LankaSign Digital Certification Authority | Knowledge Center - Lanka Clear

Notice to our valued customers

In light of the coronavirus outbreak, we wish to inform our customer that we have facilitated below to provide convenience to you as much as possible and also as a measure to minimize travels which is a timely need of the country:

LankaSign CSP – Digital Certificates

For New Customers

Hard copies of corporate documents were accepted at LankaClear office at the BOC Tower, Colombo 1. Now the customers can submit scanned copies of corporate documents and the duly signed agreement online via our Helpdesk email.

Other conditions/requirements regarding the corporate documents and their due certification remain unchanged.

Ensure that all signatures and true copy sealing are in blue ink.

The duly executed agreement will be emailed to you via the same email address you have maintained to correspond with LankaClear.

Collection of the digital certificate, and the security token is from Lankaclear office in BOC Tower, Colombo 1.

For Existing Customers with Signed LankaSign Digital Certificates Subscriber Agreement
  1. For New Applications

    Hard copies of documents were accepted at LankaClear office at the BOC Tower, Colombo 1. Now the customers can submit scanned copies of new applications online via our Helpdesk email.

    Customers are encouraged to submit applications in advance due to the prevailing situation in the country.

    Collection of the digital certificate and the security token is from Lankaclear office in BOC Tower, Colombo 1.

  2. For Renewal Applications

    Hard copies of documents & security token were accepted at LankaClear office in BOC Tower. Now the customers can submit scanned copies of new applications online via LankaClear Helpdesk email and courier the security token.

    Helpdesk team will inform customers 30 days in advance of upcoming renewals. Customers are encouraged to submit applications in advance due to the prevailing situation in the country.

    Collection of the digital certificate and the security token is from our office in BOC Tower, Colombo 1.

    We’re actively working on moving the entire process online, i.e. to avoid the need for customers to physically submit & collect security tokens in which case the customer has the convenience of getting the digital certificate from home or office.

    Please visit https://www.lankaclear.com/knowledge-center/lankasign/ for more information.

Certificate Charges/Other Costs

There are no changes to applicable charges.

These Changes are in effect until further notice.
Thank you in advance for your corporation.

Overview and history

The Payment Industry in Sri Lanka has evolved towards greater efficiencies and customer centricities, which has resulted in high reliance on advance technology. The use of the Internet and electronic transactions has evolved rapidly in Sri Lanka facilitating greater customer convenience and attracting new customers, irrespective of their demographics. This is very evident by the high use of SLIPS (Sri Lanka Interbank Payment System) and other electronic payment systems and the growth in the use of Internet Banking.

Though advance technology brings about many advantages to financial institutions and its customers, it also brings in great risks of information security and electronic fraud. Therefore as the use of electronic payments (e-payments) increases, the need for advanced IT security infrastructure becomes critical in order to prevent the risks associated with information security and unauthorized access.

Authentication is a critical issue for users of electronic commerce. Banks must have confidence in the authenticity and the integrity of an electronic transaction received from another bank. This can be achieved through the use of Digital Signatures. Digital Signatures are aimed at achieving a higher level of trust where physical signatures are not possible. Digital signing helps the recipient of the electronic transaction to know with certainty that it was originated by the party who claims who they are and that no changes have been made after the transaction has been signed.

Recognizing this need the Central Bank of Sri Lanka requested LankaClear (Pvt.) Ltd. (LCPL) to be the financial sector Certification Service Provider (CSP). LCPL launched Sri Lanka's first Certification Authority under the brand name LankaSign in accordance with the Electronic Transaction Act, No.19 of 2006 on May-22-2009. A CSP is an authority on a network that issues and manages security credentials and public -private key pair's for message signing and encryption. As part of a public key infrastructure (PKI), a CSP checks with a Registration Authority (RA) to verify information provided by the requestor of a Digital Certificate. If the RA verifies the requestor's information, the CA can then issue a Digital Certificate that can be used for the purpose of signing and encrypting electronic transactions.

LankaSign in its first phase started providing digital certificates to Banks to be used in financial transaction clearing systems, such as SLIPS and CITS (Cheque Imaging and Truncation System), where the CSP and Public Key Infrastructure (PKI) was made available on LCPL's Virtual Private Network (VPN).

On 9th February 2011 LankaSign launched its second phase of providing digital certificates for all financial sector enterprise applications, SSL Certificates and end Users (E-mail/Document signing Certificates) on both private and public networks. This adds great value to the financial sector in Sri Lanka as using digital certificates of Lankasign will save the country its valuable foreign exchange where the other alternative is to procurer Certificates from foreign CSPs at a much higher cost. With LankaSign’s expansion it is now providing a customer focused local service and solutions to reduce document management overheads associated with managing physical documents, as well as promoting Green initiatives.

