MeSign Forum

SMF - Just Installed!

Lesson 8 -- Difference between Encrypting Certificate and Signing Certificate
Read 2488 times
* October 23, 2019, 06:32:03 AM
In lesson 5, we have discussed the usability of encrypting certificate and legal effect of signing certificate. MeSince deploys these two certificates for users.

Today, we will further discuss the difference between the two.

When user successfully signs in his email on MeSince, an 39-month encrypting certificate, and a 13-month signing certificate will be issued and installed automatically to his account in MeSince. As the screenshots below show, the key usage of the encrypting certificate is Key Encipherment, while the same place of the signing certificate contains Digital Signature and Non-Repudiation. The former is used for encryption and the latter is used for signing and timestamping.

If the user has applied and validated by V2, V3 or V4 validation, a V2, V3 or V4 certificate will also be issued and installed for him. These are all signing certificate but the validation levels are different. There can be multiple signing certificates for one email account and one signing certificate can have different language versions.

Signing certificate is generated and stored in local device, so if user switches to another machine, MeSince will issue a new one for the account. On the contrary, the encrypting certificate will not change among different devices, which is to ensure that on every device, all the previous encrypted emails can be deciphered.

As discussed above, basically, one device, one signing certificate. When an email account is signed in on a new device, MeSince will automatically send an encrypted email, whose subject is “New device used MeSince” to remind email account owner of the new device signing in. This email cannot be deciphered on the new device by any means. Only the previous devices can decipher it. Therefore, if you switch to another device and receive an email like this, don’t worry about it. It’s only a reminding email.