Frequently Asked Questions
- How do I get a Digital Signature Certificate?
- What is the function of the Root certificate?
- Where do I get Root CA Certificate?
- Is Root Certificate free?
- What are the different classes of Digital Certificates?
- Does a person require multiple Digital Signatures Certificates for different places or organizations?
- How does cross-border inter-operability work in relation to digital signatures?
- How often is auditing done? (Auditing Cycle Period)? Whether it is continuous process?
- What types of measures are being executed by Control Board for licensing a CA?
- Whether CPS differs for one CA to another CA?
- Can CA have sub CA?
- If a person is transferred from one post to another (say in govt. department), the digital signature will also change (yes/no)? Please explain?
- In what format the public key should be given to CA for certification?
- In paper world, date and the place where the paper has been signed is recorded and court proceedings are followed on that basis. What mechanism is being followed for dispute settlements in the case of digital signatures?
- What is the extent of liability of a CA in case of anti-national activities performed by a subscriber using digital signature and secure encrypted communication?
- One can sign a paper without the knowledge of a signer. Is it possible in digital signature also?
- Is there a "Specimen Digital Signature" like paper signature?
- Can digital signature be employed in wireless network?
- What is a Registration Authority (RA)?
- What is the difference between RA(Registration Authority) and CA(Certifying Authority)?
- What is Subscriber/ End User?
- If somebody uses others computer, instead of his own computer, then is there any possibility of threat to the security of the owners/users digital signature?
- Does Root CA enforce Disaster Recovery Centre for CAs?
- If CA is out of business then if the subscriber is told to move to another CA then the subscriber has to get a new digital certificate. What happens to his/her earlier transactions? Does this not create a legal and financial problem?
- What is a Digital Signature?
- What is a Digital Certificate (DC)?
- Why do I need a digital certificate?
- Where can I use digital certificates?
- How does a Digital Signature work?
- Are Digital Signatures legally valid in Myanmar?
- What is the difference between a Digital Signature and a Digital Certificate?
- What are personal certificates (individual certificates)?
- What is the difference between signing and encrypting an e-mail?
- Can I send a secure e-mail to someone who does not have a Digital Certificate?
- How do I know if the e-mail I have received is digitally signed or encrypted?
- Can I use one digital certificate for multiple e-mail addresses?
- Can digital signatures be used in wireless networks?
- I have purchased a Digital Certificate as an individual. Can I use it for my website?
- Am I allowed to use one web server certificate (SSL) for more than one website?
- Is the information contained in my Digital Certificate automatically sent to the websites I visit?
- What is a Root Certifying Authority (Root CA)?
- What is Certification Authority(CA)?
- Who are CAs in Myanmar?
- What is a CRL?
- What is a CP?
- What is CPS?
- What is ARL?
- Where can I download the subscribers certificates?
- What is Subscriber Agreement?
- How do I use Digital Certificate?
The National Root CA issues certificate only to Certifying Authorities. CAs issue Digital Certificate to subscribers. You can approach any one of the following CAs for getting Digital Certificate. The address and website addresses are given below.
1. Yatanarpon CA www.yatanarponca.com.mm
2. MOSS CA www.mossca.com.mm
The Root CA certificate is used to sign the public keys of the CAs in Myanmar. It is the highest level of certificate in Myanmar. The Root CA certificate is a self-signed certificate.
Root CA’s certificate can be downloaded from Root CA web site: www.rootca.org.mm/Download.aspx.
Yes, it is free and you can downloaded from Root CA website www.rootca.org.mm/Download.aspx.
There are four classes of digital certificate as the following:-
Class 0 Certificate: This certificate shall be issued only for demonstration/ test purposes.
Class 1 Certificate: Class 1 certificates shall be issued to individuals/private subscribers. These certificates will confirm that user’s name (or alias) and E-mail address from an unambiguous subject within the Certifying Authorities database.
Class 2 Certificate: These certificates will be issued for both business personnel and private individuals use. These certificates will confirm that the information in the application provided by the subscriber does not conflict with the information in well-recognized consumer databases.
Class 3 Certificate: This certificate will be issued to individuals as well as organizations. As these are high assurance certificates, primarily intended for e-commerce applications, they shall be issued to individuals only on their personal (physical) appearance before the Certifying Authorities.
It is not mandatory. However, certificates could be issued for different purposes to the same individual. e.g. by the bank where the individual has an account, by the government to the individual as a citizen etc.
Clearly, all certificates, not to mention technology applications, cannot and would not be issued by a single CA. Multiple CA's do and must exist. Inter operability between CAs- national and cross-border - has been addressed as Cross Certification. The arrangement for cross certification by the licensed CA with a foreign CA along with the application shall be submitted to Root CA, Myanmar. The licensed CA shall not commence cross certification operations unless it has obtained the written or digital signature approval from Root CA, Myanmar.
