To verify an electronic signature, the verifier must have access to the signer’s public key and have assurance that it corresponds to the signer’s private key. However, a public and private key pair has no intrinsic association with any person; it is simply a pair of numbers. Some convincing strategy is necessary to reliably associate a particular person or entity to the key pair.
To associate a key pair with a prospective signer, a certification authority (using public key infrastructure ) issues a certificate, an electronic record which lists a public key as the “subject” of the certificate, and confirms that the prospective signer identified in the certificate holds the corresponding private key.
The following figure shows the structure of a digital certificate.
Different classes of certificates can be purchased that correspond to the level of checks made. There are 4 general classes of certificate:
Level 1 certificates: offer the lowest level of assurances and can be easily acquired. They are individual Certificates, whose validation procedures are based on assurances that the Subscriber’s distinguished name is unique and unambiguous within the Certification Authority’s Subdomain and that a certain e-mail address is associated with a public key. They are appropriate for digital signatures, encryption, and access control for non-commercial or low-value transactions where proof of identity is unnecessary.
Level 2 certificates: require additional personal information to be supplied and offer a medium level of assurances in comparison with the other classes.
Level 3 certificates: may be used for digital signatures, encryption, and access control, including as proof of identity, in high-value transactions. Class 3 individual Certificates provide assurances of the identity of the Subscriber based on the personal (physical) presence of the Subscriber before a person that confirms the identity of the Subscriber using, at a minimum, a well-recognized form of government-issued identification and one other identification credential.
A 4th class (Qualified certificates), like the ones automatically provided with the electronic ID card, is used for very high quality signatures.