Cryptographic devices

Cryptographic devices- certSIGN

Cryptographic devices

Within the PKI architecture, users authenticate using cryptographic devices such as an USB token. It contains a cryptographic chip enabling keys generation and cryptographic algorithms implementation (RSA, DES, 3-DES and SHA1).

Tokens are positively necessary to obtain and use the qualified certificates, the ones destined to code signing and those for trusted encryption. Such devices have small dimensions and may stay in the pocket or attached as an ornament to the house or car keys.

Smartcard

certSIGN recommends the SafeNet 330 smartcard

This type of smartcard is provided with software and hardware protection against the cryptographic attacks called „differential power” and „timing attacks”.

Features:

ISO 7816 compliant format;
SCCOS operation system;
32K EEPROM memory for a safe storage of the keys, passwords, certificates and data in general;
DES processor for symmetrical encryption.

Cryptographic functions:

DSA (1024-bits) keys generation;
RSA (1024-bits and 2048-bits) keys generation;
RSA algorithm for the electronic signature;
DSA algorithm for the electronic signature;
RSA algorithm for key exchange;
Diffie-Hellman key exchange;
SHA-1 algorithm;
DES/3DES algorithm for encryption/decryption;

A smartcard is a plastic card similar to a credit card, with an embedded cryptographic chip.

The Smartcard needs a reader that connects to the USB ports, serial or PCMCIA. There are keyboards and laptops with embedded reader. The reader has to observe the PC/SC standard.

USB Token

It offers a higher degree of autonomy. The necessity of a reader is eliminated, as it integrates both the cryptographic processor and the reader.

First Name *

Last Name *

Phone Nr. *

E-mail Address *

Subject *

Subject details *

Detalii OS

Operating Sistem *

WindowsMac

Certificate Type *

TokenCloud

Detalii Semnatura

Owner's Phone Nr. * Fill in the telephone number at which the certificate holder can be contacted.

Owner's E-mail Address * Fill in the email address for which the certificate for which you are requesting support was issued.

Attach documents

Add file

*Accepted file types: pdf, jpg and png. Maximum size: 5mb

Message * Describe the situation in as much detail as possible. Minimum 50 characters.

Ticket Number

Here honey

Fields marked with * are required

Detalii Politica si Newsletter

I have taken note of the information contained in “Privacy Policy*”. I agree to the processing of my personal data for marketing purposes in accordance with the “Privacy Policy”.

READ the information presented in relation to the topic you are interested in or SEARCH the information you need on the website.

Details related to the electronic signature are available on the page with Answers to the most frequently asked questions of customers.

Quickly, useful information can be found about obtaining the confirmation document, costs, online purchase, video identification, renewal, installation and use:

When you receive the invoice, after purchasing a digital certificate for electronic signature
Numerous details are presented related to:

To use the certSIGN certificate for electronic signature in the Virtual Private Space (SPV) platform, we recommend following the instructions provided by ANAF for registration in the SPV.

To access the Virtual Private Space (VPS), the qualified certificate issued by certSIGN must be registered with the VPS by completing the requested information in the ANAF-SPV platform and uploading the requested documents, including the confirmation document countersigned by certSIGN at the address: https://www.anaf.ro/InregPersFizicePublic/#tabs-2 .

To obtain the confirmation document, follow one of these tutorials , depending on the type of signature you have:

tutorial for obtaining the confirmation document if you have an Electronic Signature with a certificate stored on TOKEN;
tutorial for obtaining the confirmation document if you have an Electronic Signature with a certificate stored in the CLOUD.

The electronic signature is performed using a qualified digital certificate stored in the CLOUD, and to use the certificate in the CLOUD , the usage mechanism must first be configured.

