General Information

What should I do if I forgot my PIN?

If you lost your smartcards password or PIN, you must schedule an appointment in a Registration Office authorized by Banco Central de Costa Rica, which will guide through the process that must be followed.

Please refer to the official list of registration offices published by Banco Central, to schedule an appointment.

What should I do if my card is locked?

If you failed to enter your password 6 times in a row, your card will become locked.

To unlock the smartcard you must schedule an appointment with an authorized registration office, which will guide you through the process that must be followed.

Please visit the list of registration offices published by Banco Central de Costa Rica, to schedule an appointment.

What should I do if my card was stolen or lost?

Please go to the following address Certificate Revocation by SINPE.

Answer several easy questions so that your card cannot be used by anyone else.

What should I do to get my own digital certificate?

You must schedule an appointment with an authorized registration office. Please look at the list of registration offices published by Banco Central de Costa Rica.

List of authorized registration offices.

Please check the official list of registration offices published by Banco Central de Costa Rica.

Can someone steal my private key from a document that I digitally signed?

No, it's impossible. The key that the document was signed with stays in your smartcard, and never leaves it. People will test your signature using your public key.

On the other hand, don't forget to protect and take care of your smartcard. Also, never reveal your password to anyone.

Tips for an appropriate use of your smartcard.

Please take into account the following hints when using your smartcard:

  • Always keep the card with you, or stored in a safe place. You must think of it as your personal identification card, or a bank card.
  • Never reveal your password to anyone, and never write it down anywhere. You must memorize the password.
  • In websites that use Digital Signature, always make sure you close the session, and always remove the card from the reader when you're finished. Never leave a connected card unattended.
  • Protect your card. It contains delicate components that may get damaged if not properly used.

I get an error saying that my certificate has expired.

This message can occur for several reasons:

  • Your certificate may actually have expired. Certificates usually have a 2 year validity.
  • If you are sure your certificate is still valid (and you haven't revoked it either), and still receive this error message, we suggest that you use our page to test your certificate (use the "Certificate Verification" link on the left panel).
  • If our page says that your certificate is valid, then it's likely that the error is related to the page you were using (bank, instituion). Get in touch with that institution to obtain feedback.
  • If every page fails with the same error (even ours), or if you receive error messages related to CRL or OCSP, then the problem may reside within the Banco Central itself. Please get in touch with their COS by calling 2243-4000.

Technical Information

What operating systems are supported?

  • Microsoft:
    • Windows XP with Service Pack 3 (Note that this operating system no longer has Microsoft support)
    • Windows Vista with Service Pack 1 or the newest.
    • Windows 7. Or the newest
    • Windows 8 or 8.1.
    • Windows 10
  • Linux:
    • Ubuntu 8.04 or the newest.
    • OpenSuse 11 or newest.
  • Mac: OS 10.7 or newest (for versions 10.11 or higher, it is recommended to have an approved reader, which are the V3C R or V3D)

Which Internet browsers are supported?

  • Microsoft Internet Explorer
  • Mozilla Firefox 5 or newest (Important to note that after version 51, Firefox stopped supporting some add-ons)
  • Microsoft Edge (This browser allows to authenticate on the platforms, but not to sign for browser development)
  • Google Chrome (This browser allows to authenticate on the platforms, but not to sign for browser development)
  • Opera (This browser allows to authenticate on the platforms, but not to sign for browser development)
  • Safari (This browser allows to authenticate on the platforms, but not to sign for browser development)

For security reasons, we strongly recommend that you always run the latest version of your favorite browser.

Note: Recently some platforms have developed signature mechanisms, which allow many of the aforementioned browsers to be used, both to authenticate and to sign; one of those mechanisms is the BCCR Signatory.

Can I install it in my pirated operating system?

We do not recommend using pirated software in any situation whatsoever. The most important concern is security. We cannot guarantee the proper function of digital signatures in an unsupported operating system, that receives no updates or patches, or is subject to modifications not allowed by the manufacturer.

There is no guarantee (either explicit or implicit) that Digital Signature software will work in an unlicensed operating system, and we cannot be held responsible for any unsupported feature, misbehavior or problem in the software. Be aware that you use pirated software under your own risk.

What is a hash or digest?

A digest or "hash" is mathematical summary that can be thought of as the equivalent of a thumbprint of a document. Existing algorithms, such as SHA-1 or MD5 are capable of generating thumbprints that are very senstive even to minor changes (that is, thumbprints created from two documents that differ only by one byte will differ greatly). Even though a thumbrprint is relatively small (SHA-1 produces 160-bit thumbprints, for example), it is nearly impossible to build a counterfeit document having the same thumbprint as a legitimate one. This is the reason that explains why these algorithms are chosen to be part of the digital signature process.

Why are asymmetric algorithms employed for digital signatures?

They're chosen due to the strength of the public/private key infrastructure system. Using these cypher methods, corresponding keys are extremely complex, and possess the feature that whatever was encrypted using one key, can only be decrypted by the other one.

On the other hand, asymmetric algorithms are rather slow, so it's normal that asymmetric keys are used only during the initial connection, and are employed to negotiate a symmetric key for a different algorithm (such as AES Rijndael), which is faster (as a matter of fact, SSL/TLS works this way).

Symmetric algorithms use the same key to encrypt and decrypt (however, on their own, they do not suffice for digital signatures).

What do you mean by public key and private key?

For your Digital Signature to work, it requires two different keys: a private one, which is secret and stays on your smartcard; and a public one, which all other people use to verify that you are who you say you are.

These two keys in combination help create a security system with these features:

  • Whatever is encrypted using the private key, can only be decrypted with the public key (you are the only person who can produce a cypher that your public key is capable of decyphering).
  • Whatever your private key signs, can only be verified with your public key (by publishing your public key, everybody can confirm that you, and only you, signed a document).
  • The encryption is assymetric. That is, the private key cannot decrypt what it encrypted, and the same happens with the public key. Only the combined effect of the two keys allows for decrypting and verifying signatures. Here's where the strength of the cryptosystem resides.

Using Digital Signature

Why should I use digital signatures?

The digital signature is a much safer alternative to the regular signatures you are used to (signing with your own hand). As defined by the law in Costa Rica, digital signatures are equivalent to regular signatures, and they also have the same legal value.

Your personal identification card contains your personal information, your signature, and a photography of you; however, these mechanisms have been consistently broken in fauds such as: counterfeit documents, fake signatures, and so on.

Digital signatures cannot be broken the same way as regular signatures, since they are based on the necessity of possessing two elements:

  1. Something that the person must physically have (the smartcard).
  2. Something that only the person knows or uniquely identifies her/him (a password, biometric controls, etc).

Security mechanisms in digital signatures are very strict, which makes the whole system less vulnerable to attacks.

What law supports the use of Digital Signature in Costa Rica?

Digital Signature is supported in Costa Rica by Law No. 8454.

Your verification page works fine, but I'm unable to use my bank's.

As providers of support services, we are commited to providing a system that allows citizes to test and verify that the smartcard and the key it contains are working correctly in your computer.

However, we do not participate in the development that each institution must go through to provide their own digital signature services. If you are experiencing difficulties with a website (but ours work fine), we suggest you get in contact with personnel from that institution.

How do I digitally sign a document?

For our customers, we provide several guides and manuals that will help you when signing a document digitally. To gain access to these guides:

  • Go to the "Botain Support" section in our page (fourth option in the main menu).
  • When that page finishes loading, find a section called "Guides and manuals". Either click on the link or on the image with the exclamation mark.
  • A new page will open. Type your smartcard serial number, and then choose the guide that you wish to open.

Note: the serial number is located in the card itself.

When using a digital signature-enabled website, the page says that the certificate is not present.

  • Make sure you have correctly installed the required drivers (if you haven't, please download the drivers by clicking on the "downloads" button on the left panel).
  • Make sure the card reader is connected and that it has been recognized by the operating system.
  • Make sure you inserted your card in the correct position, and that you fully inserted your card inside the reader (gently push it until it reaches the end). Depending on the brand of your reader, a LED may turn on indicating that a card has been correctly inserted.
  • Make sure you are using a supported operationg system and browser. You may encounter this error if you are using unsupported software.
  • Make sure you have properly configured your web browser (go to the Guides and manuals section in case of doubt).
    If these step do not help you fixing the problem, we suggest you download a guide to install the drivers for your operating system. To do this, jump to Guides and manuals.

If these guides do not help you solve your problem, please get in contact with our support center.