Yes, auditing is a continuous process. A team from the Electronic Transactions Control Board and Root CA audits the CAs once a year.
Detailed information, financial, technical and procedural is obtained from the CA as part of the application for license. These are examined and audited by the Electronic Transactions Control Board (Control Board). After the approval of the Electronic Transactions Central Body, the Control Board may issue the licence to operate as CA.
Yes.
No. All CAs must be granted license by Root CA, Myanmar.
Yes. If the content in the digital certificate need to be change, then a new certificate must be issued for that. Eg. On moving from one department to another, if the procedures in place so demand, then the existing certificate will be revoked and a new one issued. In any case, the digital signature generated is different each time, even if the same key has been used.
In PKCS #10 format.
Under the Electronic Transactions Law, 2004 Digital Signatures are at par with hand written signatures. The Electronic Transactions Central Body and the Electronic Transactions Control Board will settle the disputes arising from the use of digital certificates.
CA has no liability, since CA is only facilitating end-to-end secure communication using digital signature.
It depends upon the how the subscriber has kept his private keys. If private key is not stored securely, then it can be misused without the knowledge of the owner of the private key.
No. The Digital signature changes with content of the message.
Yes.
A RA (Registration Authority) is an agent of the Certifying Authority who collects the application forms and related documents for Digital Certificates, verifies the information submitted and approves or rejects the application.
Registration Authority means a person or an organization that is responsible for registration, identification and authentication of Certificate Applicants. (It means RA provides identification and authentication on behalf of CA.) CA issues digital certificate to subscribers only when the subscribers pass the identification and authentication by RA.
Subscriber (End User) means a person or an organization who is by any technologies identified as an authentic signer of an electronic signature. A subscriber will always have a digital signature certificate issued to him by a LCA. A subscriber is the entity named as the end-user subscriber of a certificate.
No, there is no threat to the security of the owner / users digital signature, if the private key lies on the e-token (smartcard /crypto token) and does not leave the e-token.
Yes, it is a mandatory requirement for all CAs.
Prior to cessation of operations the CA has to follow procedures as laid down by the Control Board. Such problems should not therefore exist.
A digital signature mimics in the virtual environment the function of a hand-written signature in printed documents. Information related to a unique user is encrypted in a private key that is appended to any message sent by this user. It authenticates the identity of the user and guarantees the integrity of the message.
A digital certificate is an electronic equivalent of an identification card such as a passport or driving license. It unequivocally establishes the identity of the user when exchanging information over the internet.
A Digital Certificate authenticates your identity electronically. It also provides you with a high level of security for your online transactions by ensuring absolute privacy of the information exchanged using a digital certificate. You can use certificates to encrypt information such that only the intended recipient can read it. You can digitally sign information to assure the recipient that it has not been changed in transit, and also verify your identity as the sender of the message.
You can use Digital Certificates for the following:
• For secure email and web-based transactions, or to identify other participants of web-based transactions.
• To prove ownership of a domain name and establish SSL / TLS encrypted secured sessions between your website and the user for web based transactions.
• As a developer, for proving authorship of a code and retaining integrity of the distributed software programs.
• For signing web forms, e-tendering documents, filing income tax returns, to access membership-based websites automatically without entering a user name and password etc.
A digital certificate explicitly associates the identity of an individual/device with a pair of electronic keys - public and private keys - and this association is endorsed by the CA. The certificate contains information about a user's identity (for example, their name, email address, the date the certificate was issued and the name of the Certifying Authority that issued it.).
These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes. The private key is stored on the user's computer hard disk or on an external device such as a smart card. The user retains control of the private key; it can only be used with the issued password.
The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.
Yes, the enactment of the Electronic Transactions Law 2004 in Myanmar, Digital Signatures are legally valid in Myanmar.
A digital signature is an electronic method of signing an electronic document whereas a Digital Certificate is a computer based record that
• Identifies the Certifying Authority issuing it
• Has the name or the identity of its subscriber
• Contains the subscriber's public key
• Is digitally signed by the Certifying Authority issuing it.
Personal certificates serve to identify a person. They can be used to secure e-mail correspondence or provide enhanced access control to sensitive or valuable information.
Signing an e-mail message means that you attach your Digital Certificate to it so that the recipient knows it came from you and was not tampered with en-route to their inbox. Signing authenticates a message, but it does not provide protection against third party monitoring.
Encrypting a message means scrambling it in such a way that only the designated recipients can unscramble it. This safeguards messages against monitoring or interception. In order to send a signed message, you must have a Digital Certificate. Since message encryption is done using specific keys available in the certificate, you cannot encrypt a message unless you possess the recipient's Digital Certificate.