After the video identification session has been accepted, the configurations prior to issuing the certificate can be performed, going through them in this order, stages:

Configure the signature authorization mechanism according to the instructions in the email “paperLESS : Configure authorization mechanism”:

Check the email address declared when purchasing the certificate and follow the instructions received;
Install one of the free authorization apps Microsoft Authenticator or Google Authenticator on your phone , from Google Play or the App Store;
Associates the signature authorization application with the holder’s cloud account;

Activate the cloud account according to the instructions in the “paperLESS email webSIGN : Account creation invitation”

Check the email address declared when purchasing the certificate and follow the instructions received;
Complete and validate the phone number associated with the account on the cloud platform ;
Set the cloud account password .

Issuance of the certificate it is done when you first log in to your cloud account. On the page that opens Enter the authorization code generated by the application on your phone.

Placing an order to extend the validity of the certificate ensures: low costs, simple and fast process, 100% online, procedure under the exclusive control of the holder, retention of the current device (TOKEN) and retention of the PIN.

The only condition that must be met to extend the validity of the signature certificate is that the current certificate is within the validity period at the time of placing the extension order. To place the extension order, authentication in the certSIGN platform is required startrekey.certsign.ro, and authentication can only be done based on the current certificate.

If the current certificate has expired, Renewal is no longer possible and a new electronic signature certificate must be purchased. We recommend accessing the certSIGN platform to purchase qualified TOKEN certificates and following the indicated steps.

certSIGN sends, to the email address in the certificate, the procedure for renewing the certificate 45 days before the expiration of the current certificate. If the procedure has not yet been followed, with 15 days before the certificate expires, certSIGN resends the renewal information email. Late submission of the request does not guarantee online renewal of the certificate.

Placing an order to extend the validity of the certificate ensures: low costs, simple and fast process, 100% online, procedure under the exclusive control of the holder, keeping the current webSIGN account and maintaining the authentication method.

The only condition that must be met for the online extension of the validity of the signature certificate (renewal) is that the current certificate must be within the validity period at the time of placing the extension order. The extension order is placed directly from the certSIGN websign.ro platform .

If the current certificate has expired, Renewal is no longer possible and a new certificate for electronic signature in CLOUD must be purchased. We recommend accessing the certSIGN platform for purchasing qualified certificates in the CLOUD and following the indicated steps.

certSIGN sends, to the email address in the certificate, the procedure for renewing the certificate 45 days before the expiration of the current certificate. If the procedure has not yet been followed, with 15 days before the certificate expires, certSIGN resends the renewal information email. Late submission of the application does not guarantee online renewal of the certificate.

webSIGN signing platform, during the 45 days before the expiration of the current certificate, a banner will be displayed with information regarding the deadline for certificate renewal. This banner will disappear after submitting the renewal request.

Start the process from the information displayed;
Choose the validity period for the new certificate: 1, 2 or 3 years;
Read the information on the page and check the agreement;
Pay online for the selected product;
Fill in the required data in the next step;
Upload and send a copy of your ID;
Click the Register button, accept the General Terms and Conditions;
Sign the request for the new certificate using the authorization code from the authorization application installed on your phone .

The certificate request generation stage is completed when the message “Request submitted for approval” is displayed in the cloud platform.

After validating the request, 3 days before the current certificate expires, certSIGN will automatically issue the new certificate. Regardless of the date the extension order is placed, the validity period of the new certificate will begin 3 days before the current certificate expires. After the new certificate is issued, the webSIGN platform can continue to be used for signing documents in the cloud , for the entire duration of the new validity period.

The only condition that must be met for the extension of the validity of the signature certificate (renewal) is that the current certificate must be within the validity period at the time of placing the extension order. The extension order is placed directly from the certSIGN websign.ro platform .

If the current certificate has expired, Renewal can no longer be made and a new certificate for electronic signature in CLOUD is required. We recommend accessing the certSIGN platform to purchase qualified certificates in CLOUD and following the indicated steps.

certSIGN sends, to the email address in the certificate, the procedure for renewing the certificate 45 days before the expiration of the current certificate. If the procedure has not yet been followed, with 15 days before the certificate expires, certSIGN resends the renewal information email. Late submission of the request does not guarantee online renewal of the certificate.

