eSignTrust Encipherment Certificate is designed for encrypting data. Encryption protects data against theft or disclosure to unintended parties.

Benefits of eSignTrust Encipherment Certificate:

• It encrypts data, messages and attachments to ensure content can be read by intended recipients only;
• It protects the message from tampering during transmission.

 

Encipherment Certificates are used for the following purposes only:

• To encrypt/decrypt electronic data;
• To send encrypted electronic messages to the Certificate Holder;
• To allow the Certificate Holder to decrypt messages;
• To allow the Certificate Holder to acknowledge the receipt of an encrypted message by sending an acknowledgement with a Digital Signature added to it to confirm the identity of the recipient.

Further, the Private Key of this type of Certificate is not allowed for Digital Signatures. It can only be used for Data Encryption.

 

Taking into consideration the different needs and rights of individual users and corporations, eSignTrust provides several types of Encipherment Certificate.

• Personal Encipherment Certificate - is intended for a natural person with valid proof of identity.
• Corporate Encipherment Certificate - is designed for authorized personnel of a company, enterprise, institution or association etc, with a valid business registration certificate issued by Government of Macao SAR or a legal registered unit in Macao.
• Government Encipherment Certificate – will be used by authorized personnel of a government agency or department.
• For organisation unit of a Government Agency or Department and Corporation.
  Certificates of this type are issued to the public administration agencies or valid-registered units in Macao SAR, with designated Email, e.g. admin@department.gov.mo or sales@company.com.

 

Personal User

Government/Corporate User

Please follow the instructions shown below: Download eSignTrust Personal Certificate Application Form (which is also available in eSignTrust RA Office), and Submit the completed form in person with an original identification document at eSignTrust RA Office. Alternatively, you can submit the form by postal mail, fax or electronically by email, so your application can be pre-processed; then you will be notified to come to our office, at a time of your convenience. Documents required: Photocopy of Subscriber’s Macao BIR or valid passport/ID document (required to show the original document). If applicable: Original of Procuration related to Subscriber, or notarised copy, when required; Original of Professional Qualification Certificate, or notarised copy, when required.

Please follow the instructions shown below: Download the following Application Forms (which are also available in eSignTrust RA Office): eSignTrust Government / Corporate Certificate Application Form, and Supplementary Sheet – Government / Corporate Certificate Application for Authorised Users, or Supplementary Sheet – Application for Government/Corporate Encipherment Certificate (For Unit). And submit the completed forms with the required original or notarized copy of documents at eSignTrust RA Office; Alternatively, you can submit the forms by postal mail, fax or electronically by email, so your application can be pre-processed; then you will be notified to come to our office, at a time of your convenience. Documents required: Photocopy of Authorised Delegate’s, Contact Person’s and all Authorised Users’ ID Card (Please show the original document, if necessary); Business Registration Certificate; Photocopy of "Initial Activity/Alteration Declaration" M/1 format of Industrial Tax, "Inscription and Alteration" M/2 format of Professional Tax or "Levied Form" M/8 format of Industrial Tax (Please show the original document, if necessary). If applicable: Notarised copy of the articles of association, when required; Original of Board or Shareholders meeting’s Minutes, or notarised copy, when required; Original of Procuration related to Authorised User, or notarised copy, when required; Original of Professional Qualification Certificate of Authorised User, or notarised copy, when required.

 

Applicants can make appointments for the electronic certificate service through the "Macao One Account - Appointment for counter service".

 

Your eSignTrust Certificate is an important electronic ID for use on the Internet. If the information in your Certificate is no longer valid or your Certificate is lost, damaged, suspected to have been compromised, or stolen, you should by yourself or request eSignTrust to revoke your Certificate immediately.。

How to Revoke an Encipherment Certificate

A Subscriber may revoke his/her Encipherment Certificates in the following ways:

• Online Revocation. You may just go to here and follow the instructions to revoke your own certificates online, or revoke the certificate in your "Macao One Account".
• Request eSignTrust. You may phone eSignTrust to request or you may submit a Certificate Suspension/Revocation Request Form to eSignTrust by fax, postal mail, email or in-person at our Registration Authority to revoke your Certificate.

