Class A – ESigA (natural persons)
Here you will find information on the class A certificates for natural persons (in accordance with the ESigA).
Class A certificates can only be used in combination with a qualified and authorised signature application.
The Swiss Government PKI issues certificates in accordance with the current provisions of the Federal Act on Electronic Signatures (ESigA).
Certificate content
The certificate issued by the Swiss Government PKI contains the following information:
- Certificate owner (full name, email address)
- Certification authority (issuer)
- Certificate fingerprint
- Certificate validity
- Serial number
The information in the certificate cannot be changed. If there is a change in the owner's name or email address, for example, the keys and the certificate must be reissued.
Certificate owner
The certificate owner is the person for whom a qualified certificate has been issued. This person acts on behalf of an organisation (Federal Administration, cantons) and, because of this activity, requires a Swiss Government PKI certificate issued in accordance with the ESigA (Federal Act on Electronic Signatures).
Requester verification
- In order to guarantee the correctness of the link between a public key and a requester, the Swiss Government PKI must verify the requester's identity by means of personal identification and official documents (valid passport or ID card).
- The local registration office is tasked with identifying the requester and compiling the information required for issuing a certificate.
- Identity documents from neighbouring countries (Germany, Austria, France, Italy and Lichtenstein) can be accepted for identification purposes. Other identity documents recognised by Switzerland as valid travel documents can be found on the website of the State Secretariat for Migration SEM under Alphabetical list of countries.
Ownership of the private key
Signature server
The private key of the qualified certificate is stored on a Swiss Government PKI server, a hardware security module (HSM).
Use of the key and the certificate by the owner
The signature key and the associated qualified certificate may be used solely for generating and verifying electronically qualified signatures on documents. The list of applications with which the certificates may be used is published in the section "Standards and rules".
Use of the key by the owner is subject to the conditions set out in the user agreement and terms of use for class A certificates, and in particular:
- Owners may use their private key solely for the intended purposes and with the approved application (DesktopSigner).
- Owners shall have the basic knowledge required for using the signature key and certificate appropriately.
- Owners must keep up to date with their responsibilities and obligations, as set out in the certificate practice statement.
- Owners bear sole responsibility for their key and the signature device. They must take the necessary precautions to prevent loss, dissemination to third parties, alteration and unauthorised use.
- If it is suspected or discovered that the private key has been compromised, owners must immediately inform the local registration office, in order to block the use of the (certificate's) cryptographic key.
- Owners must arrange to have their certificate revoked if the information contained in it is no longer valid.
Certificate renewal
The certificates are valid for three years, unless revoked beforehand. The certificate renewal process is the same as that for initial certificate issuance.
Revocation
Signature service
- In the signature service, the expression of intent is initiated via the advanced class B certificate (personal smart card used to log in to a PC) or the MobileID.
- In the event of a change of the class B certificate due to new issuance or renewal, the SG PKI must be notified
Klasse A Willensbekundung: Neues Klasse B hinterlegen (admin.ch) - Change the expression of intent to MobileID
Klasse A Willensbekundung: Wechsel auf MobileID (admin.ch)