Placing an online order to extend the validity ensures: low costs, simple and fast process, 100% online, procedure under the exclusive control of the holder, retention of the current device (TOKEN) and retention of the PIN.

The only condition that must be met for the extension of the validity of the signature certificate (renewal) is that The current certificate must be within the validity period at the time of placing the extension order. Authentication is required in the certSIGN platform startrekey.certsign.ro, and authentication can only be done based on the current qualified certificate.

To the e-mail address in the certificate, certSIGN sends the procedure for renewing the certificate, 45 days before the current certificate expires. If the procedure has not yet been followed, 15 days before the certificate expires, certSIGN resends the renewal information e-mail.

Late submission of the application does not guarantee online renewal of the certificate.

the validity period has been exceeded , the current certificate can no longer be renewed and a new electronic signature certificate must be purchased. We recommend accessing certSIGN platform for the acquisition of qualified certificates on TOKEN and following the indicated steps.

The online certificate renewal procedure has three stages:

validity extension on the startrekey.certsign.ro platform – can be done at any time, no later than 3 days before the expiration of the current certificate;
generating the certificate request with the certSIGN Enroll application – can be done at any time, no later than 3 days before the expiration of the current certificate;
uploading the new certificate to TOKEN using the certSIGN Enroll application – the new certificate is issued 3 days before the expiration of the current certificate for which the renewal is being made.

Regardless of the date the renewal order is placed, the validity period of the new certificate will begin 3 days before the current certificate expires. Please note that after renewal, it is NOT necessary to replace the current TOKEN. When uploading the new certificate to the TOKEN, the old certificate will be deleted.

It is necessary to redo enrollments/renewals in the platforms of the institutions where you will use the new certificate , such as: ANAF, CNAS, UNNPR, etc.

Check what solution exists if you are in one of the situations encountered by other customers regarding obtaining the confirmation document.

We remind you, the document is obtained simply and quickly. from the certSIGN confirmation platform. Repeat it as many times as necessary. You only need your qualified digital certificate for electronic signature.

You have a certificate in CLOUD and you receive an error when authenticating in the certSIGN confirmation platform
- SOLUTION: Close the browser and the paperLESS app vTOKEN and repeat the procedure . Reopen the paperLESS app vTOKEN , then open the confirmation platform and choose Certificate Authentication. The authorization code must be entered as quickly as possible . The code is generated by the authorization application installed on the phone.
Error opening document
- SOLUTION: The pre-filled confirmation document is automatically saved to your computer’s downloads folder . Open the document from the folder where it was saved. Use only Adobe Reader.
You can’t find the pre-filled document file on your computer
- SOLUTION: The downloaded file is named firstname_lastname .pdf (example: mihai_ionescu.pdf). Search your computer for a file with this name.
The document does not include the certSIGN signature.
- SOLUTION: Restart the procedure and carefully follow all the steps in the platform. After you have signed the document, it must be uploaded again to the platform to be automatically countersigned by certSIGN. After signing, you will receive the message “Download the processed document”. Open the processed document only with the Adobe Reader application.
You cannot find the file with the confirmation document processed by certSIGN on your computer.
- SOLUTION: The processed (countersigned) confirmation document is automatically saved in the downloads folder on your computer under the name confirmare.pdf. Search your computer for a file with this name.
The document you signed is not accepted in the confirmation platform because it contains changes.
- SOLUTION: Resume the procedure without making any changes to the information in the pre-filled document. The document contains the exact data of the certSIGN digital certificate with which you are authenticated in the confirmation platform. The information is automatically verified and no changes are accepted.
The document contains changes and is not accepted for upload to ANAF.
- SOLUTION: Resume downloading the document countersigned by certSIGN and do not modify it after downloading. ANAF accepts the document only if it has NOT been modified in any way , and saving it is considered a modification.
The certSIGN confirmation platform page was closed before obtaining the document
- SOLUTION: Restart the procedure, starting with authentication with the digital certificate in the certSIGN confirmation platform, and go through the steps again until obtaining the confirmation document automatically countersigned by certSIGN.

