eSignTrust Encipherment Certificate is designed for encrypting data. Encryption protects data against theft or disclosure to unintended parties.
Benefits of eSignTrust Encipherment Certificate:
- It encrypts data, messages and attachments to ensure content can be read by intended recipients only;
- It protects the message from tampering during transmission.
Encipherment Certificates are used for the following purposes only:
- To encrypt/decrypt electronic data;
- To send encrypted electronic messages to the Certificate Holder;
- To allow the Certificate Holder to decrypt messages;
- To allow the Certificate Holder to acknowledge the receipt of an encrypted message by sending an acknowledgement with a Digital Signature added to it to confirm the identity of the recipient.
Further, the Private Key of this type of Certificate is not allowed for Digital Signatures. It can only be used for Data Encryption.
Taking into consideration the different needs and rights of individual users and corporations, eSignTrust provides several types of Encipherment Certificate.
- Personal Encipherment Certificate - is intended for a natural person with valid proof of identity.
- Corporate Encipherment Certificate - is designed for authorized personnel of a company, enterprise, institution or association etc, with a valid business registration certificate issued by Government of Macao SAR or a legal registered unit in Macao.
- Government Encipherment Certificate – will be used by authorized personnel of a government agency or department.
- For organisation unit of a Government Agency or Department and Corporation.
Certificates of this type are issued to the public administration agencies or valid-registered units in Macao SAR, with designated Email, e.g. admin@department.gov.mo or sales@company.com.
Personal User | Government/Corporate User |
Please follow the instructions shown below:
Documents required:
If applicable:
|
Please follow the instructions shown below:
Documents required:
If applicable:
|
Applicants can make appointments for the electronic certificate service through the "Macao One Account - Appointment for counter service".
Your eSignTrust Certificate is an important electronic ID for use on the Internet. If the information in your Certificate is no longer valid or your Certificate is lost, damaged, suspected to have been compromised, or stolen, you should by yourself or request eSignTrust to revoke your Certificate immediately.。
How to Revoke an Encipherment Certificate
A Subscriber may revoke his/her Encipherment Certificates in the following ways:
- Online Revocation. You may just go to here and follow the instructions to revoke your own certificates online, or revoke the certificate in your "Macao One Account".
- Request eSignTrust. You may phone eSignTrust to request or you may submit a Certificate Suspension/Revocation Request Form to eSignTrust by fax, postal mail, email or in-person at our Registration Authority to revoke your Certificate.
Certificate Status Update after Suspension or Revocation
The certificate status update is immediate via our OCSP Service (Online Certificate Status Protocol) or Online Search Pages. You may go to Certificate Status and Information in our Repository to look for the real-time status of any eSignTrust Certificates.
Optionally, you may obtain the information via Certificate Revocation List also in our Repository to which the certificate status update is published for access by the public in a daily basis. Your revoked certificate will be updated to the latest CRL in next publishing.
To know more our practices, please read our Certification Practice Statement (CPS).
If an Encipherment Certificate Holder’s Private Key is lost, a person, organisation and businesses must still be able to recover data that the person/employee had encrypted before, which can only be done by recovering the Encipherment Private Key. Reasons for key recovery may include a person/employee forgetting a password to unlock an encrypted file, the resignation/unavailability of an employee who has encrypted some information, or someone attempting to hide criminal activity from law enforcement officials. To ensure the ability to recover encrypted data, Encipherment Private Keys must be backed up and stored securely.
Note, however, that Signing Keys, i.e., keys used for Electronic Signatures, should not be backed up (in the case of Qualified Certificate, the Private Key cannot be backed up in any ways), since doing so prevents from ensuring Non-Repudiation. If anyone other than a particular holder has a copy of a Signing Key, then that holder can claim that someone else supplied the signature on a contested document. If a holder loses a Signing Key, a new key and associated certificate can be easily generated.
Application Procedures
Personal User | Government/Corporate User |
Please follow the instructions shown below:
|
Please follow the instructions shown below:
|
Key Recovery Service
The Encipherment Private Key Recovery Service can only be taken place in the MPKI Control Centre using the Onsite Administrator Certificate and the RAO Client Administrator Certificate simultaneously. To retrieve the Private Encryption Key, our authorized staff will perform the following under a dual control.
- The MPKI administrator logs into the MPKI Control Centre with the Onsite Administrator Certificate and select the Encipherment Certificate to be retrieved;
- The MPKI administrator should verify the certificate details before approval of the Key Recovery;
- The MPKI administrator approves the Key Recovery of the selected Encipherment Certificate;
- The MPKI RAO logs into the MPKI Control Centre and continue the Key Recovery of the Encipherment Certificate;
- A file contained the Private Encryption Key will be generated once the Key Recovery process is done. The certificate holder can store the file in a storage device and record the password of the file;
- The Encipherment Private Key Recovery Service is done.
Certificate Pricing
Description | Price (MOP) | Validity | Assurance / Liability Limits (MOP) |
Encipherment Certificate | $100.00 / year | 3 years | $50,000.00 |
Encipherment Key Recovery
Description | Price (MOP) |
Encipherment Key Recovery Service | $50.00 (Each) |
- Application for Personal Certificate
- Application for Government/Corporate Certificate
- Supplementary Sheet – Application for Government/Corporate Certificate (Authorised User Details)
- Supplementary Sheet – Application for Government/Corporate Encipherment Certificate (For Unit)
- Certificate Suspension/Revocation Request Form
- Archived Encipherment Private Key Retrieval Request Form
Certificate holders can apply for the following matters through the Electronic Certificate Service in "Macao One Account". Users must have opened a "Macao One Account" account. Please click this link to download the "Macao One Account" mobile application.
- Certificate revocation (applicable to electronic certificate holders)
- Annual fee payment (applicable to electronic certificate holders, the items accepted for payment must be the annual fee for personal certificates)
- My Certificate (Applicable to electronic certificate holders)
Service guide: Please refer to the guide on matters related to the "Macao ONE Account" Electronic Certificate Service.