Digital Certification Authority (LankaSign) / FAQ
  • LANKASIGN is the flagship brand of LankaClear under which WEB & Digital Security services are offered to the market. As a Digital Certification Service Provider (CSP) LankaClear provides the most secured Cryptographic Solutions through LankaSign.
  • A Certification Service Provider (CSP) is an entity that is authorized to issue Digital Certificates for the country. The Digital Certificate certifies the ownership of a Public Key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the Private Key that corresponds to the Public Key that is certified.
    Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key. In public key cryptography, the private key is kept secret, while the public key may be widely distributed. In a sense, one key "locks"; while the other is required to unlock it.
    LankaSign operates under the Laws of Sri Lanka and any disputes would be addressed under the Laws of Sri Lanka whereas foreign Certification Service Providers would be operating under the jurisdictions of foreign countries.
    LankaSign operates under the legal provisions of the Electronic Transactions Act No. 19 of 2006.
    LankaSign Root signing key pairs Security is ensured up to FIPS-140-2 Level 3 standards while the entire LankaSign CSP adheres to ISO 27001 : 2005 Security Standards. Further LankaSign is issuing Crypto Tokens to securely generate and store Digital Certificates for Email Signing, Document Signing & Encrypting.
    A Crypto Token is a lightweight USB token, providing a strong authentication solution. It is a highly portable device that provides unparalleled security for your Digital Certificates, Email Encryption, online System Authentication, Secure Operating System log-on requirements and other Public Key Infrastructure (PKI) applications. This enables the device to provide the ultimate security for many applications.

    LankaSign provides Digital Certificates for the flowing purposes;

    a. SSL Certificates for Web Servers

    SSL Certificates are small data files that digitally bind a cryptographic key to an organisation’s details. When installed on a web server, it activates the padlock and the https protocol (over port 443) and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites. .

    b. Digital Certificates for Email Signing, Document Signing & Encrypting

    These Certificates allows you to digitally sign Documents and Email documents. A Digital Signature is the virtual equivalent of a wet Ink Signature, carrying the signer’s identity and assuring the reader of the document’s integrity. Placing a Digital Signature on a document proves the information originated with the signer and has not been altered, allowing secure electronic document workflows to replace tedious, paper-based processes.

    c. Customized Digital Certificates for Software Application

    These Certificates are being issued for the financial sector for their need of securing electronic transactions and internal Software Application. Currently all the Commercial Banks operating in Sri Lanka is using such certificates for CITS and SLIPS systems.

    Yes Of course. If you are an employee of a registered business entity in Sri Lanka, you are eligible to obtain a Digital Certificate from LankaSign.
    Yes . LankaSign is willing to demonstrate how LankaSign Digital Certificates can be integrated to your business entity, system requirement, security requirements, etc. Please call LankaSign 24X7 helpdesk for more details.
    Please call LankaSign 24X7 Helpdesk on 0112356900 / 0112356999 or write to us on helpdesk@lankaclear.com
    The primary activity of a CA is to issue certificates. The primary role of the CA is to check the identity of the entity owning a certificate and to confirm the integrity of any certificate it issued. Providing a communication infrastructure is not a CA activity. The secret keys belonging to the certificates would not be archived at the CA. The CA can contribute to authenticating the communicating partners to each other, but the CA is not involved in the communication stream itself.
    PKl is the administrative infrastructure for digital certificates and encryption key pairs. The qualities of an acceptable digital signature are: it is unique to the person using it; it is capable of verification; it is under the sole control of the person using it; and it is linked to data in such a manner that if data are changed, the digital signature is invalidated. PKl meets these tests. The Data Encryption Standard (DES) is the most common private key cryptographic system. DES does not address no repudiation . A MAC is a cryptographic value calculated by passing an entire message through a cipher system. The sender attaches the MAC before transmission and the receiver recalculates the MAC and compares it to the sent MAC. If the two MACs are not equal, this indicates that the message has been altered during transmission; it has nothing to do with no repudiation. A PIN is a type of password, a secret number assigned to an individual that, in conjunction with some other means of identification, serves to verify the authenticity of the individual.
    The Online Certificate Status Protocol (OCSP) is the protocol used by browsers to obtain the revocation status of a digital certificate attached to a website. Naturally OCSP speed is considered one of the main criteria for quality, as browsers reach out to web servers and confirm that the SSL certificate is valid.

    If the certificate revocation list (CRL) is not current, there could be a digital certificate that is not revoked that could be used for unauthorized or fraudulent activities. The certificate authority (CA) can assume the responsibility if there is no registration authority (RA). Digital certificates containing a public key that is used to encrypt messages and verifying digital signatures is not a risk. Subscribers reporting key compromises to the CA is not a risk since reporting this to the CA enables the CA to take appropriate action.
    A certificate authority (CA) is a network authority that issues and manages security credentials and public keys for message encryption. As a part of the public key infrastructure, a CA checks with a registration authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor’s information, the CA can issue a certificate. The CA signs the certificate with its private key for distribution to the user. Upon receipt, the user will decrypt the certificate with the CA’s public key.
    The certificate authority maintains a directory of digital certificates for the reference of those receiving them, it manages the certificate life cycle, including certificate directory maintenance and certificate revocation list maintenance and publication. Choice A is not correct because a registration authority is an optional entity that is responsible for the administrative tasks associated with registering the end entity that is the subject of the certificate issued by the CA. Choice C is incorrect since a CRL is an instrument for checking the continued validity of the certificates for which the CA has responsibility. Choice D is incorrect because a certification practice statement is a detailed set of rules governing the certificate authority’s operations.
    None repudiation services provide evidence that a specific action occurred. None repudiation services are similar to their weaker proof counterparts, i.e., proof of submission, proof of delivery and message origin authentication. However, none repudiation provides stronger evidence because the proof can be demonstrated to a third party. Digital signatures are used to provide none repudiation . Message origination authentication will only confirm the source of the message and does not confirm the specification that has been completed.