature certificate: why is it necessary?

Digital signature certificates offer many advantages:

• They enhance the security of digital documents and help to against forgery and fraud if the document sent to you has been damaged since the first signature, you will be informed of this as the second signatory (for example, by a message from the signing software).
• They enable the eIDAS qualified signature to have a legal legal value equivalent to that of a handwritten signature.
• Lhe identity of contractors is guaranteed by the registration authority.
• After signing, the signatory cannot deny having done so, which offers additional legal security. This is the principle of non-repudiation, applicable thanks to the GCU (General Conditions of Use) of your digital certificate supplier and your electronic signature provider. In the CGU, you contractually undertake not to disclose to anyone the code enabling you to sign electronically. If you do, you will still (and always) be considered the signatory.

 

How do I obtain an electronic signature certificate?

How and from whom can you choose the right certificate for your company?

You must first ensure that : 

• Analyze your specific needs to find out what level of security is required,
• Choose the right certification authority to supply your certificate*,
• Check that the certificate issued complies with current standards and regulations.

*Once chosen, the certification authority, a private or public service provider, produces and issues digital certificates after verifying the identity of the signatory. 

The degree of verification depends on the level of security required: in some cases, a copy of an identity document will suffice, in others, a physical meeting will be necessary, etc.).

 

The benefits of Lex Entreprise

Lex Entreprise is an electronic signature tool developed by Lex Persona. Our tool has been designed to adapt to all certificates, whatever their security level. 

Our corporate solution allows you to : 

• A electronic signature integration to your existing processes and business applications, facilitated by a free API.
• A unique user experienceYour customers feel as if they are signing on your platform. Your customers feel like they're signing on to your platform. The absence of any change of interlocutor in the user journey reinforces your brand.
• D'avoid having to multiply signature toolsLex Entreprise accepts 2 types of electronic signature certificates (on physical media or generated on the fly), unlike most electronic signature tools. Lex Entreprise adapts to all uses and meets all levels of signature security.
• Benefit from the highest level of legal certaintycombined with ease of use thanks to a qualified remote electronic signature, based onIdentité Numérique La Poste authentication.

 

Conclusion

No need to choose between ease of use and legal security with Lex Entreprise, France's first sovereign solution for remote eIDAS-qualified electronic signatures. 

Lex Entreprise offers you a reliable and secure electronic signatureLex Entreprise offers you a reliable, secure electronic signature that adapts to all business sectors and uses, to simplify your business exchanges (with suppliers, customers, employees, etc.).

Contact us

Recommended items

---

eIDAS V2 regulation: advances and challenges for companies operating in the European Union

Experts opinion

What is the legal value of a scanned signature?

NewsExpert opinion

How do I sign a PDF without printing it?

Experts opinion

Word electronic signature: the benefits of dedicated software

Experts opinion

Digital signatures: 5 concrete benefits for your employees

Experts opinion

Electronic stamping: the dematerialized alternative to company stamps

Experts opinion