You can digitally sign any e-mail as long as the recipient has an e-mail application, which supports S/MIME. However, you cannot encrypt a message, unless you have the recipient's Digital Certificate.
Microsoft Internet Explorer Users: Signed messages will be shown in the inbox (or any other folder) with a red ribbon on the envelope icon. Encrypted messages will show a padlock on the envelope icon.
Netscape Communicator Users: Any signed e-mail you receive will have a prominent icon in the upper-right corner of the message saying "signed" or "encrypted" or both. If you want more information about the security of a message, click on the Security button (padlock icon) above the message.
No, you cannot. A digital certificate e-mail address combination is unique.
Yes, digital signatures can be employed in wireless networks.
No, you cannot use a Digital Certificate that has been purchased by you as an individual for your website. A Digital Certificate meant for use by an individual is applicable to sending and receiving secure email and executing personal web-based transactions through web browsers. If you require a Digital Certificate for your website, you need to purchase one that is specific to the functionality of the web-based transactions handled on your website.
No. You will not be able to use one certificate on different websites because the certificate is explicitly associated with the exact host and domain name.
No, you control the presentation of your Digital Certificates to websites through the settings in your web browser.
To define whether or not you would like your Digital Certificate to be sent automatically to the websites you access, the set up procedure is as follows:
Microsoft Internet Explorer Users: Internet Explorer always asks you whether to send Digital Certificate information to any website requesting it, and allows you to choose which Digital Certificate to use (if you have more than one installed).
Root certification Authority is an entity officially designated under the Electronic Transactions Law, 2004 and by the Electronic Transactions Central Body to provide technical support to the Electronic Transactions Control Board (Control Board) with regard to electronic transactions inside the Union of Myanmar. Root Certification Authority (Root CA) is responsible for issuing, managing, revoking, renewing certificates to CA. Root CA is the most trusted CA. Myanmar Info-Tech Corp. Ltd is the National Root CA of Myanmar assigned by the Electronic Transactions Control Board.
Certification Authorities are organizations who has been granted licence (or) permission by the Central Body and can perform as a CA in Myanmar. CAs issue digital certificates to Subscribers. CA's may be a person or an organization.
Licenced local CAs inside the country provide service to End User Subscribers (End User) and Relying Parties in accordance with stipulations of CPS.
There are two CA in Myanmar. Yatanarpon CA(www.yatanarponca.com.mm) and MOSS CA (www.mossca.com.mm).
The Certificate Revocation List (CRL) is a list of certificates that have been revoked by the CA, and are therefore no longer valid.
Certifying Authorities issue Digital Certificates that are appropriate to specific purposes or applications. A Certificate Policy (CP) describes the different classes of certificates issued by the CA, the procedures governing their issuance and revocation and terms of usage of such certificates, besides information regarding the rules governing the different uses of these certificates. General CP framework is given by the Control Board.
Certification Practice Statement (CPS) means a statement of the practices that a Certificate Authority employs in issuing certificates.
Authority Revocation List (ARL) means a periodically issued List (time stamping list) issued and digitally signed by the Root CA of identified Certificates that have been revoked, and published in the National Repository for publicly accessible.
You can download subscriber certificates issued by CAs from the National Repository of Root CA web site: www.rootca.org.mm/certificates.aspx.
A Subscriber Agreement is an agreement between Subscriber and a CA stating that the subscriber will use the Digital Certificate for the assigned use or objective and that the subscriber is solely responsible for the protection of the private key and ensuring functionality of the unique key pair. The subscriber also agrees through the Subscriber Agreement that all the information provided to the CA at the time of registration is accurate. In the event of any change in information, the subscriber is obliged to immediately inform CA.
When you receive digitally signed messages, you can verify the signer's Digital signature to determine that no forgery or false representation has occurred.
When you send messages, you can sign the messages and enclose your Digital certificate to assure the recipient of the message that the message was actually sent by you. Multiple Digital Certificates can be enclosed with a message, forming a hierarchical chain, wherein one Digital Certificate testifies to the authenticity of the previous Digital Certificate. At the end of a PKI hierarchy is a top-level Certification Authority called Root CA, which is trusted without a Digital Certificate from any other Certification Authority. The public key of the top-level Certification Authority must be independently known, for example by being widely published. The more familiar you are to the recipient of the message, the less need there is to enclose Digital Certificate.
You can also use a Digital Certificate to identify yourself to secure servers such as membership-based web servers. This is called authentication. Generally, once you've obtained a Digital Certificate, you can set up your security-enhanced web or E-mail application to use the Digital Certificate automatically.
Back