Things businesses in Vietnam must know when using digital certificates

1. What is a digital certificate?

According to Clause 7 Article 3 of Decree No. 130/2018/NÐ-CP of Vietnam’s Government on guidelines for the Law on E-Transactions of Vietnam of digital signatures and digital signature authentication, "digital certificate" means a form of electronic certificate granted by a certification authority to provide identity for the public key of an entity to certify that such entity is the signer of digital signature by using corresponding private key.

To better understand this term, Article 3 of Decree No. 130/2018/NÐ-CP also details the following terms:

- "Key" means a string of binary digits (0 and 1) used in the cryptographic system.

- "Private Key" means a key in the key pair of the asymmetric cryptography, used to create digital signatures.

- "Public key" means a key in the key pair of the asymmetric cryptography, used to verify digital signatures created by the corresponding private key in the key pair.

- "Digital signature" means a form of electronic signature created by the transformation of a data message using an asymmetric cryptography in which those who have initial data messages and the public key of the signer can be determined exactly: the above transformation is created by the correct private key corresponding to public key in the same key pair; the integrity of the content of data messages since the implementation of the mentioned above transformation.

Thus, the concept of digital certificates has been specified in the current legal documents.

2. The contents of digital certificates

According to Article 5 of Decree No. 130/2018/NÐ-CP of Vietnam’s Government, a digital certificate issued shall contain the following contents:

- Name of the certification authority.

- Name of the subscriber.

- Serial number of the digital certificate.

- Validity period of the digital certificate.

- Public key of the subscriber.

- The digital signature of the certification authority.

- Restrictions on purposes and scope of use of the digital certificate.

- Restrictions on legal liability of the certification authority.

- Cryptography algorithm.

- Other necessary contents as prescribed by the Ministry of Information and Communications.

Only when the digital certificate fully meets the above requirements, it will be legally valid when used.

3. Entities entitled to issue, the right to be issued digital certificates?

According to Article 5 of Decree No. 130/2018/NÐ-CP of Vietnam’s Government, units competent to issue digital certificates include:

- Root Certification Authority;

- Public certification authority;

- Specialized certification authority of the Government;

- Specialized certification authority of agencies or organizations.

Besides, Article 6 of Decree No. 130/2018/NÐ-CP of Vietnam’s Government also stipulates that every agency and organizations, state titles, competent persons of agencies and organizations under the provisions of law on the management and use of seals are entitled to be granted digital certificates of value.

It can be seen that, in essence, the subject of a digital certificate is the agency, organization or individual that owns and uses the digital certificate. For a digital certificate issuer, it is only a unit that creates a digital certificate to provide to users and is not a digital certificate holder.

4. Distinguish between digital certificates and digital signatures

Article 3 of Decree No. 130/2018/NÐ-CP of Vietnam’s Government has specified the terms of digital certificates and digital signatures, which are completely different.

In fact, a digital signature is a device that encrypts all data and information of an enterprise used to sign instead of signatures on documents and digital documents performed in electronic transactions over the internet. The supplier will issue a digital certificate to the business unit first and then issue a digital signature later.

It is understandable that when buying a digital signature from a digital signature service provider, a business will be granted a TOKEN and a digital certificate; where TOKEN is just an empty USB; only after the digital signature service provider loads information about the business into TOKEN and generates a key pair consisting of a private key and a public key (a private key to perform digital signing, a public key to help identify the Digital Signature) or is granted a digital certificate, can digital signing be performed.

Le Vy

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE