Download Installers
Signature Capability Verification
Guides and Manuals

What is Digital Signature?

It is a method that binds one citizen’s identity with a digital message or document, to uniquely identify its author, and ensure its integrity. One document’s digital signature is the result of applying mathematical algorithms to its contents, which produce a binary sequence that could only be created by the owner of the digital certificate.

Digital signatures are based on the cryptographical concepts of asymmetric encryption and
public/private key cypher systems, which can be defined as follows:
Asymmetric Encryption: an encryption method that ciphers using a key completely
different from the one used to decipher. The strength of this method lies in that: (a) it is
extraordinarily difficult to compute one key from the other, and (b) it is extraordinarily
difficult to produce a key from the encrypted data.

Public/Private Key: the private key is known only by the person who signs, while the
public key is made known to everyone (it is usually published). Not only is it safe to
publish it, but in certain situations it may be necessary.

The digital signature uses the aforementioned method to generate a hash that
uniquely corresponds to both the document being protected and the citizen's private
key. Since everyone has access to your public key, this means anyone can verify the
document's hash and be assured that you were the person who actually signed it.

(By "extraordinarily difficult," we refer to operations that would take millions of years to
complete using today’s available computational power.)

To verify a digital signature, it is also necessary to ensure the validity of the digital
certificate itself, including its current status (e.g., whether it has been revoked or has
expired), and that its assigned usage is appropriate for the intended function (e.g.,
signing or non-repudiation).

The term non-repudiation refers to the principle that a person cannot deny the validity
of a contract or document they have created (for example, claiming that a handwritten
signature is not their own). In the context of digital signatures, it means that a person
cannot deny having digitally signed a document while also asserting that their private
key remains secure. This emphasizes the critical importance of keeping your private key
confidential and protecting it with the utmost care.

To digitally sign a document, you must possess a digital certificate issued by a registered Certification Authority, which must be securely stored in a FIPS level 2-compliant smart card. These smartcards protect your secret private key.

The following diagram illustrates how the process of signing digitally a document works, and how verifications are made:

howto digital sign

To digitally sign a document:

  • The original document is processed to obtain a hash (it's similar to a summary of the document. If the document changes even by one byte, the resulting hash will be completely different).
  • The hash is encrypted using the signer's private key (this is called document signature).
  • Both the signature and the public key are attached to the original document (so anybody can test the validity of the signature).

To verify the signature:

  • From the signed document, the original document is extracted. The same hash function is applied to obtain the hash.
  • Also, from the signed document, the document signature and the signer's public key are extracted.
  • The document signature is decrypted using the signer's public key. This produces a second hash.
  • Next step is to compare the hashes from steps 1 and 3. If they match, then the signature is valid.

Also, this process must successfully validate that the person's certificate is trustworthy. To ensure this, we make sure that:

  • The certificate that was used allows for digital signature and non-repudiation.
  • The certificate has not expired.
  • The certificate hasn't been revoked.
  • The certificate was issued by a trusted and reknown certification authority.
  • That the information inside the certificate complies with the policies issued by the certification authority.

The Central Bank of Costa Rica successfully completed a process of change in the issuance of digital signature certificates that improve safety, increase the life of the certificates, can have more than one certificate and their respective card per person and also reduced airtime and delivery thereof.

Using the digital signature prevents the owner will have to physically sign documents or request services, which saves you money and reduces time in the execution of procedures.

On improving security, this was consolidated as of June 20 when all digital signature certificates began to be issued using more robust encryption algorithms based on the SHA-2 family, which provide improved security and get it card issuing digital signature in our country is level with the highest international standards, without this meaning that the cards issued before that date are unsafe.

We are doubling the life of the certificates we issue, from 2 to 4 years, this represents a significant improvement for people decreasing the number of times to be submitted to a station office for their ability to authentication and signature. Also, thanks to software changes and emission processes we reduced the time to have the cards digital signature within 15 minutes, which also optimizes the emissivity of each issuing office and therefore the system as a whole.

Thanks to the policy change digital signature issued by the MICITT and infrastructure preparation emission BCCR, people who so wish can get the amount of cards digital signature they deem necessary for their personal or business procedures.

In addition to these improvements, we put into operation the service of issuing digital signature certificates for legal persons (companies and institutions), so that a legal person interested in obtaining one of these certificates can from and apply to e cos@bccr.fi .cr Operations Center SINPE.

To date, we have issued approximately 160,000 digital signature certificates that Costa Ricans can use in more than 60 institutions, public, banking and trade that have available more than 100 services that make use of this important tool.

With these changes the Central Bank of Costa Rica supports the Presidential Directive No. 67-MICITT-H-MEIC “Overcrowding of implementation and use of Digital Signature in the Costa Rican Public Sector” and also the guidelines for client authentication and authorization transactions in electronic channels, recently issued by the Superintendent of Financial Institutions, according SUGEF18-16: “Regulation on operational risk management.” Both regulations recognize the right of citizens to obtain government services and financial institutions electronically, by accessing them directly from your home or office, reducing them risks and costs and thus contribute to improving their quality of life.

Sincerely,

Carlos Melegatti S., director

PAYMENT SYSTEMS DIVISION

Where can you obtain your digital signature?

There are many registry offices where you can get your Digital Signature. For more details, please visit the Official List of Registry Offices of the Central Bank of Costa Rica

See List