Currently LankaSign is widely used in almost all financial sector organizations as well as few other sectors for automating their documentation process by digitally signing electronic copies of documents and adding high security for electronic documentation exchange process. As the next phase in their expansion plan, with a major upgrade to their system, LankaSign is now capable of providing digital certificates in real-time for mobile based payment applications for digitally signing and authenticating electronic documents. This has been enabled by a common API developed by LankaSign, which can be easily integrated with such mobile payment applications via a Software Development Kit (SDK) that is freely distributed to such developers.

Aligning with the Electronic Transaction Act, No.19 of 2006, LankaSign follows a stringent process on validating the certificate users and their respective organizations before issuing a digital certificate. Due to its high security standards, LankaSign was able to obtain certification on ISO 27001:2013 for its Information Security Management System in the year 2015.

LankaSign is not only a significant milestone in the ICT industry of Sri Lanka, but also encourages more institutions in all sectors to adopt cost effective digital certificate based technology to achieve a greater level of information security for all their electronic communications and transactions.

All you need to know about LankaSign

General FAQs

1. Is digital signature recognized by Sri Lankan court of law?
Yes, it’s recognized according to Electronic Transactions Act No.19 of 2006 amended by Act No.25 of 2017

2. If a printout of the digitally signed document is given, can we verify whether it is digitally signed?
No. The document must be in original soft form to verify the digital signature.

3. Can a scanned document/image be digitally signed?
Yes. Any document in soft form can be digitally signed.

4. What will happen if I change a digitally signed document?
The existing digital signature will not be valid anymore and it will be indicated that the document had been modified.

5. What will happen if someone else changes the content of a digitally signed document?
Original signature will not be valid anymore and it will be indicated that the document had been modified.

6. Can I remove the digital signature from a document?
Yes but then the document cannot be considered as valid.

7. What is an electronic signature?
It is only an image of a signature that can be added to any document. An electronic signature can be copied and pasted and attached to other documents by anyone. An electronic signature doesn’t provide any document security and it doesn’t have a document verification process, or any tracking for changes made to the documents content after signing.

8. How is digital signature different?
Digital Signature is based on cryptographic technology which offers greater document security and signer authenticity. Each digital signature is unique to the signer and the document, you cannot copy and paste the signature from one document to another. If any changes are made to the document or the signature after signing is complete, this will be indicated in the document rendering the document invalid..

9. Between electronic signature and digital signature, which one is recommended?
There is some confusion regarding the difference between electronic and digital signature technology with people thinking the two are the same thing. However, the two signature types are different and it is important to understand how, otherwise your business could be exposed to additional risks. Digital signatures provide the necessary security controls and hence is the recommended solution.

10. What are some use cases of LankaSign digital certificates?
LankaSign digital certificates has broad uses including document/email signing, systems/applications integrations, mobile integrations, etc.
LankaSign document/email signing certificates can be used to sign/approve any digital document.

11. What will happen if I give my USB token and disclose the PIN to a third person?
He or She can (fraudulently) affix your digital signature.

12. What shall I do if I lose my USB token?
Immediately notify your organization and CSP (LankaClear Helpdesk)

13. What shall I do if I forget my PIN?
Contact your CSP to re-set your PIN.

14. What will happen if I try a wrong PIN multiple times or try the Admin PIN?
Security token PIN is known only to the user. If the user forgets the PIN by any chance, they can only attempt an incorrect PIN a limited number of times. After that the token gets locked and can only be unlocked by using an admin PIN after sending to LankaClear. Admin PIN is only for use of LankaClear. If the user attempts the admin PIN incorrectly, the security token will be permanently locked and unusable. This is intended behavior to ensure the security of digital certificate, so that it cannot be misused.

15. What shall I do if someone else gets to know my PIN?
Change your PIN

16. Do I need to change my PIN after receiving it from CSP?
Yes, it is recommended.

17. Can I take printouts of digitally signed documents and store them?
Cannot verify the digital signature validity if it is stored in printed format.
It must be stored in electronic format to be able to validate same..

18. What is the benefit of storing the digitally signed document?
Saves paper, saves space, cannot do unauthorized changes, very convenient and saves time

19. How can I obtain a digital certificate?
It should be obtained from an authorized/licensed Certification Serviced Provider (CSP) in Sri Lanka.

20. Can I use your digital certificates to automate my document management system or other workflow system?
Yes, you can. We will provide the digital certificates and general guidelines.

21. What is the recommended use of digital certificates within an automated system?
The certificates can be used in anyway within the application the developer and product owners wishes at the discretion of developer and product owners as per product, compliance, legal and other requirements as long as such functions does not violate rules and regulations of LankaSign CSP. LankaSign provides only the certificates and related token driver software and does not provide any other software/application related services or support.