Certificate Status Update after Suspension or Revocation

The certificate status update is immediate via our OCSP Service (Online Certificate Status Protocol) or Online Search Pages. You may go to Certificate Status and Information in our Repository to look for the real-time status of any eSignTrust Certificates.

Optionally, you may obtain the information via Certificate Revocation List also in our Repository to which the certificate status update is published for access by the public in a daily basis. Your revoked certificate will be updated to the latest CRL in next publishing.

To know more our practices, please read our Certification Practice Statement (CPS).

 

If an Encipherment Certificate Holder’s Private Key is lost, a person, organisation and businesses must still be able to recover data that the person/employee had encrypted before, which can only be done by recovering the Encipherment Private Key. Reasons for key recovery may include a person/employee forgetting a password to unlock an encrypted file, the resignation/unavailability of an employee who has encrypted some information, or someone attempting to hide criminal activity from law enforcement officials. To ensure the ability to recover encrypted data, Encipherment Private Keys must be backed up and stored securely.

 

Note, however, that Signing Keys, i.e., keys used for Electronic Signatures, should not be backed up (in the case of Qualified Certificate, the Private Key cannot be backed up in any ways), since doing so prevents from ensuring Non-Repudiation. If anyone other than a particular holder has a copy of a Signing Key, then that holder can claim that someone else supplied the signature on a contested document. If a holder loses a Signing Key, a new key and associated certificate can be easily generated.

Application Procedures

Personal User

Government/Corporate User

Please follow the instructions shown below: Download the Archived Encipherment Private Key Retrieval Request Form, and Submit the completed form with your identification document in person at eSignTrust RA Office; Alternatively, you can submit the form electronically by email, so your request can be pre-processed; then you will be notified to come to our office, at a time of your convenience.

Please follow the instructions shown below: Download the Archived Encipherment Private Key Retrieval Request Form, and Submit the completed form with your identification document in person at eSignTrust RA Office; Alternatively, you can either postal mail/fax the completed form or email the electronically signed form. After your request is processed, the Encipherment Private Key will be sent by email encrypted to the indicated recipient.

 

Key Recovery Service

The Encipherment Private Key Recovery Service can only be taken place in the MPKI Control Centre using the Onsite Administrator Certificate and the RAO Client Administrator Certificate simultaneously. To retrieve the Private Encryption Key, our authorized staff will perform the following under a dual control.

 

1. The MPKI administrator logs into the MPKI Control Centre with the Onsite Administrator Certificate and select the Encipherment Certificate to be retrieved;
2. The MPKI administrator should verify the certificate details before approval of the Key Recovery;
3. The MPKI administrator approves the Key Recovery of the selected Encipherment Certificate;
4. The MPKI RAO logs into the MPKI Control Centre and continue the Key Recovery of the Encipherment Certificate;
5. A file contained the Private Encryption Key will be generated once the Key Recovery process is done. The certificate holder can store the file in a storage device and record the password of the file;
6. The Encipherment Private Key Recovery Service is done.

 

Certificate Pricing

Description	Price (MOP)	Validity	Assurance / Liability Limits (MOP)
Encipherment Certificate	$100.00 / year	3 years	$50,000.00

Encipherment Key Recovery

Description	Price (MOP)
Encipherment Key Recovery Service	$50.00 (Each)

 

• Application for Personal Certificate
• Application for Government/Corporate Certificate
• Supplementary Sheet – Application for Government/Corporate Certificate (Authorised User Details)
• Supplementary Sheet – Application for Government/Corporate Encipherment Certificate (For Unit)
• Certificate Suspension/Revocation Request Form
• Archived Encipherment Private Key Retrieval Request Form

 

Certificate holders can apply for the following matters through the Electronic Certificate Service in "Macao One Account". Users must have opened a "Macao One Account" account. Please click this link to download the "Macao One Account" mobile application.

 

1. Certificate revocation (applicable to electronic certificate holders)
2. Annual fee payment (applicable to electronic certificate holders, the items accepted for payment must be the annual fee for personal certificates)
3. My Certificate (Applicable to electronic certificate holders)

Service guide: Please refer to the guide on matters related to the "Macao ONE Account" Electronic Certificate Service.