The acquisition of the certSIGN Kit for electronic signature from the SICAP catalog can be done by following the steps in this order :

After logging into your SICAP account, initiate the purchase for the Electronic Signature Kit from the SICAP catalog.
- Choose the certificate depending on the validity period: 1, 2 or 3 years;
- Fill in the data for issuing the certificate.
Complete the purchase from the catalog;
instructions regarding the issuance of the certificate, the proforma and the documents necessary for issuance to the email address communicated in SICAP.
Print and send the documents according to the instructions in the email;
The certificate holder must follow the instructions described in the email and appear in person at the certSIGN headquarters in Bucharest or at one of the certSIGN representatives with:
- the original identity document;
- documents received by email (printed).

If the holder cannot appear in person at a certSIGN partner, the documents can be sent by courier/post to the certSIGN headquarters. The documents must be accompanied by the “Affidavit” authenticated by a notary or certified by a lawyer.

certSIGN headquarters address: Tudor Vladimirescu Boulevard, no. 29A, Sector 5, Bucharest, AFI TECH PARK 1 building, 2nd floor.

cerSIGN will issue the certificate within 5 business days of receiving the documents in the correct and complete format. The Signature Kit will be delivered by courier to the address specified upon purchase.

The tax invoice will be sent after the certificate is issued and will have a 30-day payment deadline.

In the SICAP catalog, the products are found as follows:

Electronic signature kit with 1 year validity
- Reference number: K1
- CPV code and name: 79132100-9 – Electronic signature certification services (Rev.2)
Electronic signature kit with 2 years validity
- Reference number: K2
- CPV code and name: 79132100-9 – Electronic signature certification services (Rev.2)
Electronic electronic signature kit with 3 years validity
- Reference number: K3
- CPV code and name: 79132100-9 – Electronic signature certification services (Rev.2)

The acquisition of the certSIGN certificate in CLOUD for electronic signature from the SICAP catalog can be done by following the steps in this order :

After logging into your SICAP account, initiate the purchase for paperLESS Remote Electronic Signature from the SICAP catalog.
- Choose the certificate depending on the validity period: 1, 2 or 3 years;
- Fill in the data for issuing the certificate.
Complete the purchase from the catalog;
Instructions regarding the issuance of the certificate, the proforma and the documents necessary for issuance to the email address communicated in SICAP.
Print and send the documents according to the instructions in the email;
The certificate holder must follow the instructions described in the email and appear in person at the certSIGN headquarters in Bucharest or at one of the certSIGN representatives with:

- the original identity document;
- documents received by email (printed).

certSIGN headquarters address: Tudor Vladimirescu Boulevard, no. 29A, Sector 5, Bucharest, AFI TECH PARK 1 building, 2nd floor.

After receiving the documents in the correct and complete format , within a maximum of 5 working days, certSIGN will send two invitations to the holder’s email address:
- for configuring the authorization mechanism;
- paperLESS signing platform webSIGN and downloading the virtual token application , paperLESS vTOKEN (included for free in the package).

The digital certificate will be issued automatically upon first entering an authorization code, after authenticating in the cloud platform account. paperLESS webSIGN .

The tax invoice will be sent after the certificate is issued and will have a 30-day payment deadline.

In the SICAP catalog, the products are found as follows:

Remote electronic signature paperLESS 1
- Reference number: W_1
- CPV code and name: 79132100-9 – Electronic signature certification services (Rev.2)
Remote electronic signature paperLESS 2
- Reference number: W_2
- CPV code and name: 79132100-9 – Electronic signature certification services (Rev.2)
Remote electronic signature paperLESS 3
- Reference number: W_3
- CPV code and name: 79132100-9 – Electronic signature certification services (Rev.2)

The electronic signature is made using the qualified digital certificate stored on the TOKEN and, to use the certificate, the token management application must be installed on the computer.

