Download Installers
Signature Capability Verification
Guides and Manuals

What is Digital Signature?

It is a method that binds one citizen’s identity with a digital message or document, to uniquely identify its author, and ensure its integrity. One document’s digital signature is the result of applying mathematical algorithms to its contents, which produce a binary sequence that could only be created by the owner of the digital certificate.

Digital signatures are based on the cryptographical concepts of asymmetric encryption and public/private key cypher systems, which can be defined as follows:

Asymmetric Encryption: an encryption method that cyphers using a key completely different to that used to uncypher. The strength of this method resides in that: (a) it is extraordilarily difficult* to compute one key from the other one, and (b) it is extraordinarily difficult to produce a key from encrypted data.

Public/private key: the private key is known only by the person who signs, whilst the public key gets to be known by everybody (it is usual to publish it). Not only is it safe to publish it, but in certain situations it may be necessary.

The digital signature uses the previously mentioned method to generate a hash that uniquely correesponds to both the document that is being protected and the citizen's private key. Since everybody has access to you public key, that means any person can verify the document's hash and rest assured that you were the person who actually signed it.

* (By extraordinarily difficult we refer to operations that might take millions of years to complete with the computational power available today).

To verify a digital signature, it is necessary to also ensure the validity of the digital certificate itself, its current status (is it revoked? has it expired?), and that the usage that has been granted to the certificate is appropriate for the functionality being requested (signature, non-repudiation).

The term non-repudiation refers to the fact that one person cannot repudiate (or deny) the validity of a contract which she/he produced (for example, deny that a signature made by her/his own hand is hers/his). In particular, for digital signatures, this term means that a person cannot argue that she/he didn't digitally sign the document while also saying that her/his private key is still a secret. This term stresses the importance that you do not reveal you private key, and protect its safety with extreme care.

To digitally sign a document, you must possess a digital certificate issued by a registered Certification Authority, which must be securely stored in a FIPS level 2-compliant smart card. These smartcards protect your secret private key.

The following diagram illustrates how the process of signing digitally a document works, and how verifications are made:

howto digital sign

To digitally sign a document:

  • The original document is processed to obtain a hash (it's similar to a summary of the document. If the document changes even by one byte, the resulting hash will be completely different).
  • The hash is encrypted using the signer's private key (this is called document signature).
  • Both the signature and the public key are attached to the original document (so anybody can test the validity of the signature).

To verify the signature:

  • From the signed document, the original document is extracted. The same hash function is applied to obtain the hash.
  • Also, from the signed document, the document signature and the signer's public key are extracted.
  • The document signature is decrypted using the signer's public key. This produces a second hash.
  • Next step is to compare the hashes from steps 1 and 3. If they match, then the signature is valid.

Also, this process must successfully validate that the person's certificate is trustworthy. To ensure this, we make sure that:

  • The certificate that was used allows for digital signature and non-repudiation.
  • The certificate has not expired.
  • The certificate hasn't been revoked.
  • The certificate was issued by a trusted and reknown certification authority.
  • That the information inside the certificate complies with the policies issued by the certification authority.

The Central Bank of Costa Rica successfully completed a process of change in the issuance of digital signature certificates that improve safety, increase the life of the certificates, can have more than one certificate and their respective card per person and also reduced airtime and delivery thereof.

Using the digital signature prevents the owner will have to physically sign documents or request services, which saves you money and reduces time in the execution of procedures.

On improving security, this was consolidated as of June 20 when all digital signature certificates began to be issued using more robust encryption algorithms based on the SHA-2 family, which provide improved security and get it card issuing digital signature in our country is level with the highest international standards, without this meaning that the cards issued before that date are unsafe.

We are doubling the life of the certificates we issue, from 2 to 4 years, this represents a significant improvement for people decreasing the number of times to be submitted to a station office for their ability to authentication and signature. Also, thanks to software changes and emission processes we reduced the time to have the cards digital signature within 15 minutes, which also optimizes the emissivity of each issuing office and therefore the system as a whole.

Thanks to the policy change digital signature issued by the MICITT and infrastructure preparation emission BCCR, people who so wish can get the amount of cards digital signature they deem necessary for their personal or business procedures.

In addition to these improvements, we put into operation the service of issuing digital signature certificates for legal persons (companies and institutions), so that a legal person interested in obtaining one of these certificates can from and apply to e cos@bccr.fi .cr Operations Center SINPE.

To date, we have issued approximately 160,000 digital signature certificates that Costa Ricans can use in more than 60 institutions, public, banking and trade that have available more than 100 services that make use of this important tool.

With these changes the Central Bank of Costa Rica supports the Presidential Directive No. 67-MICITT-H-MEIC “Overcrowding of implementation and use of Digital Signature in the Costa Rican Public Sector” and also the guidelines for client authentication and authorization transactions in electronic channels, recently issued by the Superintendent of Financial Institutions, according SUGEF18-16: “Regulation on operational risk management.” Both regulations recognize the right of citizens to obtain government services and financial institutions electronically, by accessing them directly from your home or office, reducing them risks and costs and thus contribute to improving their quality of life.

Sincerely,

Carlos Melegatti S., director

PAYMENT SYSTEMS DIVISION

Where can you obtain your digital signature?

There are many registry offices where you can get your Digital Signature. For more details, please visit the Official List of Registry Offices of the Central Bank of Costa Rica

See List
Important Announcement

Dear user, we remind you that for your security the Digital Signature Support Center does not request your smart card PIN or information related to your bank accounts or credit cards.

The only page authorized to provide Digital Signature support is: www.soportefirmadigital.com

Let's protect ourselves from Phishing!