22. How is my digital certificate provided to me?
It is provided in a security token which can be plugged to the USB port.

23. What’s the cost to obtain a digital certificate?
The security token is a one-time purchase and the digital certificate needs to be annually renewed. The security token and digital certificate should be purchased per user.

24. Why should I choose LankaSign CSP?
LankaSign is Sri Lanka’s first and the only Certification Authority established in accordance with the Electronic Transaction Act, No.19 of 2006 on May-22-2009. LankaSign complies with all the international requirements for commercial Certification Service Provider facilities along with ISO 27001:2013 certification.

25. How should I proceed to obtain a digital certificate from you?
Please refer to our How to Obtain Digital Certificates section for all necessary instructions and reach out to our helpdesk on helpdesk@lankaclear.com or 0112356999.

26. Should each new customer sign an Agreement with LankaClear in order to be eligible to apply for a digital signature?
Yes

27. Is the above mentioned Agreement a standard Agreement for all new customer who wish to apply for a digital certificate?
Yes

28. Is it possible to amend the above mentioned Agreement to suit each customer? who wish to apply for a digital certificate?
No, it is a standard Agreement. However, LankaClear reserves the right to update the Agreement from time to time.

29. Is there a different Agreement to be signed based on the purpose for which each customer may want to use the digital certificate?
No. There is one standard Agreement for all new customer who wish to apply for a digital certificate

30. Is the Agreement available as a download?
Yes.

Instructions for System Integration/Development

1. Get a proper understand about LankaSign including the introduction videos and presentation of LankaSign. Refer below URL and click to “All You Need to Know About LankaSign”
https://www.lankaclear.com/knowledge-center/lankasign/.

2. Get an understanding about LankaSign Summary Certification Practice and Summary Certificate Policy.
Please refer https://www.lankaclear.com/assets/images/knowledge-center/lankasign/cpscp/38-CSP-Summary-Certification-Practice-Statement-V3-1.pdf
https://www.lankaclear.com/assets/images/knowledge-center/lankasign/cpscp/lankasign-summary-certificate-policy-v3.1.pdf

3. Get the required PKI knowledge on key management practice which is a required pre-requisite for any development involving LankaSign.

4. Evaluate different token models that may be required for testing depending on the nature of integration or development.
Please refer Security Tokens support Operating System Compatibility.
https://www.lankaclear.com/assets/images/knowledge-center/lankasign/Security-Tokens-OS-Compatibility.pdf

5. Get an understanding about product installation and check the validity. Refer, “How to Obtain Digital Certificates” section of below URL:
https://www.lankaclear.com/knowledge-center/lankasign/

6. Get more technical details and answers through General FAQs section.

7. If you not already using LankaSign certificates, request test tokens & get an understanding on how the product off the shelf. Plan the system integration and development based on acquired knowledge on product and KPI knowledge.

8. Some generic test cases that can be used on your integration/automated system/development project are as below:
A general recommendation or test cases for use of certificates is provided below and the developers and product owners are advised to refer to all relevant LankaSign policies and procedure manuals for guidance in this regard. We always recommend the use of certificates with the security token. If required, you may request for certificates without the security token (HSM) subjected to internal approvals depending on the nature of system integration/development, however you will need to ensure the security of the certificates and also align with the guidelines on CSP policies and other compliance requirements.

  I. Ensure correct certificate extension is used
  II. Ensure Certificate Type is correct, i.e. SSL, Email Signing, Code Signing, etc.
  III. Ensure only the minimum required functionality is included in Key Usage and Extended Key Usage
  IV. Ensure certificate validations using OSCP/CRL is done to confirm the validity of the certificate prior to use of the certificate for any function/operation
  V. Check the need for any Special Attributes within the certificate
  VI. Ensure the Key Size is correct and as per requirement
  VII. Ensure the Issuer is LankaSign CSP

9. If you require any further support related to PKI knowledge sharing, coding, other integration and development support, we can provide you with necessary contact information of third party entities who provide such services.

If you have further questions or clarification, please reach out to our helpdesk on helpdesk@lankaclear.com or 0112356999.

Start using a LankaSign digital certificate

How to revoke your existing certificate ?

  1. Click here to download your Digital Certificate Revocation form

How to Check the Validity of the Signed Document ?

  1. Click here to Download the user manual
  2. Click here to Watch the Sinhala instructional video guide
  3. Click here to Watch the English instructional video guide

Please contact LankaClear through our hotlines 011 235 6900 / 011 235 6999 for more

How to enable Email Signing & Encryption ?

  1. Click here to download Email Signing & Encryption Document

LankaSign – summary certification practice statement & LankaSign – summary certificate policy

goto top