So, if this is the first time you use the TOKEN on this computer:

Choose the application version appropriate to the TOKEN type, from the Support/Token Installation section of the certSIGN website;
With the TOKEN disconnected from the computer, install the latest version of the device management application on the computer;
After installation, connect the TOKEN . To use it, you need to know the PIN code.

The PIN code is transmitted using one of two options:

electronic document generous by the certificate holder , in pdf format , after receiving the Signature Kit, through an automated mechanism: the holder accesses a specific link received by email and, on the opened page, completes the requested information and the generation code. The instructions and the generation code are included in the envelope containing the Signature Kit, sent by certSIGN;

physical document, secured, transmitted by certSIGN, by courier , to the postal address indicated when purchasing the certificate . The document is sent in an envelope separate from the envelope containing the Signature Kit.

The electronic signature is performed using a qualified digital certificate stored in the CLOUD, and to use the certificate in the CLOUD, the usage mechanism must first be configured.

After the video identification session has been accepted, the configurations prior to issuing the certificate can be performed, going through the steps in this order:

Configure the signature authorization mechanism according to the instructions in the email “paperLESS : Configure authorization mechanism”:

Check the email address declared when purchasing the certificate and follow the instructions received;
Install one of the free authorization apps Microsoft Authenticator or Google Authenticator on your phone , from Google Play or the App Store;
Associates the signature authorization application with the holder’s cloud account;

Activate the cloud account according to the instructions in the “paperLESS email webSIGN : Account creation invitation”

Check the email address declared when purchasing the certificate and follow the instructions received;
Complete and validate the phone number associated with the account on the cloud platform;
Set the cloud account password;

The certificate is issued upon first login to the cloud account . In the opened page, enter the authorization code generated by the application on the phone.

Unassisted video identification is an important element in the process of obtaining a qualified digital certificate for electronic signature. Issuance is possible only after identifying the holder of the qualified digital certificate, based on the identity document.

The identification procedure is simple but strict . It can be started after paying for the certificate and receiving the unique link to open the video identification session.
Throughout the session, you must be the only person appearing in front of the video camera.
The page opened in the browser, by accessing the link, will request access to microphone and camera The session can only be continued if access is allowed . We recommend using the Google Chrome browser.

After completion, the video identification session must be validated by certSIGN. Our response will be sent within 24 hours, by email. If the session:

It has been accepted , you will receive information by email regarding how you will receive the electronic signature certificate;
It could NOT be validated or was interrupted, for whatever reason, you will receive the necessary instructions by email to resume and/or complete the process. It will not be necessary to resume the payment.

Watch this video that presents the conditions that must be respected during video identification .

We remind you that, to perform video identification, the following are necessary:

video camera and microphone – you can use any laptop/desktop/phone/tablet that has a video camera with a minimum resolution of 2 mega pixels;
internet connection – we recommend 4G/5G mobile data network, with Wi -Fi turned off.
mobile phone – during video identification you will receive a numeric code via SMS that will be requested by the identification application;
original identity document * – you will need to present it to the video camera during the identification session.

* The list of accepted identity documents for video identification is available HERE .

In this area, certSIGN provides services such as:

providing card-based digital identity and related solutions and services;
services for guaranteeing identity in blockchain, certME;

Products and services

We are best known for our electronic signature services, but our expertise covers areas such as digital identity, organizational and work device security, and archiving.

Research and innovation

At certSIGN, we align the theoretical aspects of technology with the needs of society, through national and European research programs and, at the same time, through private investment programs.

Cryptographic devices- certSIGN

Cryptographic devices

READ the information presented in relation to the topic you are interested in or SEARCH the information you need on the website.

CITEȘTE informațiile prezentate în legătură cu subiectul care te interesează sau CAUTĂ pe site informațiile de care ai nevoie.